Posted on 11/20/2012 11:18:59 AM PST by sheikdetailfeather
There is frequently talk of warrantless spying on citizen communications and online data, but what about how the government and law enforcement can track people — legally? With the scandal between the former CIA Director Gen. David Patreaus and his former mistress Paula Broadwell coming to light thanks to content stored in an email account, many have begun to wonder about the privacy of their own communications.
Tech experts say it really comes down to outdated laws. Laws which Congress is expected to update soon, but this update might not be in favor of more privacy.
TheBlaze spoke with “ethical hacker” Michael Gregg, the COO of Superior Solutions and author of a dozen IT security books, who said most people have no idea how much information about them is readily available in the digital age.
“It’s not the 1990s anymore. We’re in a Brave New World.”
The scarier part though is when people don’t even care. As Chris Weber with Casaba, a security consulting firm, said in an email, the sentiment of many regarding surveillance of their communications is that they don’t care since they’re not doing anything bad.
(Excerpt) Read more at theblaze.com ...
Encryption is available, you can use it if you want.
But most people really don’t care.
Encryption probably raises a big red flag, and they likely have stuff in place that will blow right through it. Obfuscation of some kind might be a better bet, but they likely have technologies that can sniff that out as well.
Myself, I’m gonna start using carrier pigeons!
1. With regards to cell phones and triangulation: turn off GPS services. I stress this to anyone with a smartphone. Not only does GPS decimate battery life, it's basically a tracker for everywhere you've been. Turn it off in your settings unless you need it (i.e. traveling).
2. With regards to landlines: either don't have one or only use yours for emergencies. Most households don't have landlines anymore. We personally don't use one, as I have a HAM radio setup on battery backup if the SHTF.
3. With regards to social media: DON'T USE IT! I live a very happy life without social media. Most people say they can't live without it, but I challenge anyone to try. It's really not that hard. You won't miss those updates from your sophomore-year college roommate's best friend's dog's sister's second cousin, and if your mother needs to talk to you, she can call or stop by.
Otherwise, spend $25 on a digital certificate and encrypt the Hell out of everything you own. Two- or multi-factor authentication (i.e. password AND certificate or USB key or biometric reader) is the safest way to ensure no one can break into an account. Use a password safe (I LOVE
1. With regards to cell phones and triangulation: turn off GPS services. I stress this to anyone with a smartphone. Not only does GPS decimate battery life, it's basically a tracker for everywhere you've been. Turn it off in your settings unless you need it (i.e. traveling).
2. With regards to landlines: either don't have one or only use yours for emergencies. Most households don't have landlines anymore. We personally don't use one, as I have a HAM radio setup on battery backup if the SHTF.
3. With regards to social media: DON'T USE IT! I live a very happy life without social media. Most people say they can't live without it, but I challenge anyone to try. It's really not that hard. You won't miss those updates from your sophomore-year college roommate's best friend's dog's sister's second cousin, and if your mother needs to talk to you, she can call or stop by.
Otherwise, spend $25 on a digital certificate and encrypt the Hell out of everything you own. Two- or multi-factor authentication (i.e. password AND certificate or USB key or biometric reader) is the safest way to ensure no one can break into an account. Use a password safe (I LOVE KeePass) that generates random (>128 bit) passwords and use it to log in to websites from a trusted computer. I deliberately set my banking and investments passwords to a 32-character random set of numbers, letters, and symbols that I can only access from my home computer to prevent anyone from snooping on me accessing it from a public terminal or wifi from my phone or laptop.
The tools are out there, folks. Read up about them and learn how to use them. You can bet your bottom dollar that the Feds are!
I think it goes a little deeper than electronic communications from you to another.
Communications about you between your doctor to your insurance company for example.
You have control over your direct communications. You have zero control over indirect communications.
Encrypted emails and communications go across worldwide networks every second. I guarantee you that it doesn’t raise any red flags, and I urge you to look into it.
With a 2048 bit certificate, it would take the world’s most powerful computer arrays over a decade to crack the encryption. There’s no real way to “blow right through” a securely encrypted message. Unless they really want to know what you’re communicating to your old aunt Bess, they’re going to put off trying to brute-force your encryption hash and dedicate computing resources to the Mohammeds and Husseins of the world for now.
The quickest and cheapest way you can protect yourself right now is to use a password locker that encrypts itself (I like KeePass). Assign the database a complex password that you can remember (hint: use spaces and characters in the password to add complexity), and then have the password locker assign random character passwords for all of your accounts to prevent brute force and dictionary attacks on your stuff. You can load the program and the database on a secure, encrypted thumb drive and anytime you need to login to something while you’re away from home, just open it up and have it auto-populate your password fields.
We live in a world where just having a simple “ILoveMom” or “Passw0rd1234” passwords don’t cut the mustard. There are entire botnets dedicated to brute force attacks on Facebook, Twitter, video game networks, and even corporate webmail portals. Protect yourself and learn some basics to keep a leg up on the “script kiddies” who want to defraud you.
Decent advice but it fails to account for the fact that the feds intercept, review and catalog all of our phone calls, emails, texts, web searches and electronic commercial transactions.
