by
Doug Hornig
Casey’s
Extraordinary Technology
Recently
by Doug Hornig: Big
Changes Ahead: Gold Just Became Money Again
Happy Independence
Day to our American readers, wherever they might be.
While you’re
enjoying friends, family, and that charbroiled steak, perhaps this
is also a good time to take stock of your own state of independence.
To ponder your privacy, or lack thereof, and what you might do about
it.
For the record,
the word “privacy” doesn’t appear in the Declaration of Independence,
nor anywhere in the Constitution. It’s difficult at this late
date to divine whether the authors of those documents had any real
notion of the term or thought it worth protecting. Nevertheless,
we can draw some inferences from what they did write.
The Fourth
Amendment declares that “the right of the people to be secure in
their persons, houses, papers and effects, against unreasonable
searches and seizures, shall not be violated, and no Warrants shall
issue but on probable cause.” The Fifth Amendment adds that no person
“shall be compelled in any criminal case to be a witness against
himself, nor be deprived of life, liberty or property without due
process of law.”
An overarching
right to be left alone certainly seems implied.
But what about
personal electronic communications – a concept
that could hardly have existed in the 18th century. Should
they also be secure? That’s the question before us as a society.
It’s been a big one for a long time now, even though it only
makes the front pages when an Edward Snowden type appears.
Snowden might
be the current flavor of the day, but many of his revelations are
little more than yesterday’s news. For example, investigative
reporter Kurt Eichenwald, in his book 500
Days: Secrets and Lies in the Terror Wars, revealed how
the NSA’s questionable mass surveillance program – what
he calls “the most dramatic expansion of NSA’s power and authority
in the agency’s 49-year history” – was devised just days
after 9/11, as an end run around the traditional requirements of
the Foreign Intelligence Surveillance Act (FISA).
Formerly, FISA
demanded that an individual warrant be obtained if the government
wanted to monitor Americans communicating overseas. But the Baby
Bush administration unilaterally swept that aside. The new presidential
directive granted the NSA the power to gather unlimited numbers
of emails and phone calls into a database for analysis, all without
the approval of Congress or any court. (Not to put everything on
Dubya – Obama has essentially doubled down on this encroachment.)
Moving the
surveillance totally onshore was a breeze from there. Connections
between a suspect email address abroad and anyone else – accounts
that either sent or received messages, whether in the United States
or not – would be subject to examination. At that point, a more
detailed list could be constructed, ensnaring any email addresses
contacted by the suspect, and then any addresses contacted by those
addresses, and so on without end.
More specifics
came from whistleblower William Binney, a 30-year veteran of the
NSA. Binney, who resigned from the agency in 2012 because of the
dubious nature of its activities, volunteered the first public description
of NSA’s massive domestic spying program, called Stellar Wind,
which intercepts domestic communications without protections for
US citizens. Binney revealed that NSA has been given access to telecommunications
companies’ domestic and international billing records, and that
since 9/11 the agency has intercepted between 15 and 20 trillion
communications. He further disclosed that Stellar Wind was filed
under the patriotic-sounding “Terrorist Surveillance Program” in
order to give cover to its Constitutionally questionable nature.
We also can’t
pretend to be shocked just because we now know PRISM’s name.
The government has long employed techniques which they hide behind
euphemisms like “full pipe monitoring,” “sentiment analysis,” and
“association mapping.” These involve concurrent surveillance of
both email and social media, in order to build a detailed map of
how evolving movements are organized. Political protests receive
extremely close scrutiny, with information about them shared among
federal, state, and local law enforcement officials. This is what
happened with the “Occupy” demonstrations, where everything participants
did was watched, every communication was recorded, and all of it
was filed away for future reference. Everyone involved is now the
subject of a government dossier.
Even if you’re
not part of a political movement, heaven help you if get caught
up in some vast fishing expedition that hooks everyone who has ever
visited some “suspicious” website, or even merely typed in some
alarm-bell keywords.
Nor has the
value of this kind of information gathering been lost on politicians.
In fact, the presidential race of 2012 will likely go down as the
first one in history – and it won’t be the last – that
was decided by who had the better Internet sniffers. Both the Romney
and Obama campaigns continuously stalked voters across the Web,
by installing cookies on their computers and observing the websites
they visited as a means of nailing down their personal views. CampaignGrid,
a Republican-affiliated firm, and Precision Network, working for
the Democrats, jointly collected data on 150 million American Internet
users. That’s a full 80% of the entire registered voting
population, for those keeping score.
