Last week, The Guardian and The Washington Post published articles that described two massive NSA projects for monitoring Americans. Both newspapers drew their information from top-secret documents provided by Edward Snowden, a former CIA employee who worked as a contractor for NSA.
One of the NSA projects described in the articles, PRISM, allegedly siphons information from the databases of nine major technology companies: Microsoft, Google, Yahoo, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. (In emails to Slashdot and other media outlets, as well as postings on their respective corporate blogs, many of these companies have denied involvement with PRISM.) The other project captures metadata from millions of phone calls placed around the world, which can be data-mined to produce insights into individuals’ communications networks.
If those newspaper reports are accurate, the NSA’s programs are enormous and sophisticated, and rely on the latest in analytics software. In the face of that, is there any way to keep your communications truly private? Or should you resign yourself to saying or typing, “Hi, NSA!” every time you make a phone call or send an email?
‘Private Browsing’ Settings Won’t Work
First things first: unlike blocking malware or fixing a software vulnerability, safeguarding your communications privacy is much more than installing an upgrade to an existing platform.
“It’s much easier and more credible to expect simple technical changes to help if you’re trying to defend against spying by someone with less sophistication and fewer resources,” Dave Maass, media relations coordinator for the Electronic Frontier Foundation (EFF), wrote in an email to Slashdot.
But the NSA (along with other nations’ intelligence agencies) enjoys an enormous budget and untold amounts of brainpower, so a simple technical change to a piece of software is unlikely to stop it from peering into a particular system.
“A lot of people have been contacting me talking about private browsing modes as a defense against NSA surveillance,” Maass continued. “Of course, private browsing modes are meant to avoid leaving records of one’s web browsing history—on one’s own computer—and that’s basically the extent of it! So people are very often missing the idea of what is meant to defend against what.”
In other words, clicking “Private Browsing” on your Web browser will not render you invisible to a government agency that wants to collect your information. (Privacy add-ons such as Ghostery can help block browser ads, but won’t render you invisible on the Web.)
TOR, HTTPS, and More
The EFF offers a handy visualization of the protections afforded by HTTPS (Hypertext Transfer Protocol Secure, a communications protocol for secure communication over a network) and Tor (a network that relies on relays that make it difficult to trace a user’s Internet activity). HTTPS and Tor can hide very specific kinds of information, depending on which one is used.
“I naturally recommend our own HTTPS Everywhere software as well as the Tor Browser Bundle, but I hope people understand the goals and limitations of these tools,” Maass wrote. “The Tor developers have been very clear over the years on the limitations of what Tor protects and from whom; at best Tor can make users’ origin and destination hard to link based on IP traffic data.”
Tor developers believe it’s possible for an outside agency to make an end-to-end traffic correlation, he added, provided it monitors both the origin and the destination of a particular bit of Internet activity: “The entity that can do this most easily is called a ‘global passive adversary’ and is often thought of as akin to a powerful signals intelligence agency like NSA.”
Maass believes the current controversies could spark a renewed interest in end-to-end encryption, such as the Pretty Good Privacy (PGP) program invented in the early 1990’s. “The current generation of cloud services almost all intentionally expose data to the service operator, even if they scrupulously use HTTPS to protect data in transit,” he said. That aside, some work is being done in the realm of host-proof cryptography, including platforms such as Tarsnap and SpiderOak.
But those host-proof solutions offer security in exchange for some measure of inconvenience. If you lose your access credentials, you’re likely toast: few highly secure services include a “Forgot Your Password?” link, which can be easily engineered to reset a password and username without the account owner’s knowledge. (Tarsnap, for example, demands the forgetful user email the administrator; SpiderOak, which boasts a “zero-knowledge environment for its users,” doesn’t store passwords or the answers to password hints.) And in the realm of peer-to-peer communications, there’s the small matter of making sure those with whom you speak are using compatible security and software.
For businesses, other encryption vendors worth a look include Voltage Security, which offers a variety of encryption and tokenization tools; Liaison, which also traffics in communications and transaction encryption; and, for database security, Application Security. (Tip of the hat to our security expert Steve Ragan for those recommendations.)
Maass thinks big providers such as Dropbox and Google should meet security-conscious users halfway and provide client-side encryption that makes data unavailable to the provider, perhaps in exchange for “the corresponding loss of certain features.” Seen from another perspective, however, that would also lead to revenue loss for those companies that need to scan user information in order to serve up ads; and if there’s one thing international conglomerates hate, it’s leaving money on the table.
No Dodging Metadata
In addition to monitoring emails and other electronic communications, the NSA reportedly convinced Verizon to turn over metadata on millions of Americans’ phone calls. Phone metadata includes the numbers you’ve called, and when; although it doesn’t capture a recording of the call itself, it can be used to make some very targeted assumptions. For example, if you made a call to your physician, and followed it up by dialing a cancer-treatment center a few minutes later, anyone with that metadata could assume that either you (or someone you know) may have a malignancy of some sort.
“On a cellular phone call, no, there’s no way to avoid it,” Jon Callas, chief technical officer for Silent Circle, wrote in an email. “This is why it is so outrageous. The only way to avoid it is not to use your mobile phone.” The metadata handed over by Verizon, he added, “is protected data and should not be handed over without a warrant.”
Silent Circle offers software tools for mobile devices that encrypt data in transit. Its portfolio includes encrypted PGP email (interoperable with external mail clients such as Outlook), secure video chat, and Burn Notice (which self-destructs messages and files after a certain period of time). That software can encrypt communications in such a way that even Silent Circle’s administrators can’t access it; but that won’t necessarily prevent a bad actor from getting at the data if they install malware on a phone.
SCP and SFTP
In terms of transferring large files between devices, Callas recommended platforms such as SFTP (Secure File Transfer Protocol) and SCP (a method of transferring data between hosts, based on Secure Shell or SSH protocol). Secure-backup vendors such as the aforementioned SpiderOak offer tools based on those protocols; but in general, transferring large files in a totally secure way can be difficult: “I want to copy from my laptop to yours and I’m in a coffee shop, then get up and go into my office, then off to a meeting, and so on, it’s harder than you’d think.”
What Can One Do?
Some of solutions outlined above—SFTP, SCP, Tor and HTTPS—can help safeguard one’s data to a certain extent, and a number of vendors offer products that leverage those protocols. But relatively airtight security also means making tradeoffs, most notably with regard to convenience; as mentioned previously, losing a password to a secure-backup vendor can mean saying bye-bye to one’s data.
Mainstream providers such as Google also include encryption with their products, but some hardcore privacy advocates remain concerned about administrative access to all that user data: one well-placed court order, and your information is in a government agency’s hands.
Some tools, such as “private browsing,” are simply ineffective in this context, no matter what some online articles may tell you. And becoming truly invisible is a virtual impossibility—every time you place a phone call or shoot an e-mail or instant message from an IP address, there’s a chance (more like a likelihood, these days) that the metadata is being stored somewhere.
In other words, it’s possible to achieve a certain level of secure communication—but there will always be vulnerabilities. For the truly paranoid, we have two words for you: carrier pigeon.