Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] [tt] NS 2921: How to stop the NSA spying on your data

Eugen Leitl eugen at
Sat Jun 15 05:21:23 PDT 2013

----- Forwarded message from Frank Forman <checker at> -----

Date: Sat, 15 Jun 2013 09:10:59 +0000 (GMT)
From: Frank Forman <checker at>
To: Transhuman Tech <tt at>
Subject: [tt] NS 2921: How to stop the NSA spying on your data

NS 2921: How to stop the NSA spying on your data
* 13 June 2013 by Hal Hodson

Revelations about government snooping show just how much they know
about us. But there are ways to opt out

[Editorial "Big brother needs a data privacy policy" added.]

BIG BROTHER really is watching you. A series of revelations over the
past week has revealed the extent of the US government's snooping.
But there are ways that the average citizen can avoid the prying
eyes of the state.

Last week, whistleblower Edward Snowden--a former contractor with
the National Security Agency (NSA)--told UK newspaper The Guardian
that the NSA not only has details of phone calls made by millions of
Verizon customers, it also has some form of access to its citizens'
internet activity as part of a programme named Prism.

The details of exactly how the NSA accesses personal data held by US
internet companies are still unclear (see "Split the difference").
Access to Verizon's call metadata was obtained using a secret court
order forcing the firm to hand over information including call
duration, number and cellphone tower details.

But the main cause for concern is that network science today means
governments can glean remarkable insights from the vast amount of
data they compile about their citizens' every move. So what exactly
can they find out about us--and how can we opt out?

Tanya Berger-Wolf at the University of Illinois in Chicago, who
studies methods of extracting information from large data sets, says
combining data from sources such as Google, Facebook and Verizon can
tell you a lot. "You can put together a very good, composite dossier
of a person," she says.

Phone calls alone can provide plentiful information. Yves-Alexandre
de Montjoye of the Massachusetts Institute of Technology and
colleagues analysed 1.5 million anonymised call records from a
Western cell carrier. They showed that it takes just four calls or
text messages, each made at a different time and place, to
distinguish one person's movements from everyone else's (Nature
Scientific Reports,

An experiment by German politician Malte Spitz shows what happens
when you fuse such data with online activity. Spitz sued German
telecoms giant Deutsche Telekom to get it to hand over six months of
his own phone data. Then, working with German newspaper Die Zeit,
Spitz melded that data with social network and other web information
about him to create a map that tracked his movements and activities.
It showed where Spitz was at any given time, what he was doing, how
many calls he made and how long he was connected to the internet.
The NSA's supercomputers would make light work of creating an even
more detailed portrait of anyone it was interested in.

Chris Clifton, who works on data privacy at Purdue University in
Indiana, says the NSA will be using software to sort the records
into groups by similarity--people who make lots of calls, for
example, or people who never call abroad. Patterns in time could be
useful, too. If one call appears to spark a flurry of others, that
might mean the first phone number belongs to an authority figure in
a criminal organisation, for instance.

But for citizens who want to guard their privacy, there are a number
of options. Apps like Silent Circle and RedPhone can already encrypt
your calls and send them over a data connection or Wi-Fi instead of
through your carrier's voice network. They also stop carriers from
logging end phone numbers. Downloads have exploded since The
Guardian's revelations--but such apps do not give you full
anonymity because they cannot prevent your movements between phone
masts being tracked.

A new standard for communication known as WebRTC (Web Real-Time
Communication) could enable users to make calls over the internet
without leaving any traces at all. That's because it doesn't rely on
centralised servers but rather sends traffic directly between
individual computers.

Combined with an encrypted connection using the anonymising Tor
network, which sends data via volunteer networks of computers,
WebRTC could keep your internet communications invisible to prying

An organisation called Tor Servers is aiming to bolster traffic
speeds across Tor exit nodes--the points at which traffic from Tor
enters the real internet. Its mission statement is to "make the Tor
network more stable, faster and more anonymous for everyone".