Cellphones
are another rich source of user data, especially when it comes to
apps. If you download one, you grant to the vendor the right to
gather all sorts of personal information. But then, you knew that
when you read the “Permissions” document – you did read it,
right? – so at least you know you can opt out.
Forget about
turning off your phone’s location-tracking feature (which a
mere 19% of us do, Pew says). Regardless of whether it’s on
or off, your wireless carrier knows (and keeps a record of) where
your phone is at all times it’s connected to the cell network.
Carriers can be forced to surrender the information to law enforcement,
not to mention that they’ve been rather less than forthcoming
about what else they may be doing with this data.
Anyone who
thinks the government’s ultimate goal is not to intercept and
archive our every digital message, oral or written – or that
it doesn’t have that capability – needs to be aware of what’s
happening in Bluffdale, Utah, AKA the middle of nowhere. There,
NSA contractors (and only those with top secret clearances) are
putting the finishing touches on a staggeringly huge decryption
and data storage center. James Bamford, the country’s leading
civilian authority on the NSA, wrote in Wired of the facility’s
purpose, which is no less than: “to intercept, decipher, analyze,
and store vast swaths of the world’s communications as they
zap down from satellites and zip through the underground and undersea
cables of international, foreign, and domestic networks.”
Bluffdale
will cost upwards of $2 billion and occupy a million square feet
of space. Included will be four 25,000-square-foot halls filled
with state-of-the-art supercomputers. The ultimate goal, Bamford
says, is to construct a “worldwide communications network, known
as the Global Information Grid, to handle yottabytes of data.” (A
yottabyte is a septillion, or 1024 bytes – it’s
so gigantic that no one has yet coined a colloquial term for the
next higher order of magnitude.)
To gather
up those yottabytes, the NSA has dotted the country with a network
of buildings set up at key Internet junction points. According to
William Binney, the wiretaps in these secret locations are powered
by highly sophisticated software that conducts “deep packet inspection,”
which is the ability closely to examine traffic even as it streams
through the Internet’s backbone cables at 10 gigbytes per second.
Fortunately,
the situation is impossible but not hopeless – because whenever
technology gets too intrusive, the free market nearly always reacts
with some kind of solution. And that’s the case here. As the
surveillers extended their reach, enterprising liberty lovers immediately
began developing countermeasures.
Keep in mind,
however, that the technologies outlined below can only lessen your
shadow so much, catching a little less attention from the all-seeing
eye of Sauron. No one solution provides perfect privacy, and when
push comes to shove and a government official shows up with a warrant
in hand, he or she will inevitably get access to anything needed.
The first
area to consider addressing is the digital trail you leave when
researching any topic that might be of concern to someone’s
prying eyes (or, for that matter, doing anything at all on the Internet
which you don’t want analyzed, packaged, and sold).
One option
for dealing with this concern is Tor,
which is free and open source. According to its website, the service
was “originally developed … for the primary purpose of protecting
government communications. Today, it is used every day for a wide
variety of purposes by normal people, the military, journalists,
law enforcement officers, activists, and many others.”
Tor tackles
the problem of traffic analysis head on:
“How
does traffic analysis work? Internet data packets have two parts:
a data payload and a header used for routing. The data payload is
whatever is being sent, whether that’s an email message, a web
page, or an audio file. Even if you encrypt the data payload of
your communications, traffic analysis still reveals a great deal
about what you’re doing and, possibly, what you’re saying.
That’s because it focuses on the header, which discloses source,
destination, size, timing, and so on…
“Some
attackers spy on multiple parts of the Internet and use sophisticated
statistical techniques to track the communications patterns of many
different organizations and individuals. Encryption does not help
against these attackers, since it only hides the content of Internet
traffic, not the headers.”
To combat
this, Tor has created a distributed network of users called a VPN
(virtual private network). All data packets on that network “take
a random pathway through several relays that cover your tracks so
no observer at any single point can tell where the data came from
or where it’s going.”
One of the
beauties of Tor is that it’s packaged all up in single download.
Just install the Tor browser – a privacy-tuned clone of the
popular open-source Firefox browser – and it automatically
manages all the networking for you. Surf in relative privacy with
just a few clicks.
