- Bruce Stengl
- THE EYE IN THE SKY Smaller privacy-friendly browsers and encryption can help shield users from surveillance.
'Does the [National Security Agency] collect any type of data at all on millions or hundreds of millions of Americans?" Sen. Ron Wyden, D-Ore., asked James Clapper, the director of national intelligence, during a Senate Intelligence Committee hearing in March. Clapper replied, "No sir . . . not wittingly."
We now know that was a bald-faced lie. Or as Clapper nicely parsed it later, it was the "least untruthful" statement. The NSA has been collecting telephone and telecommunications data from tens of millions of Americans for years now.
The NSA claims this storehouse of data is never reviewed unless additional information prompts the department to winnow it—for instance, a letter from Russia warning about a couple of Chechens living in Boston. But it hasn't worked out that way. Christopher Soghoian, a policy analyst at the American Civil Liberties Union, likens the situation to having someone tell you that he wants to put a video camera in your bedroom but will not actually look at the stored footage unless something bad happens later.
The NSA is able to obtain information because the dominant internet business model is set up to exchange free services for personal information, which enables targeted advertising. When I interviewed Soghoian, he suggested that the free market has delivered us into a world that is insecure by default; he also added that the telephone industry has been practicing surveillance for a hundred years already.
Seeking technical steps that citizens might take to shield themselves from electronic snooping by the government, I talked with Mark Wuergler, a senior security researcher at the cybersecurity firm Immunity Inc. "I have bad news for the average citizen," Wuergler tells me.
In order to avoid monitoring by the government, citizens need to have control over their own hardware, networks and servers, and use encryption ubiquitously. Currently available methods for trying to maintain data privacy and security are so clunky and complicated, he says, that most Americans will simply not bother. "It boils down to less convenient, more secure; more convenient, less secure," Wuergler says. "You just need to assume that your data is being watched."
Wuergler would know; he devised a program, Stalker, that can siphon off nearly all of your digital information to put together an amazingly complete portrait of your life and find out where you are at all times.
So how can you hide this information?
First, don't put so much stuff out there in the first place. Use Facebook if you must, but realize you're making it easy for the government to track and find you when it chooses to.
A second step toward increased privacy is to use a browser search engine like DuckDuckGo, which doesn't collect the sort of information—your IP address, for one—that can identify you with internet searches. If the government bangs on their doors to find out what you've been up to, DuckDuckGo has nothing to hand over.
Third, a Tor relay, used by dissidents and journalists around the world, can shield your location from prying eyes. Tor operates by bouncing your emails and files around the internet through encrypted relays. Anyone intercepting your message once it exits a Tor relay won't be able to trace it back to your computer and your physical location.
Fourth, there is encryption. An intriguing one-stop encryption solution is Silent Circle. Developed by Phil Zimmerman, the inventor of the Pretty Good Privacy encryption system, Silent Circle enables users to encrypt text messages, video, phone calls and emails. Zimmerman and his colleagues claim neither they, nor anyone else, can decrypt messages across their network. This security doesn't come free; Silent Circle charges $10 per month.
One might also consider encrypting data using free encryption software offered by TrueCrypt. If you keep data in the cloud, you might use SpiderOak, which bills itself as a "zero-knowledge" company, which means it has no way to decrypt the data you store with it. However, SpiderOak will provide personally identifiable information about users to law enforcement if required to do so by law. The company offers two gigabytes of free storage for beginners.
Now for some bad news: telephone metadata of the sort the NSA acquired from Verizon is impossible to hide. As the ACLU's Soghoian notes, you can't violate the laws of physics, and in order to connect your mobile phone, the phone company needs to know where you are located.
For more information on evading government monitoring agencies, check out the Electronic Frontier Foundation's guide to Surveillance Self-Defense at www.eff.org.
This article originally appeared on Reason.com.