There are even efforts afoot to build an entirely new internet, one
free from control by large corporations and, by extension,
governments. Project Meshnet aims to have its own router hardware,
and for this to communicate without using the infrastructure of
large telecoms companies. That is still some way off, but for now
you can use the software version, called cjdns, which runs on
existing infrastructure. Physical Meshnets are already up and
running in Maryland, Seattle and New York.

And there are ways to protect people's privacy while still obtaining
information. An MIT project called openPDS works by only allowing
third parties to ask questions of a data set, without allowing them
to get their hands on the raw data. This, combined with legal
systems that notify individuals when their data has been searched,
could change the privacy debate. "Such a 'mixed approach' to privacy
is the way forward," de Montjoye says.

Split the difference

The US National Security Agency's Prism program seems to be lifting
personal data from the internet. How?

Internet giants including Google and Facebook strongly deny that the
NSA has direct access to its servers. There is another way, however.
A slide from an internal NSA Powerpoint presentation suggests the
agency is siphoning directly from fibre-optic cables. To do this, it
probably uses "splitters", which split the light beam.

Recent research by Andrew Clement at the University of Toronto,
Canada, shows that 99 per cent of US internet traffic goes through
one of just 18 cities. So if the NSA installed splitters at a few
strategic points "it could intercept a large proportion of internet
traffic", Clement says.
Editorial: Big Brother needs a data privacy policy
* 12 June 2013

The debate over internet and phone surveillance should be conducted
in the open, not the shadows

"NO ONE is listening to your calls," soothed President Barack Obama
last week, following the revelation that the US National Security
Agency (NSA) had been collecting data about telephone and online
communications on a truly epic scale. But Obama's pledge is nothing
like as reassuring as it might sound.

When it comes to profiling individuals, metadata about calls--who
calls whom, when and where--can be as powerful as what is said.
Such information is not safeguarded by the US constitution, unlike
the content of the calls. And there is scant, if any, protection for
millions of non-US citizens using US-based services.

Should we be concerned? One argument, echoed by the likes of UK
foreign secretary William Hague, is that those with "nothing to
hide" have nothing to fear. This is at best mistaken, and at worst
disingenuous. Privacy depends on context: a youthful indiscretion
may cause problems in later life, and what's accepted on Facebook
may not be safe in the workplace--or when the government changes.

Big data also throws up risks whose nature, scope and scale can be
hard to grasp. Consider the possibility of being erroneously picked
out as a threat to national security on the basis of ill-chosen
friends or an odd travel itinerary--and bear in mind that there are
places in the world, as The New York Times reports, where your
"signature" alone is enough to place you in the sights of a drone.

So big data surveillance poses real risks to civil liberties. The
only genuine debate to be had is whether these are acceptable in the
cause of preventing terrorism. Is it a pragmatic response to an
ever-present threat, or a dangerous expansion of state power?

Consider that many of us are entirely willing to give up highly
personal data to the very internet companies that now stand accused
of handing it over to the government. That might change: people may
turn to firms based outside the US, services that don't log user
data, and those that are independently run (see "How to stop the NSA
spying on your data").

Part of the reason we are relaxed about surrendering our privacy, of
course, is that the likes of Google and Facebook can do little with
the data they collect except try to sell us things. But it's also
because we understand the terms of the deal, as set out in their
lengthy privacy policies. Few of us may read them, but those who do
agitate on behalf of the rest.

Such transparency is generally lacking when it comes to state
snooping. Rather than an open discussion of benefits and ethics, the
spooks' requests are secretly rubber-stamped under dubious
interpretations of the law; we have leaks instead of disclosure; and
we listen to whistleblowers on the run instead of wonks arguing

This has to change. In the words of Edward Snowden, who leaked the
NSA documents: "The only thing that restricts the activities of the
surveillance state are [sic] policy." It will not be easy to write a
privacy policy that sets out how and when individuals' data can be
harvested in the name of security. But it should be considered just
as carefully as eavesdropping on our calls. And no one in power
should argue otherwise.
tt mailing list
tt at

----- End forwarded message -----
Eugen* Leitl <a href="">leitl</a>
ICBM: 48.07100, 11.36820
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the liberationtech mailing list