Recent news of the NSA collecting
metadata of phone calls from communication companies, along with federal
law enforcement seeming to continue to press for expansion of its
ability to collect personal information online without warrants, has
many questioning how safe their own privacy is.
Although a Pew Research Center poll found 56 percent of Americans
back the NSA’s spying on call records, many have still expressed
outrage over what they feel is a breech of their expected privacy and
have labeled the whistleblower of the classified government program a
hero.
Those concerned about their
communication privacy — be it over the phone or on the Web — may then be
wondering: Is there anything to be done? Is full privacy even possible?
We went searching and found a few answers. Here are a few tips:
1. Go off the grid:
Although the most extreme measure, not communicating electronically
would prevent such data from ever being available for collection in the
first place. If you want to know what it’s like to go at least without
the Internet for a year, check out Paul Miller’s column on The Verge after he did just that.
But as Elad Yoran, CEO of the IT
security company Vaultive, told TheBlaze “the choice of not
communicating electronically is not one that’s real for us.”
One choice people do have though, Yoran said, is being conscious of what they post online.
“Choosing to post a picture on Facebook or to tweet is an action we take deliberately and that we control,” he said.
Even if you have your social media
sites set to private, that information is still being collected by the
site itself and could be obtained legally through a court order.
2. Keep your browsing quiet:
If you’ve been freaked out when shopping online for a Father’s Day tie
and found that ads about menswear are cropping up on unrelated sites
afterward, you might consider secure browsing. Although what to get dad
might not be a controversial search, users could have their reasons to
wish to keep searches private or just don’t want their searches to be
recorded in cyberspace. TheBlaze has reported on secure Internet
browsing before (Here’s How You Can Browse the Web Without Being Tracked), but here’s a bit of a recap.
- Private mode: most Web browsers have the ability to allow you to search privately, without cookies being enabled to track your movements. There are also browser extensions like Ghostery, Abine’s Do Not Track and AVG’s Do Not Track that prevent “invisible” entities from tracking searches as well.
- Hide your IP address: an even higher level of security hides your computer’s IP address entirely. There are several services that do this including Hot Spot Shield, which is VPN (virtual private network) software, and the search engine StartPage.
- Go hard core with ‘Tor’: CNET called the Tor Project “hard core” and potentially even “overkill” when it comes to secure browsing. Tor is free software that enables not only browsing that is anonymous but it encrypts data transport and doesn’t reveal a user’s location or how long they were browsing. How? It reroutes your IP address several times before connecting.
Watch Jacob Appelbaum introduce the Tor Project and the Tor Network in this TED Talk:
Encryption for data transmitted over
an Internet connection, would “take thousands of years to break, and
even if the NSA had quantum computers, it would still take them years to
decode,” Peter Zaborszky, the owner of BestVPN.com, told TheBlaze.
3. Encrypt. Encrypt. Encrypt.:
Yoran’s biggest piece of advice for companies using cloud computing is
to encrypt their data. After it’s in the hands of a cloud service
provider, like Microsoft, Google and many others, if they receive a
court order for information, they might be obligated to turn it over.
Here are tips for encryption from
Yoran, who is a member of the FBI Information Technology Advisory
Council and the Department of Homeland Security Advisory Board for
Command, Control and Interoperability for Advanced Data Analysis:
- Encrypt data before it goes to the cloud.
- Encrypt data persistently in all three states. Data exists in three states: transit, at rest and in use.
- Hold onto encryption keys yourself. Data can only be made usable with keys.
When it comes to the individual cloud
users, encryption packages available for companies are not quite there
yet, according to Yoran. (The encryption mentioned in the secure
browsing section above addresses encryption of data transmitted over an
internet connection).
“I believe this kind of encryption technology will one day be available for consumers, but it’s not yet,” he said.
For now, individuals could avoid using
cloud services like Dropbox and Google for information storage or
transport that they wish to keep secure.
4. Secure phone conversations: Unless
you want to be old fashioned and use a pay phone (if you can even find
one), there are fewer options to keep phone conversations secure. Gregg
Smith, the CEO of Koolspan, a company focusing on mobile-encryption,
detailed some of the products that can encrypt conversations, texts and
other information sent from mobile devices between users.
Smith described the technology as a TrustChip,
which is placed into the micro SD slot of the device and is “all-in-one
key management, authentication and encryption,” according to the
company’s website.
Here’s a quick demo showing how Koolspan’s technology works:
Koolspan partners with companies like
AT&T, Samsung and other wireless carriers around the world to offer
devices with this technology.
AT&T, for example, calls it “encrypted mobile voice,” and offers it as a service for a $24.99 monthly fee.
It is important to note that for such
communication to truly be secure, all people involved would need to have
their devices enabled with the technology.
What about calls made online? Last year, Skype was accused of online wiretapping.
Google Talk hosts information on Google’s servers, which means content,
like other information on its products, is subject to compliance with
U.S. laws. The Washington Post recently pointed to online telephone service Silent Circle, which has been independently verified to have end-to-end encryption of information without any backdoors for wiretapping.
The Post also pointed to RedPhone, an
app for Android phones, that claims to allow end-to-end encryption of
conversations. Check out this brief report about RedPhone technology:
5. Avoid cellphone tracking: The
ability of law enforcement to triangulate the position of a cellphone
based on cell tower connections has been discussed recently from a legal
standpoint, but is there a way to prevent this from happening in the
first place? Yes, but you probably won’t like it. You have to turn your
phone off and can even remove the battery for extra protection.
Location data is taken by the cell
company every time you make a call, so that’s unavoidable. But Smith
offered a clue to look for to see if your phone has been hacked in any
way, which could open it to vulnerabilities, such as turning on the
microphone remotely. Looking where the signal bar is and the
letter/number designation showing connectivity, Smith said it usually
shows a few bars and 3G or 4G LTE. If it shows 2G or GPRS, “that’s an
initial sign you might be hacked,” he said.
If you see this sign, Smith explained,
someone has pulled you into a lower level of connectivity where there
is generally less security and might allow them to access information or
features inside your phone.
Is full privacy even possible?
Tech experts say even some encryption
services have left backdoors for law enforcement purposes. And Smith
said completely preventing metadata being collected from phone
communications isn’t entirely possible either. The tips mentioned above
are just a few ideas to increase privacy.
Zaborszky said unless one isolates
oneself from how the rest of society uses technology, it’s not possible
to avoid all snooping.
“But it is important to know
that it’s not the technical side of things that is the weak link, but
the legal side and the fact that most of these companies are based in
the USA and are bound by US laws,” he noted.
No comments:
Post a Comment