07.12.2019
Moscow Trip: Safety First
When talking about cyber and hybrid threats, disinformation campaigns or even the impact of artificial intelligence on the future of warfare – in short, my core passion as a politician and human being – one cannot really avoid mentioning the Kremlin’s involvement. Yet a lot of this talk is being done from the distant shelter of Brussels. Which is reasonable on the one hand, as one needs a base of operations, be it for legislation, scrutiny or oversight. However, combining office work with ‘field work’ appeals to me as a more effective approach, so that I won’t get stuck both physically and mentally – within the (in)famous EU bubble. That is why I am writing these words in an airplane seat, heading to Moscow. Why? And how did I prepare in line with my core topics?
I have been invited by Leonid Volkov, former campaign manager of political opposition activist, Alexej Navalnyj. I met Mr Volkov on a workshop in the European Parliament. He invited me for one particular reason – I introduced myself as a Pirate, and coincidentally he is hosting a conference on the freedom of the Internet, together with Russian Pirates, my fellow counter-parts (in a politically much more complicated environment). As a former international coordinator of the Czech Pirates I used to be in contact with those in Russia, thus it came to me as a natural desire to meet with these people in person. Nevertheless, also the opportunity to discuss the future of the Internet in Russia with people at the source and core activists in this country is too good to decline. I will report on the discussions at the conference later on and would like to first touch another topic and maybe give a few tips. How a digitally conscious politician approaches such a trip?
Faraday bags are no tinfoil hats scam. It blocks static electric field, which in practice effectively protects your phone or computer from any signals and therefore hostile intrusion. It effectively blocks all signals from your phone from reaching the state-controlled digital infrastructure in this beautiful country. As every phone has a unique identifier, simply having it on in a digitally hostile environment could for example signal your constant geolocation and thus endanger any people you might want to meet. Just turning your phone off might not be enough as it could be turned on remotely and without your knowledge. You want to protect your devices when not in use, purchase any kind of bag, pouch or box with a Faraday-blocking traits and store them in there. Then you ‘only’ have to deal with your online behavior and protection. The only thing I was worried about was the airport scan control and whether such items are allowed, but so far it seems at least Brussels Airport doesn’t care.
Though that is just the first step in prevention. Using your usual devices wouldn’t be too rational if you are afraid an intrusion might still happen. I thus decided to bring a burner phone without any data on it and a laptop which the IT department (DG ITEC) of the European Parliament so kindly provided to me a few months ago – and if it didn’t, I wouldn’t bring laptop at all. Does it sound like a madness to talk about security and then bring a parliamentary device? The trick is in the system: there are several layers of default protection, blocking even the user from for example downloading any apps, and provided with own parliamentary software. That doesn’t mean it is unbreachable, naturally. However, it means I don’t have any data on this computer and when I come back to Brussels, I can have the DG ITEC check the system and tell me if anyone interfered. Which wouldn’t be possible with my usual device.
Naturally, I also do not connect with any public network unless my trusted friends are providing it with all necessary VPN and security protection. It goes without saying that you should assume that your hotel room is surveilled and that your electronic devices will be breached if you leave them unattended in the room.
Do I go too far? Or is that insufficient protection? What I know for sure is that if I want to talk about privacy, data-protection, Internet freedom or cyber threats, I should lead by example. And follow examples of the more experienced. So – what about you? What measures are you implementing to protect your online, and consequentially even offline presence?