We’ve never been so dependent on Smartphones and laptops; they’re intricately woven into our daily lives. As we edge closer to George Orwell’s fable of an ever-watching state, what protection is out there for us?
Mobile technologies have altered the way we communicate and the way in which communications travel. The pace of it has not only been fast but unprecedented. When analyst-turned-whistleblower Edward Snowdon gave the world a sobering glimpse into the scale of government surveillance programs, attention focused sharply on the subject of digital privacy and the topic has continued to generate headlines. With such powerful new technologies at our disposal it’s an alarming thought that our intimate data could be exploited by cyber-criminals and in some instances the government.
For every unique cell phone signature that establishes a connection and for every website link or internet connection that’s made, information is gathered about us – from our location and internet activity, to precise details of our text messages and calls. Call logs are difficult to dodge. Without proper precaution, anything that we do on our smartphone, is at risk.
Service providers aren’t exactly forthcoming in detailing exactly what data they collect and their policies on data retention. All of them differ, but in general phone companies are required by law to store information for twelve months, whilst payment history is held for 3-5 months. According to a report by Reuters, 1.1 million requests from U.S. law enforcement agencies to phone companies for their customers’ phone records were received in 2012 alone.
Advertisers also exploit smartphone apps as a goldmine of information to capture consumer details. It’s surprisingly easy because privacy risks are not top priority for app programmers. Most would prefer to spend time making it cool rather than digging through code for security flaws. Third parties can compile our personal information with other data to create a profile; this can happen without our consent.
August 2012 saw the release of a top-secret report: the Fiscal 2013 Congressional Budget Justification Book, which detailed just how much the US National Intelligence Program was spending to support US intelligence agencies operations – a staggering USD $52.6 billion (USD $14.7 billion being allocated to the CIA, and USD $10.8 billion to the NSA). The money continues to be used for counterintelligence, raw data collection, technical surveillance and data analysis. Perhaps most shocking is that the NSA has broken much of the encryption that the world relies on, purposefully introduced weaknesses in communication software that anyone could then exploit, and snuck covert agents into communications companies. It also showed use of supercomputers to break encryption with “brute force”, and the frequent coercion of technology companies and internet service providers into handing over their master encryption keys.
2013 was punctuated by stories of spying on our internet. When former CIA technical worker, Edward Snowdon, leaked details of top-secret NSA documents about US and British surveillance programs to the press the world took outrage at the sheer scope and size of the surveillance being used against them (notably PRISM, NSA call database, and Tempora, a British black-ops surveillance program run by the NSA’s British partner, GCHQ). As it stands, most of our routers, switches and firewall devices have surveillance capabilities already built in but the NSA figured a way to surreptitiously turn them on.
Snowdon disclosed information about Tempora, a secret program used by the intelligence community to access the fibre-optic cables that carry the world’s phone calls and web traffic, and built with an ingenious way of storing this material for up to 30 days. Revelations about PRISM quickly followed: an initiative that gave the NSA and GCHQ access to millions of emails and live chat held by the world’s major internet companies (including Google, Facebook, Microsoft and Apple).
Last year Facebook and Microsoft sued the U.S. Government to be able to disclose more information about how much data the NSA collects from them, hoping to show limited involvement in the controversial surveillance efforts. Facebook CEO Zuckerberg commented that “trust metrics” for all the big internet firms “went down with PRISM” but exactly how they participate in PRISM and other surveillance programs is still unclear. But in June 2012 the UK Government introduced the Draft Bill, asking for an increase to the forms of data to be retained. It focuses on the expansion in the use of new means of communication that are not presently subject to the retention obligations contained in the 2009 Regulations – essentially it means data used by social networks will be increasingly under the spotlight.
After a summer of revelations, it came as a surprise to many when Obama’s administration put forward their proposal that the Fourth Amendment allow warrantless mobile phone searches; their argument being that a cellphone is no different from any other object a suspect might be carrying like a calendar or address book. The US Supreme Court will need to reach a conclusion, but the worry is that technological advances in the years to come will only make it easier for police and the government to access information that citizens reasonably expect to be private.
When all this information stacks up, being swallowed up in an endless surveillance platform starts to look like an inevitability. But it takes work and risk on the part of the NSA to compromise your computer, so it’s unlikely that we are their target. Still, it’s reassuring to know that there are steps you can take to take back control of your personal computer if you have the dedication and awareness. All the sensible precautions that you probably already know about, such as using Wi-Fi networks with caution and disabling Bluetooth when not in use, you should apply. Remove photo geotagging on your phone. And when disposing of, your smartphone, be absolutely certain you have wiped or reset the phone first.
But how else can you retain your anonymity? The most straightforward and failsafe solution to keeping texts private comes in the form of Redact, a secure messaging app that has no hidden agendas, it was devised purely to ensure resistance to hacking attempts. Created by a British firm based in Geneva, Redact is so confident in it’s technology that it has already submitted it to CESG, the Government’s National Technical Authority for Information Assurance, which provides advice on the security of communications and electronic data. Using heavy encryption and complex ciphers, any messages – both sent and received between devices – can be removed from both handsets at the touch of a button, with no method of recovery.
Because Redact stores no messages, contact information or usernames in any central servers, there’s no information to be stolen and there’s no recovery tool for hackers to exploit. Instead, anyone using the app is assigned a unique pin number which is never stored. Only you can change your alias, so you can be certain contacts aren’t using your real name anywhere in the application.
When it comes to online security you could choose a network like Tor which uses software that directs Internet traffic through a free, worldwide volunteer network made up of more than three thousand relays, making it harder to trace Internet activity back to you. Which means the more people use it, the safer everyone is. PGP and OTR are great ideas. There’s a bit of a learning curve with PGP but if people can use it, it’s recommended. Using a Transport Layer Security (TLS) or IPsec to encrypt your communications adds an extra layer of protection.
Further than this, choosing secret key encryption over public-key encryption can help, it requires more processing power but it can only be decrypted by using the matching public key. Always be suspicious of commercial encryption software, especially from large vendors. Most encryption products from large US companies have NSA-friendly back doors and systems relying on master secrets are vulnerable, through either legal or more clandestine means. Remember that closed-source software is easier for the NSA to backdoor than open-source software. Finally, if you have something really important, you could use a second laptop: buy a new computer that has never been connected to the internet. To transfer a file, encrypt it on the secure computer and import it to the internet-connected computer on a USB before decrypting again. Complicated and time consuming it might be, but it might be time for us to stop and think about how far we’re prepared to go to be totally secure.
Further information: www.redactapp.com.