Risk
6/12/2013
12:59 PM
50%
50%

7 Tips To Avoid NSA Digital Dragnet

These apps will keep your cell phone calls under wraps -- if the NSA hasn't already found a way to break them.

3. Silent Circle, For Encrypted Voice, Email And More.

Silent Circle is a relatively new and well-reviewed service for providing encrypted voice communications domestically. In the wake of the Prism scandal and "massive demand," the company announced that it's dropped the price of its annual subscription package for four services: encrypted mobile calls, encrypted text messaging, encrypted VoIP audio and video calls, and encrypted email. The company says it's been independently audited to ensure there are no backdoors for eavesdropping on service users.

One caveat with the service, however, is that for communications to remain fully encrypted in transit, they must be made between two Silent Circle subscribers. Still, that might appeal to businesses or activists worried about their communications being intercepted, or the identity of people they're speaking with tracked.

4. Redphone, For Secure Android Calls, Texts.

Android users, meanwhile, can get secure voice calls and texts via open source software from WhisperSystems. Redphone enables encrypted calling between two devices that use the software. TextSecure encrypts texts. Both applications have been audited to ensure they don't contain backdoors. As with Silent Circle, one caveat is that people on both sides of the conversation must be using the software.

5. PGP, For Data Encryption.

What else is possible? PGP -- or its open source equivalent GPG -- can be used to encrypt data and emails, but many people find it difficult to use. Notably, Snowden had to send a homemade video to Greenwald, showing him how to set it up.

6. Power Down Your Phone.

Mobile phone users can pull a Jason Bourne and remove the battery from their cell phone when they're not using it, thus preventing the device from pinging cell towers and revealing their approximate location. But as soon as you put the battery back in, you'll be trackable again, because the network has to reach your phone to provide voice and data services.

As Christopher Soghoian, principal technologist and senior policy analyst for the ACLU's Speech, Privacy and Technology Project, told the Post, "The laws of physics will not let you hide your location from the phone company."

7. Expect Metadata To Be Captured.

For any unencrypted call made using your cellphone, the metadata can be -- and probably is being -- intercepted. From an intelligence standpoint, metadata is a goldmine: one Nature study suggests that by cross-referencing "human mobility" metadata, only four location points -- involving location and time -- are required to uniquely identify someone 95% of the time.

In other words, there's no way to use a mobile phone and avoid metadata capture.

The services detailed above, however, will at least encrypt your communications, avoiding capture via programs such as Prism. That said, they carry usability caveats, as well as integrity worries: what if the NSA's cryptographic capabilities already allow it to successfully defeat those services, or it's found an exploitable vulnerability that accomplishes the same result?

Then again, if you think about these things too much, you might want to join the tinfoil hat crowd. At a certain point, anyone who opts for encrypted communications will have to trust in the available, audited tools.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mathew
50%
50%
Mathew,
User Rank: Apprentice
6/14/2013 | 8:48:02 AM
re: 7 Tips To Avoid NSA Digital Dragnet
More good advice (besides VPN): "Figure out what you are trying to protect (and from whom), separate it from everything else, and then select tools, techniques and procedures that will enable you to protect it."
http://grugq.github.io/blog/20...
Mathew
50%
50%
Mathew,
User Rank: Apprentice
6/14/2013 | 8:46:33 AM
re: 7 Tips To Avoid NSA Digital Dragnet
I don't know, but you'd imagine they'd have taken care of landlines ages ago.
HildyJ
50%
50%
HildyJ,
User Rank: Apprentice
6/13/2013 | 3:46:01 PM
re: 7 Tips To Avoid NSA Digital Dragnet
If you are truly concerned, buy a prepaid phone that can be refilled with cards available at a grocery store. Use cash. Then keep the battery out and don't use it from your home or office. Add this to the Information Week tips and you should be reasonably safe.

Broad surveillance like the NSA's is best at catching stupid people. The kind that would email an al-Qaeda website and ask how to join.
Terabyte Net
50%
50%
Terabyte Net,
User Rank: Apprentice
6/13/2013 | 12:35:39 PM
re: 7 Tips To Avoid NSA Digital Dragnet
Taking the battery out is nice but some of the most popular phones do not allow that any more, say iPhone, Razr, etc... Wonder if Apple and Motorola are working with the Feds on phone design? Just sayin'...
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-5367
Published: 2015-08-27
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors.

CVE-2015-5368
Published: 2015-08-27
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors.

CVE-2013-7424
Published: 2015-08-26
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to pin...

CVE-2015-2139
Published: 2015-08-26
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403.

CVE-2015-2140
Published: 2015-08-26
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.