Arming Yourself Against Surveillance: An Experiment in Operational Security

“Liberty is the possibility of doubting, the possibility of making a mistake, the possibility of searching and experimenting, the possibility of saying No to any authority — literary, artistic, philosophical, religious, social, and even political.” ― Ignazio Silone

-- By KatherineHamm - UPDATED ESSAY

I. The Experiment: Practicing Saying No to Any Authority, Even Political

After learning about the myriad threats to our digital privacy over the course of the semester, you may be wondering (like I am) how best to protect yourself from these threats. You may feel overwhelmed, frustrated, confused, or even hopeless at the prospect of trying to effect change. I have certainly felt all of these things. You may have rejected the majority of what was said in class because either you couldn’t understand it or couldn’t believe it. Or perhaps, you simply needed to find ready solutions to balance the looming dangers. Here are some I’ve found.

In the experiment, I will explain several “user-friendly” solutions and test them personally, providing my user experience feedback in the hopes that you may be better informed to make your choices as a result. The idea is to highlight a few options that are out there, not to pass judgment.

II. Technology Created the Problem and Offers the Fastest Solutions

In class we often discussed the pillars supporting our current regime of digital surveillance: technology, politics, and law. Of these three, technology enabled the tracking and surveillance of individuals and made it profitable by helping companies target ads. By studying their web-browsing and purchasing habits, individual companies created unique profiles of users to extract profits through targeted marketing. Social media sites fueled the consumer economy by inspiring envy and offering platforms for tailored ads.

Corporate surveillance might seem nefarious and invasive enough to have caused concern from a consumer’s perspective, but the scope of the problem was much larger than the average consumer could have known due to the interconnectedness of the system and its unregulated nature. Particularly because once surveillance technology was available, the government employed it for its own purposes without citizens’ knowledge or consent (e.g. NSA activities , location data , data storage , tracking on social media , third party sharing ). Thus, surveillance technology grew from the consumer economy unsupervised and it evaded the traditional regulatory checks of law and politics by expertly aligning the profit-maximizing incentives of corporations with the political agenda (surveillance, classification, and control).

As tech industry leaders have reminded us, we are the last generation that has a choice about what the landscape of data privacy and individual liberty will look like in the future. Many of these solutions will need to be regulatory changes, but technology permits us each to take steps immediately.

III. Freedom is Individual Choice

To begin, I’ll outline some suggestions made by Edward Snowden in an interview he gave last month to Micah Lee. Snowden believes that encryption is important for everyone because, as we now know, the NSA is collecting data on everyone. He suggests is using an app called Signal (formerly RedPhone? ) to encrypt phone calls and text messages. Download and usability were easy; however, because Signal requires encryption on both ends of the communication, you can only access contacts that already have the app. Therefore, you’re going to need to convince your friends and family members to download the app individually before it can replace your usual methods of communication.

To keep passwords secure, Snowden suggests that we consider using a password manager, which generates unique passwords for every site you use without requiring you to memorize them. In this way, the password manager prevents the situation where a hacker obtains your password from one account and then is able to hack all of your accounts that use the same password. This is a relatively easy way to keep your accounts from getting hacked that requires minimal effort.

Another way to keep passwords secure is to use two-factor authentication before logging in—where the provider sends a message to your phone or other secondary device that you must enter in addition to logging in on the computer. Two-factor authentication prevents against a situation where a physical computer gets corrupted such as an “evil maid attack” . You may have used two-factor authentication in the workplace before. I think it’s a bit of a hassle for personal daily use. However, if you’re handling secure documents, such as legal documents, it seems like a reasonable measure to take to protect that highly sensitive information.

A quick and easy thing to do is to put a post-it over your webcam. I’ve been doing this for years without really knowing why. With the availability of remote access tools (“RATs”), hackers can turn on your webcam remotely without your knowledge. One particular program was distributed to “thousands” of people by an organization called Blackshades and has affected over 700,000 victims since 2010. You probably don’t want to be one of them .

Other personal choices you might consider are turning off location data on your smartphone (including on your camera), deactivating social media sites, using a more secure email server than Gmail, installing an ad-blocker , using anonymous transportation , and limiting your use of electronic payments both to prevent fraud and theft and to limit consumer profiling and price discrimination.

IV. Global Solutions: FreedomBox and TOR

While making some of the changes above will improve your personal operational security, widespread solutions are necessary to reverse the direction of the surveillance state. Currently two solutions stand out for creating secure communication over the net. The Onion Router or TOR is a network that enables secure communication by (onion) routing through disparate nodes that an adversary has difficulty tracking. Another solution is FreedomBox , a technology that promotes everything from free software to secure social networking.

The principle behind both of these technologies is community. They are networks that rely on users like us to opt in. Therefore, we must consider whether tightening personal operational security satisfies us fully and whether we’re ready to take the next step toward building anonymous, secure, and truly free virtual communities.

References

https://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html http://www.darkreading.com/risk-management/7-facts-about-geolocation-privacy/d/d-id/1105877? http://www.wired.com/2012/03/ff_nsadatacenter/ http://fox59.com/2015/07/24/privacy-of-users-social-media-accounts-are-now-at-risk/ http://www.theatlantic.com/technology/archive/2013/12/what-you-need-to-know-about-the-third-party-doctrine/282721/ https://theintercept.com/2015/11/12/edward-snowden-explains-how-to-reclaim-your-privacy/ https://whispersystems.org https://www.aclu.org/blog/five-ways-keep-your-data-safe-right-now http://www.trustedcomputinggroup.org/resources/evil_maid_attacks_on_encrypted_hard_drives http://www.motherjones.com/politics/2014/05/blackshades-malware-remote-access-webcam-fbi http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams/ http://www.wnyc.org/story/ad-blocker-bloodbath/ http://techcrunch.com/2015/07/29/how-uber-can-protect-consumer-privacy/ https://www.mainstreet.com/article/consumers-dont-trust-mobile-payments-cash-remains-most-secure-payment-method/page/4 http://lifehacker.com/what-is-tor-and-should-i-use-it-1527891029 http://freedomboxfoundation.org/

Okay, everything you've always thought is right. That makes it convenient to move on to something new. The factual discussion of the metadata colllection program and the FISA court doesn't really make good copy here, because it's too compressed to be accurate and too small a part of the overall picture to be worth the space you're giving it. But if you've always thought all this, and we don't have to be weighed down with small details or phony versions of THE history of censorship, what is the central idea? Let's try a draft that leaves all that decoration on the cutting room floor, and goes straight to the new idea. No general rhetoric, only the most immediately material facts, and a single central idea, of yours not someone else's, whose development we can watch and whose consequences we can ponder.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.