Recent news of the NSA collecting metadata of phone calls from communication companies, along with federal law enforcement seeming to continue to press for expansion of its ability to collect personal information online without warrants, has many questioning how safe their own privacy is.
Although a Pew Research Center poll found 56 percent of Americans back the NSA’s spying on call records, many have still expressed outrage over what they feel is a breech of their expected privacy and have labeled the whistleblower of the classified government program a hero.
Those concerned about their communication privacy — be it over the phone or on the Web — may then be wondering: Is there anything to be done? Is full privacy even possible?
We went searching and found a few answers. Here are a few tips:
1. Go off the grid: Although the most extreme measure, not communicating electronically would prevent such data from ever being available for collection in the first place. If you want to know what it’s like to go at least without the Internet for a year, check out Paul Miller’s column on The Verge after he did just that.
But as Elad Yoran, CEO of the IT security company Vaultive, told TheBlaze “the choice of not communicating electronically is not one that’s real for us.”
One choice people do have though, Yoran said, is being conscious of what they post online.
“Choosing to post a picture on Facebook or to tweet is an action we take deliberately and that we control,” he said.
Even if you have your social media sites set to private, that information is still being collected by the site itself and could be obtained legally through a court order.
2. Keep your browsing quiet: If you’ve been freaked out when shopping online for a Father’s Day tie and found that ads about menswear are cropping up on unrelated sites afterward, you might consider secure browsing. Although what to get dad might not be a controversial search, users could have their reasons to wish to keep searches private or just don’t want their searches to be recorded in cyberspace. TheBlaze has reported on secure Internet browsing before (Here’s How You Can Browse the Web Without Being Tracked), but here’s a bit of a recap.
- Private mode: most Web browsers have the ability to allow you to search privately, without cookies being enabled to track your movements. There are also browser extensions like Ghostery, Abine’s Do Not Track and AVG’s Do Not Track that prevent “invisible” entities from tracking searches as well.
- Hide your IP address: an even higher level of security hides your computer’s IP address entirely. There are several services that do this including Hot Spot Shield, which is VPN (virtual private network) software, and the search engine StartPage.
- Go hard core with ‘Tor’: CNET called the Tor Project “hard core” and potentially even “overkill” when it comes to secure browsing. Tor is free software that enables not only browsing that is anonymous but it encrypts data transport and doesn’t reveal a user’s location or how long they were browsing. How? It reroutes your IP address several times before connecting.
Watch Jacob Appelbaum introduce the Tor Project and the Tor Network in this TED Talk:
Encryption for data transmitted over an Internet connection, would “take thousands of years to break, and even if the NSA had quantum computers, it would still take them years to decode,” Peter Zaborszky, the owner of BestVPN.com, told TheBlaze.
3. Encrypt. Encrypt. Encrypt.: Yoran’s biggest piece of advice for companies using cloud computing is to encrypt their data. After it’s in the hands of a cloud service provider, like Microsoft, Google and many others, if they receive a court order for information, they might be obligated to turn it over.
Here are tips for encryption from Yoran, who is a member of the FBI Information Technology Advisory Council and the Department of Homeland Security Advisory Board for Command, Control and Interoperability for Advanced Data Analysis:
- Encrypt data before it goes to the cloud.
- Encrypt data persistently in all three states. Data exists in three states: transit, at rest and in use.
- Hold onto encryption keys yourself. Data can only be made usable with keys.
When it comes to the individual cloud users, encryption packages available for companies are not quite there yet, according to Yoran. (The encryption mentioned in the secure browsing section above addresses encryption of data transmitted over an internet connection).
“I believe this kind of encryption technology will one day be available for consumers, but it’s not yet,” he said.
For now, individuals could avoid using cloud services like Dropbox and Google for information storage or transport that they wish to keep secure.
4. Secure phone conversations: Unless you want to be old fashioned and use a pay phone (if you can even find one), there are fewer options to keep phone conversations secure. Gregg Smith, the CEO of Koolspan, a company focusing on mobile-encryption, detailed some of the products that can encrypt conversations, texts and other information sent from mobile devices between users.
Smith described the technology as a TrustChip, which is placed into the micro SD slot of the device and is “all-in-one key management, authentication and encryption,” according to the company’s website.
Here’s a quick demo showing how Koolspan’s technology works:
Koolspan partners with companies like AT&T, Samsung and other wireless carriers around the world to offer devices with this technology.
AT&T, for example, calls it “encrypted mobile voice,” and offers it as a service for a $24.99 monthly fee.
It is important to note that for such communication to truly be secure, all people involved would need to have their devices enabled with the technology.
What about calls made online? Last year, Skype was accused of online wiretapping. Google Talk hosts information on Google’s servers, which means content, like other information on its products, is subject to compliance with U.S. laws. The Washington Post recently pointed to online telephone service Silent Circle, which has been independently verified to have end-to-end encryption of information without any backdoors for wiretapping.
The Post also pointed to RedPhone, an app for Android phones, that claims to allow end-to-end encryption of conversations. Check out this brief report about RedPhone technology:
5. Avoid cellphone tracking: The ability of law enforcement to triangulate the position of a cellphone based on cell tower connections has been discussed recently from a legal standpoint, but is there a way to prevent this from happening in the first place? Yes, but you probably won’t like it. You have to turn your phone off and can even remove the battery for extra protection.
Location data is taken by the cell company every time you make a call, so that’s unavoidable. But Smith offered a clue to look for to see if your phone has been hacked in any way, which could open it to vulnerabilities, such as turning on the microphone remotely. Looking where the signal bar is and the letter/number designation showing connectivity, Smith said it usually shows a few bars and 3G or 4G LTE. If it shows 2G or GPRS, “that’s an initial sign you might be hacked,” he said.
If you see this sign, Smith explained, someone has pulled you into a lower level of connectivity where there is generally less security and might allow them to access information or features inside your phone.
Is full privacy even possible?
Tech experts say even some encryption services have left backdoors for law enforcement purposes. And Smith said completely preventing metadata being collected from phone communications isn’t entirely possible either. The tips mentioned above are just a few ideas to increase privacy.
Zaborszky said unless one isolates oneself from how the rest of society uses technology, it’s not possible to avoid all snooping.
“But it is important to know that it’s not the technical side of things that is the weak link, but the legal side and the fact that most of these companies are based in the USA and are bound by US laws,” he noted.