How to Beat the Heat: Anti-Surveillance 101

Aug 1, 2008

The Ohm Project

Governments around the world, with the help of multinational corporations, are rapidly eliminating the zone of privacy to which we are all entitled as living, breathing human beings.

Once upon a time, there were jurists like William O. Douglas and legislators like Frank Church who stood as bulwarks against such intrusions in the United States, but authoritarians have largely captured the American federal courts and Democrats in Congress—’nuff said.

So who’s going to protect your privacy in the face of this international threat?

You’re going to have to do it for yourself.

If you get aggressive about protecting your privacy, it will do two things. First, you may actually be able to reclaim some of that umbra and penumbra that William O. said we were guaranteed by the Constitution. Second, and perhaps more importantly, it will make the government/corporate snoops’ job much harder. If enough of us do a good job of protecting our Internet privacy, their current surveillance techniques aimed en masse at the public will collapse of their own weight.

And the result just might be more effective law enforcement.

Here’s a few things you can do along with answers to the common objections:

  1. Use Open Source software.

Proprietary software, like MS products, can contain back doors that only the maker and the snoops know about. That won’t work with open source. Use Firefox for a browser. It’s easy to download and is a far superior product to IE. While you’re at it, get Thunderbird to use as a mail client. It even has an easy-to-use encryption add-on called (cleverly) Enigma, which leads us to our second point.

  1. Encrypt, encrypt, encrypt.

Whenever we mention this, the naysayers show up with two objections:

a) “The CIA/FBI/NSA/Illuminati already have ‘the key.'” That’s ridiculous. There is no single “key.” Instead, you create a fresh key for yourself. Open source software like OpenPGP even use your random mouse movements to create the key on the spot. You can even use a passphrase that further protects the key. The only thing that determines breakability is the type and level of encryption. You can read about the former here, and as far as the latter goes, they’ll have smoke coming out of their supercomputers if they’re going to try and break something at 256 bits or above.

b) “You’ll just make yourself look guilty.” I’ve spent some time in Eastern Europe. People in their 40s and older were used to never sealing their envelopes because they knew their mail was being opened. Many still don’t seal them because they’re concerned it will make them “look guilty.” To hell with that attitude. It’s my right to seal my envelopes and to use encryption. If it draws attention to the first wave of people that use it, well you have to start somewhere. If Rosa Parks had enough nerve to stand up to that bus driver and all the power that was behind him, I can surely exercise my right to encrypt my communications.

  1. Don’t trust “the man.”

Most corporations are anxious to cooperate with the governments that regulate (and financially rescue) them. Skype, owned by PayPal/eBay has a back door they been giving–maybe even selling–to governments around the world. This is in spite of the fact that they claim your encryptions are private and encrypted. McAfee’s CEO was glad to offer a back door to the FBI’s trojan, “Magic Lantern.”

  1. Use VPN

VPN, Virtual Private Network, is how road warriors connect to the corporate LAN when they’re traveling. The idea is to provide a secure, encrypted connection out in the very dangerous wild. The same technology can be used to do important things for privacy seekers:
a) change your IP address so that it cannot be traced–Chinese dissidents have been using it for this purpose as Jamie Fallows learned when he lived in China earlier in the year;

b) lock out your ISP from deep packet inspection–your ISP can know everything you’re doing online right down to the keystrokes, but the encrypted tunnels of a true VPN lock them out.

When choosing a VPN, consider whether they have offshore servers and take a close look at how much information they collect on you.

  1. Put your confidential data on a server, encrypt it and access it from your computer that way.
  1. Disable as much as you can of the built-in snooping devices loaded into your computer and browsing software:

a) cookies–at least dump them when you leave a site;

b) Active X–it can do some very scary things;

c) Bluetooth–English cops have had a little experiment using Bluetooth to track whereabouts and social connections

Remember a few things about this surveillance effort:

  1. it’s international–the same things happening in the U. S. are taking place in Europe, even places like Sweden;
  1. it’s multi-faceted–financial data, social connections, travel, surfing, searching and purchase habits–they want to profile you to determine if you’re a potential “threat;”

3)it can be effectively countered with the techniques listed above plus others.