Our recommendations¶

The MCLU is aware that recommendations arriving after the fact have a particular quality of closing the stable door. We offer them anyway. The horse, while gone, may still benefit from knowing which direction it ran in.

Understand the scope first¶

The instinct on discovering undisclosed surveillance is to act immediately. The more useful instinct is to first establish what was actually observed, when, and whether any of it falls under obligations to third parties. The MCLU can refer clients to practitioners briefed on the situation, which is a sentence we did not expect to be writing when we registered as a Guild of Moral Concern.

Revise your threat model¶

Every client should now assume that their historical operational data, known vulnerabilities, and communication patterns are held by an undisclosed party of unknown intentions. An accurate threat model that is uncomfortable is more useful than a comfortable one that is wrong.

Consider obligations to your own users and members¶

Guild members and bank customers did not consent to have their data on infrastructure under undisclosed surveillance. “We did not know” is not the end of that conversation.

Do not respond by implementing your own undisclosed capability¶

The MCLU has observed this response before. It solves the wrong problem, creates new ones, and looks considerably less reasonable eighteen months later when someone is writing about it.

Contact us¶

We do not charge. We have no money. We consider this a structural feature rather than a bug. We have a pamphlet. It is more useful than it sounds.