The NSA surveillance scandal is rooted in the Bay Area. Who was involved, when did it start -- and how can you protect your privacy?
The domestic telecom surveillance program doesn't grant intelligence agencies automatic access to what's being said over the phone, but it requires major carriers, including Verizon, Sprint, and AT&T, to forward all "metadata" to the NSA. Metadata can be quite revealing. It can show that an elected official communicated with a powerful CEO just before casting a key vote, or whom a reporter spoke with just before breaking a significant national news story.
"The laws of physics do not let you lie about cell phone location," explains Chris Soghoian, principal technologist with the American Civil Liberties Union's speech, privacy and technology project.
Eleanor Saitta is a systems analyst with the Open Internet Tools Project and the International Modern Media Institute, working on an encrypted communications project called the Briar communications tool. "What's not clear yet, is whether [the NSA] is extracting full-time location information," Saitta notes, spotlighting a looming question about the domestic spying program with serious implications. This full-time information is automatically logged by telecoms anytime a mobile device is on.
PRISM is understood to be able to sweep in the contents of vast amounts of communication between the U.S. and foreign nations. However, Soghoian and Saitta note that some tools can provide a higher degree of privacy.
For web browsing, Tor (torproject.org) is free software that provides online anonymity by bouncing communications through a randomly distributed network. (Caution: Read up on it for some important do's and don'ts, like why you shouldn't log into your bank account while you're running Tor.)
Tor doesn't hide the content, only the location that a message is being sent from. But it can be run in conjunction with CryptoCat (crypto.cat), a web plug-in that supports encrypted instant messaging. There's also the option of using Off The Record (OTR) messaging with either Jitsi (jitsi.org) or Adium (adium.im), both IM clients.
For mobile devices, Saitta suggests looking into TextSecure for SMS messaging, and RedPhone for voice calls. For other ideas, visit the resource guide compiled by the Tactical Technology Collective (alternatives.tacticaltech.org). It features detailed information on alternatives that afford a higher degree of privacy, such as Duck Duck Go, a search tool that won't aggregate data about your queries; RiseUp, an alternative email provider run by a collective dedicated to security; Gibberbot, an open-source Android application that helps you manage IM accounts and uses OTR software; ChatSecure for iPhones and other iOs devices; Orbot and Orweb, to facilitate anonymous browsing on Android devices, and other programs.
It's important to remember that with any of these software options, as Saitta says, "There are no guarantees. This comes as close as we know how to get."
Nor do any of these options effectively shield mobile users from the collection of metadata. "The domestic program that is affecting most Americans is something that no one can effectively hide from," Soghoian notes. "And that sucks." (Bowe)
Timeline: NSA spying in Silicon Valley and SF
Mark Klein, a technician at AT&T, learns of the existence of a secret room being built in cooperation with the National Security Agency at AT&T's San Francisco facility on Folsom Street.
The New York Times breaks the news that the NSA "has gained the cooperation of American telecommunications companies to obtain backdoor access to streams of domestic and international communications."
January 31, 2006