For more advanced
users, there are options to route all kinds of activities through
the network other than web browsing, such as Skype calls and file
sharing.
Tor also offers
Orbot, an Android application that allows mobile phone users to
access the Web, instant messaging, and email without being monitored
or blocked by a mobile ISP. It won’t get you around those pesky
data limits, but it will certainly reduce the amount of data your
ISP can provide about you. If you find yourself in a region where
access to certain services is restricted, it will open those options
back up to you.
Cryptohippie
is another site that utilizes the privacy capabilities of a VPN.
According to the company, its subscription-based Road Warrior product
“creates a strongly encrypted connection from your computer to the
Cryptohippie anonymity network. From there, your traffic passes
through at least two national jurisdictions, loses all association
with your identifiers and emerges from our network at a distant
location. But, even with all of this going on, you can surf, check
your email, use Skype, and everything else exactly as you have been.
Unless you reveal it yourself, no one can see who you are or what
your data may be.”
The service
is well aware of the ever-present possibility of government interference
with its operations. Thus Cryptohippie is truly international. Its
only US presence is to authenticate connections to its servers in
other countries. None of its servers are in the States.
(Of course,
if you use Tor or Cryptohippie to log in to secured sites like Amazon
or eBay, your activities at that end will still be logged to a database
and associated with you, so don’t delude yourself that such
tools make you invisible. All they can do is keep your activity
limited to the two parties involved – you and the computer
or person on the other end – and keep outsiders from knowing
that the conversation is taking place.)
These are highly
sophisticated products. Perhaps you don’t think you need that
level of protection, but would just like to keep your browsing habits
private. All of the major browsers, including Internet Explorer,
Firefox, and Google Chrome, have a “clear browsing history” button.
They also have “enable private browsing” functions that you can
activate.
How much value
these options actually have is questionable, but in any event they’re
not going to stop Google from archiving your searches, if that’s
the engine you use. (And who doesn’t?) So if you don’t want
that, you can use a different search service, like DuckDuckGo,
whose strict non-tracking
policy is entertainingly presented in graphic form. Try it out
in comparison to Google, and you’ll find that the results are
reasonably similar (although it seems odd at first not to have that
strip of ads running down the right side of the screen). DuckDuckGo
reports that it has seen a big increase in users since Snowden came
forward.
Another area
to consider addressing is your email. If you’d rather not have
your email subject to daily inspection for “watchwords” our guardians
consider inflammatory, one option is to use a foreign provider that
will be less inclined to comply when Washington comes knocking with
a “request” for user data. There are countless providers to choose
from, including:
- Swissmail.org,
which is obviously domiciled in Switzerland; - Neomailbox.com,
located in the Netherlands; - CounterMail.com
in Sweden; - TrilightZone.org
in the Netherlands, Luxembourg, Hong Kong, and Malaysia; and - Anonymousspeech.com,
which boasts over 600,000 subscribers and is unusual in that it
has no central location. “Our servers,” the company says, “are
constantly moving in different countries (Malaysia, Japan, Panama,
etc.) and are always outside the US and Europe.”
Whichever
provider you choose, just be sure they offer at least an SSL connection
to its services at all times. That will stop someone from downloading
your email right off the wire. Features like encrypted storage and
domicile in a state known for protecting privacy are also nice features.
The latest
entrant in the privacy space is Silent Circle, a company whose story
is worth detailing, because it has placed itself squarely in the
forefront of the clash between alleged governmental need-to-know
and personal privacy rights.
Silent Circle’s
CEO is Mike Janke, a former Navy SEAL commando and international
security contractor who has gathered around him a megastar cast
of techies, including most prominently, the legendary Phil Zimmermann,
godfather of private data encryption and creator of the original
PGP, which remains the world’s most-utilized security system.
Also on board are Jon Callas, the man behind Apple’s whole-disk
encryption, which is used to secure hard drives in Macs across the
world; and Vincent Moscaritolo, a top cryptographic engineer who
previously worked on PGP and for Apple.
The team hit
the ground running last October with the introduction of its first
product, an easy-to-use, surveillance-resistant communications platform
that could be employed on an iPhone or iPad to encrypt mobile communications – text
messages plus voice and video calls.
