Mikko Hyppönen is a "white hat" hacker — one of the good guys. Since Edward Snowden's revelations about the NSA's widespread surveillance, he has become a leading critic of the agency's programs. Hyppönen says we shouldn't be willing to relinquish our privacy, but rather demand it from our government.
Hyppönen was featured on the TED Radio Hour episode The End Of Privacy and answer listener's questions about his work.
Which do you believe is more important: having privacy or agency over your information?
Control is the keyword. As I said in my TEDxBrussels 2011 talk: This is not a question of privacy against security. It's a question of freedom against control.
If we can retain control of our own data and if we can decide how it is being used, there is no problem. Remember, privacy is a human right. We really don't need to explain why it is needed.
Let me quote Article 12 of the United Nation's Universal Declaration of Human Rights:
"No one shall be subjected to arbitrary interference with his privacy. Everyone has the right to the protection of the law against such interference or attacks."
Why do governments think they have the right to cross the boundary into personal lives of society?
Governments actually have a right to peek into our personal lives.
But they can't do it arbitrarily.
For example, law enforcement can record your phone calls - or your Google searches. But they can only do it if they suspect you of a crime and have a court order. Recording everybody's actions all the time and archiving them forever is simply not ok. We did not build the internet to be used as a giant surveillance machine.
The U.S. surveillance complex has no legal right to do unwarranted surveillance on their own citizens. Which doesn't make me feel any better: I'm not a U.S. citizens. And we foreigners have no rights in USA. So when we use U.S. online services, we are volunteering our data to a country in which the government can legally look at our data and store it forever.
The NSA leaks made many people think twice about the changing role of government and our assumed expected level of privacy. But it still feels like not much has changed since Edward Snowden's leaks. What will it take to make government listen to people's desire for privacy?
There are two things people can do to fight back: First, they can use technical safeguards to protect themselves. This includes using disk and email encryption, browsing over Tor and using VPNs to protect your traffic. However, using technical safeguards is just a band-aid; it won't do anything at all to the underlying problem which is wholesale blanket surveillance.
The thing to do against unwarranted surveillance is to stand up and say no. This means working for a political change. And in this case it means international politics.
Do you personally believe we can have online privacy when the fundamental framework of the Internet was not intended for such communications?
Internet works remarkably well, considering how old it is. It was designed very well. However, it wasn't designed for privacy.
They way to use the net privately today means that you have to actively use encryption. But we believe encryption works, even against the NSA. So, by using VPNs and by encrypting emails and instant messages, we should be able to protect our privacy.
What hardware and software do you personally use?
I use a variety of different machines and gadgets, running various operating systems. But I don't feel good about detailing my personal computing environment. That would be bad OPSEC (operational security), and could make it easier to target me and my systems. And I have been targeted before. But thanks for asking.
What's the worst computer virus you've ever seen?
That's a great question. I guess it depends on how you define 'worst'. This would be different for different users.
It could be the Slammer worm, which scanned through the whole internet in 15 minutes and infected every machine it could.
It could be the CIH worm, which overwrote not just all the files on your computer but also the BIOS chip of your machine, effectively bricking your PC.
It could be Stuxnet, which infected a nuclear enrichment plant and caused centrifuges to malfunction.
It could be Flame, which did spread via Windows updates, claiming to be an official update, complete with a forged Microsoft signature.
It could be CryptoLocker, which encrypted all the files on all your drives and then demanded a payment to get them back.
So, it depends.
Copyright 2021 NPR. To see more, visit https://www.npr.org.