Unless one chooses to live in a cave, you're already subject to the unconstitutional surveillance dragnet that both parties have and continue to support.
You can very easily slow them down if not divert their efforts outright, FRiend. Phone calls and text messages, yes, you’re at the whim of your provider, and most of them will willing give into government requests.
You have a LOT more control over your computers, however. Until they outlaw encryption tech, they can’t read what you’re doing online without your permission.
First thing you should do is invest in a TPM (Trusted Platform Module) for your computer if your motherboard supports it. This is a digitally-fingerprinted encryption module that is as unique as a fingerprint and specific to your computer’s configuration and utilizes a hash that is so complex as to be impossible to crack without utilizing quantum computing technology not yet available.
With that TPM, you can then encrypt your hard drives or at least portions of them. I create a few encrypted “shards” on my main disks. On those shards, I keep valuable information about my identity, bank accounts, investment information, and most importantly: my browser cache.
I use Firefox, and you can set it up where your profile (e.g. browser cache) is stored on this encrypted shard. It contains every last thing about where you’ve been, what you’ve downloaded, history, bookmarks, everything. Without it being loaded, Firefox won’t even start. Without the multi-factor password and certificate hash, no one can get into it. They can arrest me and torture me until I’m dead, but only I can give them access with the information in my brain.
Invest in a digital certificate, invest in a TPM, download a password locker, and keep an encrypted thumbdrive handy for secure data. Lock that in a safe or a bank safe deposit box, and you’ll be as secure as you possibly can be without doing as you suggest and live in a cave.
an RFID blocking wallet for your driver licence couldn’t hurt either.
My guess apps, and phone company can enable your phones gps,
buy one that doesn’t have e911.
your car also has a black-box.
Our DLs don’t yet have RFIDs, but you can bet your life I’ll be disabling it by hammer or microwave when they do.
Apps and providers cannot surreptitiously enable GPS on a phone. What I mean by that is that your phone will show that the GPS is on if it’s working. I have an iPhone 4s, and I keep my GPS off. The setting is under Settings > Privacy. I don’t turn it on except for when I need directions somewhere. From everything I read, it’s not possible to turn it on without user knowledge.
E911 is not a two-way function. It’s only activated when you actually dial 911 from your phone.
An automotive black box can be disabled with a very well-placed paper clip. Or just buy a pre-1990 car. I’d prefer a 1972 Chevelle SS 454 myself. One saving grace is that the black box interface is on the inside of the car.
Slow down? Maybe. Stop or divert? Fat chance.
Phone calls and text messages, yes, you’re at the whim of your provider, and most of them will willing give into government requests.
They don't even have to "give in" anymore. The feds are tapped into the computers/networks of telecommunications companies with their support.
This is a digitally-fingerprinted encryption module that is as unique as a fingerprint and specific to your computer’s configuration and utilizes a hash that is so complex as to be impossible to crack without utilizing quantum computing technology not yet available.
The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)
From the above link --
"But “this is more than just a data center,” says one senior intelligence official who until recently was involved with the program. The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes. And code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications—will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US."
With that TPM, you can then encrypt your hard drives or at least portions of them. I create a few encrypted “shards” on my main disks. On those shards, I keep valuable information about my identity, bank accounts, investment information, and most importantly: my browser cache.
What is the use in encrypting your private info on your own computer when the feds can and do just get it directly from the banks, etc?
I use Firefox, and you can set it up where your profile (e.g. browser cache) is stored on this encrypted shard. It contains every last thing about where you’ve been, what you’ve downloaded, history, bookmarks, everything. Without it being loaded, Firefox won’t even start. Without the multi-factor password and certificate hash, no one can get into it. They can arrest me and torture me until I’m dead, but only I can give them access with the information in my brain.
They can get that info from Google, etc, correct?
Invest in a digital certificate, invest in a TPM, download a password locker, and keep an encrypted thumbdrive handy for secure data. Lock that in a safe or a bank safe deposit box, and you’ll be as secure as you possibly can be without doing as you suggest and live in a cave.
I didn't suggest living in a cave. That said, none of your planning accounts for getting the same info via third parties through a variety of (currently) legal ways or account for such things as electronic commerce.
In other words, if they want it, they'll get it. And they want it.
Myself, I’m gonna start using carrier pigeons!
It's pretty clear that what the government flags for review is certain words or phrases (they can't very well have a human look at the billions of emails every day). For example, an email discussing the purchase of an AK-47 and 2,000 rounds of ammo at the "gun show" is going to get looked at because the system flagged "AK-47", "Ammo" and "gun show". However an email talking about the purchase of a "Russian Hammer" and 2,000 "nails" at the "hardware store" wouldn't even get a second glance.
Of course both you and your recipient would need to have an understanding before hand that when you talk about certain topics (in this case guns) that you will use code.