In order to
avoid potential sanctions from Uncle Sam, Silent Circle was incorporated
offshore, with an initial network build-out in Canada; it has plans
to expand to Switzerland and Hong Kong.
Silent Circle
immediately attracted attention from news organizations, nine of
which signed on to protect their journalists’ and sources’
safety in delicate situations. A major multinational corporation
ordered some 18,000 subscriptions for its staff. Intelligence and
law enforcement agencies in nine countries have expressed interest
in using the company to protect the communications of their own
employees.
As Ryan Gallagher
wrote in Slate:
“The
technology uses a sophisticated peer-to-peer encryption technique
that allows users to send encrypted files of up to 60 megabytes
through a ‘Silent Text’ app. The sender of the file can
set it on a timer so that it will automatically ‘burn’ – deleting
it from both devices after a set period of, say, seven minutes.
Until now, sending encrypted documents has been frustratingly difficult
for anyone who isn’t a sophisticated technology user, requiring
knowledge of how to use and install various kinds of specialist
software. What Silent Circle has done is to remove these hurdles,
essentially democratizing encryption. It’s a game-changer that
will almost certainly make life easier and safer for journalists,
dissidents, diplomats, and companies trying to evade state surveillance
or corporate espionage.”
The burn feature
is extraordinarily valuable. It can mean the difference between
life and death for someone who uses a phone to film an atrocity
in a danger zone and transmits it to a safe remote location. Seven
minutes later, it disappears from the source, even if the phone
is seized and its contents examined.
Additionally,
Silent Circle “doesn’t retain metadata (such as times and dates
calls are made using Silent Circle), and IP server logs showing
who is visiting the Silent Circle website are currently held for
only seven days. The same privacy-by-design approach will be adopted
to protect the security of users’ encrypted files. When a user
sends a picture or document, it will be encrypted, digitally ‘shredded’
into thousands of pieces, and temporarily stored in a ‘Secure
Cloud Broker’ until it is transmitted to the recipient. Silent
Circle … has no way of accessing the encrypted files because the
‘key’ to open them is held on the users’ devices and
then deleted after it has been used to open the files.”
The Silent
Suite, a subscription to which costs US $20/month, covers the communications
spectrum with four features:
Silent Phone
works on iPhone, iPad, Android, Galaxy, and Nexus, and provides
encrypted, P2P, HD mobile voice and video over 3G, 4G, Edge, and
WiFi, “with almost no latency” and no possibility of anyone (including
the company) listening or wiretapping. The cryptographic keys involved
are destroyed at the end of the call.
Silent Text
allows the user to send P2P encrypted material – business documents
(Word, Excel, Powerpoint, Pages, Keynote, PDFs, CAD drawings, etc.),
any file, any movie, any picture, map locations, URLs, calendar
invites – and then delete them with its “Burn Notice” feature.
Silent Eyes
allows for encrypted HD video and voice transmission using a laptop
or desktop device. It’s compatible with all Windows operating
systems.
Silent Mail
encrypts email with PGP Universal. It will run on smartphones, tablets,
and computers using existing mail programs such as Outlook and Mac
Mail. Absolute privacy is ensured with a silentmail.com email address
and 1 Gb of encrypted storage.
This is not
intended as an endorsement of Silent Circle, although we heartily
approve of what the company is trying to do, and the other above
references by no means represent an exhaustive guide to securing
your communications. But they will point you in the right direction
and perhaps spur you to action. A basic search will turn up dozens
more options. Carefully study what each offers, read reviews from
sources you trust, determine the service best suited to your particular
needs, then just sign up.
However, we
all have to accept the cold, hard fact of the matter, which is that
this cat-and-mouse game is likely to be with us for a very long
time. Those who believe they have the right to spy on us will develop
ever more sophisticated ways of doing it. Those who believe we have
a Constitutional right to privacy will fight tooth and nail to protect
it.
It’s possible
that the one side eventually will develop an unstoppable offense
or that the other will come up with a defense that can’t be
breached. But that’s not the way to bet.
In the end,
technology is completely neutral. It will evolve with no regard
to how it is used. Expect those cats and mice to continue chasing
each other, around and around and around. And make do with the best
that is available to you at any given time.
July 5, 2013
Doug Hornig is a writer for Casey
Research.
Copyright
© 2013 Casey
Research
Republished with permission from: Lew Rockwell