Risk
6/12/2013
12:59 PM
50%
50%

7 Tips To Avoid NSA Digital Dragnet

These apps will keep your cell phone calls under wraps -- if the NSA hasn't already found a way to break them.

3. Silent Circle, For Encrypted Voice, Email And More.

Silent Circle is a relatively new and well-reviewed service for providing encrypted voice communications domestically. In the wake of the Prism scandal and "massive demand," the company announced that it's dropped the price of its annual subscription package for four services: encrypted mobile calls, encrypted text messaging, encrypted VoIP audio and video calls, and encrypted email. The company says it's been independently audited to ensure there are no backdoors for eavesdropping on service users.

One caveat with the service, however, is that for communications to remain fully encrypted in transit, they must be made between two Silent Circle subscribers. Still, that might appeal to businesses or activists worried about their communications being intercepted, or the identity of people they're speaking with tracked.

4. Redphone, For Secure Android Calls, Texts.

Android users, meanwhile, can get secure voice calls and texts via open source software from WhisperSystems. Redphone enables encrypted calling between two devices that use the software. TextSecure encrypts texts. Both applications have been audited to ensure they don't contain backdoors. As with Silent Circle, one caveat is that people on both sides of the conversation must be using the software.

5. PGP, For Data Encryption.

What else is possible? PGP -- or its open source equivalent GPG -- can be used to encrypt data and emails, but many people find it difficult to use. Notably, Snowden had to send a homemade video to Greenwald, showing him how to set it up.

6. Power Down Your Phone.

Mobile phone users can pull a Jason Bourne and remove the battery from their cell phone when they're not using it, thus preventing the device from pinging cell towers and revealing their approximate location. But as soon as you put the battery back in, you'll be trackable again, because the network has to reach your phone to provide voice and data services.

As Christopher Soghoian, principal technologist and senior policy analyst for the ACLU's Speech, Privacy and Technology Project, told the Post, "The laws of physics will not let you hide your location from the phone company."

7. Expect Metadata To Be Captured.

For any unencrypted call made using your cellphone, the metadata can be -- and probably is being -- intercepted. From an intelligence standpoint, metadata is a goldmine: one Nature study suggests that by cross-referencing "human mobility" metadata, only four location points -- involving location and time -- are required to uniquely identify someone 95% of the time.

In other words, there's no way to use a mobile phone and avoid metadata capture.

The services detailed above, however, will at least encrypt your communications, avoiding capture via programs such as Prism. That said, they carry usability caveats, as well as integrity worries: what if the NSA's cryptographic capabilities already allow it to successfully defeat those services, or it's found an exploitable vulnerability that accomplishes the same result?

Then again, if you think about these things too much, you might want to join the tinfoil hat crowd. At a certain point, anyone who opts for encrypted communications will have to trust in the available, audited tools.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mathew
50%
50%
Mathew,
User Rank: Apprentice
6/14/2013 | 8:48:02 AM
re: 7 Tips To Avoid NSA Digital Dragnet
More good advice (besides VPN): "Figure out what you are trying to protect (and from whom), separate it from everything else, and then select tools, techniques and procedures that will enable you to protect it."
http://grugq.github.io/blog/20...
Mathew
50%
50%
Mathew,
User Rank: Apprentice
6/14/2013 | 8:46:33 AM
re: 7 Tips To Avoid NSA Digital Dragnet
I don't know, but you'd imagine they'd have taken care of landlines ages ago.
HildyJ
50%
50%
HildyJ,
User Rank: Apprentice
6/13/2013 | 3:46:01 PM
re: 7 Tips To Avoid NSA Digital Dragnet
If you are truly concerned, buy a prepaid phone that can be refilled with cards available at a grocery store. Use cash. Then keep the battery out and don't use it from your home or office. Add this to the Information Week tips and you should be reasonably safe.

Broad surveillance like the NSA's is best at catching stupid people. The kind that would email an al-Qaeda website and ask how to join.
Terabyte Net
50%
50%
Terabyte Net,
User Rank: Apprentice
6/13/2013 | 12:35:39 PM
re: 7 Tips To Avoid NSA Digital Dragnet
Taking the battery out is nice but some of the most popular phones do not allow that any more, say iPhone, Razr, etc... Wonder if Apple and Motorola are working with the Feds on phone design? Just sayin'...
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0750
Published: 2015-05-22
The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786.

CVE-2012-1978
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admi...

CVE-2015-0741
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.

CVE-2015-0742
Published: 2015-05-21
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registrati...

CVE-2015-0746
Published: 2015-05-21
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.