The massive data collection taking place at over 50 companies that we know of so far including Google, Yahoo, Facebook and all the other internet household names, was nothing new to anyone paying attention. From my personal knowledge, the collection of internet data and emails has been going on since at least 1997. I became aware that year when touring our ISP’s colocation facility. The person who worked for the ISP told us point blank “that’s the NSA room over there” and that “they were collecting email, web site visit URLs and the like directly from the incoming and outgoing traffic”. Our jaws hit the floor when we realized what he had said. The scope of this spying predates 9/11 by years and it covers the entire internet, so you can’t say it started with that event. It started from the beginning of the internet and today the public is shocked at the scope of this operation; it’s worldwide and impacts everyone who has ever used the internet.
Today, we know the NSA has built a monstrous facility in Bluffdale, UT with over 1 million square feet at a reported cost of $2 billion to store and process all of these records. This facility turns worthless raw data into actionable information by cleaning it up and processing it, like an information refinery. This information can be used to identify individuals and their computers, track their email, comments they make, log their personal contacts networks and so on. It’s also merged with credit card purchase information, criminal and driving records, property ownership, etc. A person’s data can tell you quite a bit of valuable information about them that can be used in the future to determine which action to take against them (the “red list”). With all the different places they collect information, it’s basically everything on everyone who has ever been online or used a phone and everything is combined into a highly usable data record. Much of it is publicly available on Facebook, Linkedin and all those other places James has been warning you about for years! You’ve done this to yourselves if you are a Facebook or social media user! Whatever you say online is forever in a computer somewhere!
Is this legal? Yes and no. Do you remember carefully reading the terms of service for that free email account with [name of famous high tech company here]? Of course, you didn’t read it. You ticked the box “Agree to our Terms” and said OK. You contractually agreed to allow this company to hand over any data they have on you to the government if they were presented with a court order and it’s legally binding. Now, according to Sen. Feinstein there has been a blanket order, covering nearly everyone, “As far as I know, this is the exact three-month renewal of what has been the case for the past seven years,” Feinstein said, as if this is completely normal to spy on everyone. All of that data has been handed over and YOU gave it your blessing by agreeing with the terms of service when you signed up! Stop using their services, delete all the information and move to a smaller service or run your own email server, if you know how to do that.
However, it’s also very likely that the additional data being vacuumed up at the facilities of ISP’s in the US and a few other countries may not be legal. The 4th amendment to the U.S. constitution protects citizens from unwarranted searches and seizures, even though many judges and lawmakers seem to have forgotten these concepts. If you are outside the U.S., you are still being spied on, too. Your data may have gone through the U.S. on it’s travels because the extensive internet infrastructure here can make it cheaper to send packets from somewhere in the EU to the U.S. and back to someplace in the EU. The NSA also routinely collects data from many locations outside of the U.S., which does provides valuable intelligence on enemies of the U.S. To expect zero spying is probably not reasonable, but the scale of this operation make this a “wonder of the world” because there has never been this level of spying on people in history.
Why are some people so concerned about this? Actually, Pew Research put out a poll yesterday that said that “A majority of Americans – 56% – say the National Security Agency’s (NSA) program tracking the telephone records of millions of Americans is an acceptable way for the government to investigate terrorism, though a substantial minority – 41% – say it is unacceptable.” You are here at Unsene, so I’ll make the assumption that you are in the 41%.
The problem is this kind of data can be very valuable or damaging in the wrong hands. The NSA leaker, Edward Snowden, who had access to this system, was a CONTRACTOR from Booz, Allen. If a contractor like Snowden, a high school dropout with a GED, had access to this kind of system, how many other contractors and government employees have access to this kind of information? I’m going to guess that at least tens of thousands of people have some access to this treasure trove of information. According to a 2012 report by the Director of the National Intelligence, an estimated 1.4 million people hold “top secret” security clearances. Each person who has access is a potential place for a leak to occur.
There are many questions about the security of this data. Could Chinese hackers break their way into this and gain information on our politicians for blackmail purposes? Or would political opponents have this data used against them by an administration bent on crushing any dissent, like we just experienced with the IRS? Could favored businesses gain an unfair advantage going through the private email and communications of their competitors? Would a top secret cleared contractor take an envelope with $50,000 in it and hand over some data? All this data in one easy to use place is a giant temptation for abuse and the track record of protecting it is not reassuring. History shows that information like this will be abused by those in power.
What can you do about this? Most electronic communications like email is transmitted “in the open”, like a post card. Anyone who gets a copy of it can read it. Some services like Skype use encryption, but they keep the key and they can also read your messages and legally share copies with various governments, including the Chinese (via their deal with . A part of the solution is to encrypt or scramble your messages so only the sender and receiver can read it. For many types of communications, this is probably the best approach, but it’s not perfect as I will explain.
