The Surveillance Scandals

06.08.13

How to Keep the NSA at Bay: The Tricks From Privacy Experts

Do government surveillance disclosures have you fearing Uncle Sam’s reach? Winston Ross looks at PGPs, secret phone apps, and burners like on The Wire to cloak your digital trail.

It’s a fairly safe bet that most people are in one of four camps about all this National Security Agency-spying-on-Americans business: uninformed, apathetic, pissed off, or paranoid.

For the uninformed, it’s probably a good time to get up to speed. Before you know it, Barack Obama will personally be hiding in your closet.

For the apathetic, dude, wake up: you think because you live in the suburbs and you work at an insurance company that Big Brother will never come for you? What about that affair with your office secretary last year? What if her brother gets caught up in some kind of sting operation, and they check his phone records and then her phone records, and then police show up at your door, asking why you called her 50 times last week, while your wife is sitting in the living room? What if they transpose a digit or two and mix you up with a suspected terrorist and break down your door in the middle of the night and shoot your dog? OK, never mind, just flip back to The Bachelor.

For those of you either pissed off or paranoid, it’s time you understand that there are plenty of ways to cloak yourself from Uncle Sam, especially if they’re not already parked in a white van outside your apartment building (if that’s the case, say even the most clever privacy advocates, you’re probably fucked).

But wait, you hardly ever use the Internet? Your digital trail is pretty small? Skip on over to Me & My Shadow if you believe that nonsense. There you can find out exactly what kind of a shadow your computer and mobile-phone usage casts. It’s pretty scary and fascinating.

For those of you still understandably freaked out, if you just want to avoid getting caught up in the dragnet, having your phone, email, and search histories handed over by some spineless attorney at Verizon or Google or Facebook, there are ways to hide from Uncle Sam:

Encrypt yourself. If you’re using Facebook and Gmail in the same Pollyannish fashion that most of us do, you gotta wrap that up. Get to know E2E (end to end) encryption, says Dan Auerbach, a staff technologist at the Electronic Frontier Foundation. It doesn’t mean you have to find some obscure email provider and kiss your (online) social networks goodbye, but it does mean if you want to have supersecret communication with certain supersecret people, you both must install software such as OTR to be all stealthy about it. Which software depends on which operating system and device you’re hoping to cloak, of course, but all that info is a few clicks away. “It’s very easy to use,” Auerbach tells The Daily Beast.

PGP it. A slightly beefier encryption option: PGP, short for “pretty good privacy.” That refers to software that can encrypt chat communications, emails, and more. Symantec offers one kind of PGP software, but there are many more options out there. Just remember that both sneaky users have to be using it, or it’s pointless.

The goal of all these tactics is to make it hard for the government to get you.

Make secret phone calls. Phone calls are a little tougher, Auerbach says. There once was a cool app called RedPhone that could encrypt phone calls, but it’s no longer being maintained. Nowadays, the best bet is probably Silent Circle, which last October released a “surveillance-proof” smartphone app that lets people make secure phone calls and text messages. The company has released a data-transfer version of the app that lets users send files—photos, spreadsheets, blueprints. The user can set a nifty timer that “burns” whatever’s sent from both devices after five minutes, or however long you want, Bond style.

Go even deeper. If you’re already under the microscope, doing whatever you’re trying to secretly do without detection is going to be pretty difficult. Most of what everyone’s in a tizzy about at the moment is the kind of broad, dragnet-style spying where the government gobbles up huge databanks and mines through them for links and clues. But if you’re foolish enough to press on with your evil plans anyway, three words: anonymize, anonymize, anonymize.

Tor is a good place to start. It’s a free software that routes your communication through a series of intermediaries, explains Smári McCarthy, the executive director of the International Modern Media Institute. It cloaks virtually everything you do on the Web: watch porn, buy drugs on Silk Road, stalk your ex’s Facebook page, watch porn, watch porn in one window while stalking your ex’s Facebook page in another, and so on.

Get a burner. If you don’t know what a burner is, go watch all five seasons of The Wire and then come back and finish reading this. (It’s great television.) If the NSA really wants to find out what you’re doing, it can make like a hacker and just break right into the software of whatever device you’re on using what’s known as a “zero-day exploit.” The only surefire way to prevent that is to be constantly changing up your devices.

The safest way to use a burner is not for very long, but buying a new cellphone, laptop, or tablet once a week can get expensive. If you want to hang on to the same one, advises Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, California, just be sure to take it to a crowded place every time you use it, and don’t bring any of your other devices with you. If the government matches up your burner use with a ping from a cellphone tower to your regular phone, you’re screwed.

More on that, from Weaver, here.

Cover your tracks.

If you stay logged in to Facebook (like most of us do,) then every single time you visit a Web page with a “like” button on it, that Web page is tattling back to Facebook that you just went there, Weaver says, which means the government can just subpoena Facebook records to figure out where you’ve been. Logging in and out all the time is a nuisance, of course. But so is having a SWAT team rip up your apartment. So at least set up your Web browsers to clear cookies all the time. That’s a start.

Check out Tails. It’s a little piece of software that can live on a thumb drive or DVD, and it can boot your whole operating system from any computer, any time. So you can set it up with all the encryption software you want, and it’s all preloaded.

OK, am I cool now? Probably not. If the government wants to get you, they’ll get you. The goal of all these tactics is to make it hard for the government to get you—hard enough that if they really want to muck around with your life, they’re going to have to invest in enough resources to sneak past the firewalls.

“What you can do is try to make it more expensive for somebody such as the NSA to monitor you successfully,” McCarthy told The Daily Beast. “If you keep raising the price, they’re either going to have to commit to targeting you as an individual or accept that they’re just not going to get your stuff.”