For investigations, sure, they’ll persist, but for day-to-day monitoring of citizens, they’re not going to commit resources to decrypting your data. The Bluffdale data array cannot encrypt everything at a moment’s notice. In many cases it takes several days if not weeks to decrypt anything hashed over 1024 bits. If they have the decryption hash or the SHA fingerprint, they can crack it in seconds, but that information is not public. Companies like Entrust, QuoVadis, RSA, Sonera, Thawte, and VeriSign would go out of business overnight if it was discovered that they were validating trust relationships across the globe. I’ve worked with numerous security professionals, and I can assure you that they are NOT working with the government to make it easier for them. Trillions of dollars of wealth are on the line!
Encrypting private data on your own computer is the biggest step you can take to prevent identity theft, for one. Having been the victim of fraud, I can tell you that there’s nothing worse than finding out you’ve been hacked or your identity has been stolen. Without spending inordinate amounts of money on personal VPN encryption devices, I’m doing everything I can now to protect myself.
Also, let me remind you that in a court of law, the records from an ISP or phone company are no where near as valuable as the records from a persons computer or phone, respectively. It’s very easy to hack someone’s ESN and assign it to a stolen phone, thus making it look like you’re the one calling Bangladesh on a regular basis. Likewise, unprotected wireless networks can mean trouble for an innocent person if they’re hacked or otherwise compromised and used for illegal activity. If the police and prosecutors can get BOTH the records from your ISP/phone company AND the devices from where the communications originated, they’ve got an airtight case against you. Otherwise, with just one, a competent lawyer could easily argue hearsay or that your personal accounts were compromised and have a case against you thrown out.
One thing you brought up that I’m thankful you mentioned is Google, et al. One big piece of advice I can give you: DO NOT USE A PUBLIC (FREE) EMAIL ACCOUNT! You are just begging to lose your identity or freedom. If you have the wherewithal to research it, buy yourself a cheap desktop computer, setup your own domain name, and configure a simple SMTP relay for your own email. If it’s encrypted by certificate and/or multi-factor authentication, it would be impossible for anyone to say what was transmitted. At best, use your ISP’s free email, which you’re technically paying for.
Why? MOST ISPs would be reluctant to hand over data traffic and audit logs. They know that if it got out that they were helping the feds with an investigation, and the PR disaster that ensued would ensure they lost customers.
I’ve worked for a major ISP in the southeast, and I can tell you with 100% assurance that your email information is more secure than public emails like Google and Yahoo. We often responded to subpoenas, but the data they requested never went so far as to provide actual copies of emails; and furthermore, we had a 25-day retention policy to save money. Storage was NOT cheap and for an ISP, they’d rather spend their capital on infrastructure upgrades than storage of your emails to old aunt Bess.
In summary... if the government is bound and determined to get your communications data, yes, they can get it. However, the amount of practical computing power at their disposal is STILL finite.
They’re not going to be decrypting every last datagram that comes across the networks of the world, and unless you’re being specifically targeted for some reason, you’re not going to be at risk of intercept of your personal data. It’s a simple numbers game AND it’s a matter of diminishing value of return. Aunt Bess’ apple pie recipe is not as important as Chinese launch codes.
The root certification authorities of the world are not giving up their encryption algorithms for the NSA, and even if the NSA manages to decipher those encryption algorithms, the next generation of encryption is going to be more complex by a factor of 3.
My mistake on the gps. Cell towers can be used to track you. Speaker phone and camera can be remotely activated without it indicating its turned on.
I believe we are being tracked right now all of the time while we are online.
A little anecdote about my personal experience.
First, a little background. I, am a woman who has no technical training or knowledge, but, within the past year, after seeing something on a discussion on FR, I switched to Firefox as my browser. Some months later, again due to a discussion on FR, I looked into (translation = asked the tech savvy husband if it was okay) downloading a Firefox application called “Collusion”, which lets you see who is tracking your web activity through web beacons, etc.
When I installed the app, I elected to have a sound uaccompany the hits that come up. This alert sounds like a camera shutter. Sometimes this sound goes crazy, depending on which kind of site I go to. But logging onto FR never brought me any of those sounds. I guess that’s because there is no advertising here.
Well, about two weeks before the election, I was having a devil of a time with pages loading here on FR, particularly when I was trying to post a response. It struck me that I was hearing that shutter sound, so, I finally started looking at the website info that pops up in the lower left of my screen. URLs were running through quite quickly, but one that I saw several times said “google-analytics”.
As I said, I am not a techie person, so maybe my suspicions are just hogwash, but I have been wondering ever since if someone was spying on us. And we all know that Google is pro-Obamugabe....
in one way you are correct. google-analytics does track your information here, but they are doing this at the request of freerepublic. if you view the source code for a page on fr (or have your tech savvy hubby show you), you will see the request to have google-analytics tracking included at the bottom of the code.
this is extremely common on websites, as the reports google provides from this data are very useful to the website operator. there are ways to block this (and other such tracking), if you are bothered by this behavior. it may slightly degrade and/or change how some sites work for you, though. ymmv.
Thank you for that information. I guess I am just a conspiracy nut, after all.
Oh, don't worry - the government can easily fix that. Page 1,832 of the Omnibus Porkulus Maximus bill of 2013 will no doubt lay out some felony or another that you can be charged with any time the Feds deem you inconvenient.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.