You should never use the internet or electronic communications for your most sensitive communications as all phone calls, text messages, email, voice over IP, email, and chat are captured and stored. We used to assume this but now we know this is true. Even what used to be high-powered “top secret” encryption like AES256 is no longer secure from cracking. I’ve been told by people I trust, “if it’s publicly available, it’s been cracked” and I believe it. In the early 1980’s, while we were using 6 Mhz PC’s at work, a friend of mine told me “at Skunkworks, they are using 2 Ghz gallium arsenide processors”. If you look under the hood of your current computer, that’s pretty close to what you now have 30 years later. What the spies are now using is probably 30 years ahead of what you have today, and you should assume they have massive quantum computers. For about $10 million today, you can buy quantum computer like Google just bought, which is about 10 billion times faster than today’s desktops and the spies have a lot more than that. For the commercially available quantum computer, this means a calculation that would take 30 years with your PC would take less than one second with a quantum computer. It can crack the strongest publicly available encryption in seconds. A government that can print unlimited amounts of money can buy whatever it wants, so you should assume that they and the largest corporations can easily break any publicly available encryption.
An updated “one time pad” encryption with very large one time use keys that are hand carried, not sent electronically, have the potential to be very secure for one to one communications because they are thought to be immune to cryptanalysis. Wikipedia has a good explanation of this cypher here: https://en.wikipedia.org/wiki/One-time_pad I believe this could be a part of the future of super secure communications for Survivalblog readers because you generate very large pads of keys and distribute them face to face to the recipients of your messages on a high capacity memory stick. This eliminates the possibility of someone grabbing the key while it’s being transmitted. The memory stick would only be used for a few moments when encrypting the message, to prevent it from being copied by a spy while you use it. You will no doubt see this method available in the very near future, even though it was invented in 1882 and rediscovered during WWI. This isn’t widely used today, because of the convenience and faith most had in the security of algorithms such as AES and public/private key systems (RSA) and the fact that one time pad doesn’t scale easily to large groups of people. We are in fact developing such a system at Unsene.com.
Another excellent thing to start doing is to build your own private and secure networks by stringing cables between houses or even using wireless access points in remote locations. You could choose to keep the network off the internet or tie it in. If you tie it in, everything on the net that isn’t secured via firewalls, etc. are at the same risk of attack. You can also get relatively inexpensive wireless point to point networks for about $3,000 that will transport 1.4 gigabits of data/sec over 10 kilometers. Clearly, the future is in private networks because someone can’t just look at your record at the NSA and decide you don’t deserve to use the internet anymore when you are on a private network.
Another major revelation from this NSA leak was: “They quite literally can watch your ideas form as you type,” an unnamed intelligence officer told Barton Gellman and Laura Poitras of the Washington Post. This is accomplished using keyloggers and other spyware, which record and transmit all of your key strokes and screens to the spies. As you type in your messages, before they are encrypted, spies are grabbing them and sending them back to their computers. The extent your own computer is likely compromised is also quite shocking. The NSA access system is apparently built into every version of the Windows operating system since Windows 95. There are no doubt versions for Mac and other computers, too. If you have ever walked into your office in the middle of the night and seen screens flashing around and the hard drive whirring, it’s possible you have one of these on your computer. If your computer is unplugged from the network (more difficult with wireless nets), nothing can be transmitted back, so that’s a stopgap measure. Another way to defeat these will be using special firewall software to limit the transmission of information packets from your computer to the spies and I expect this will be something developed in the near future.
For the most important things, you should only meet face to face WITHOUT your cell phones or in earshot of anything electronic with a microphone or camera. Even if they are turned off, the microphones can be enabled and transmit your conversation to the snoop, so at a minimum remove the battery from the cell phone or unplug the device from power. This type of spying happens routinely with Chinese Falun Gong practitioners here in the U.S. who escaped persecution in China; they are spied on by the Chinese government and it was discovered that cell phones that were turned off were still transmitting data back to China and used to imprison others still in China. Remove the battery and place the phone in another room if you are concerned about this kind of spying. If you receive an email from someone using gmail, Yahoo and the other services, these companies will be build a file on YOU, even though you never agreed to their terms of service and don’t have an account there. Don’t reply using that email, call or arrange another way to talk.
There are many other ways to increase your security that involve very low or no tech methods. Being more electronically secure can protect you against a wide range of threats, including identity thieves and spies. It would be great to hear from readers here of their ideas on their suggestions for practical ways to increase communications security, so leave a comment!