Leave Your Cellphone at Home
http://nplusonemag.com/leave-your-cellphone-at-home Sarah Resnick Leave Your Cellphone at Home Interview with Jacob Appelbaum
From OCCUPY Gazette 4, out May 1.
Earlier this year in Wired, writer and intelligence expert James Bamford described the National Security Agencybs plans for the Utah Data Center. A nondescript name, but it has another: the First Intelligence Community Comprehensive National Cyber-security Initiative Data Center. The $2 billion facility, scheduled to open in September 2013, will be used to intercept, decipher, analyze, and store the agencybs intercepted communicationsbeverything from emails, cell phone calls, Google searches, and Tweets, to retail transactions. How will all this data be stored? Imagine, if you can, 100,000 square-feet filled with row upon row of servers, stacked neatly on racks. Bamford projects that its processing-capacity may aspire to yottabytes, or 1024 bytes, and for which no neologism of higher magnitude has yet been coined. To store the data, the NSA must first collect it, and here Bamford relies on a man named William Binney, a former NSA crypto-mathematician, as his main source. For the first time, since leaving the NSA in 2001, Binney went on the record to discuss Stellar Wind, which we all know by now as the warrantless wiretapping program, first approved by George Bush after the 2001 attacks on the twin towers. The program allowed the NSA to bypass the Foreign Intelligence Surveillance Court, in charge of authorizing eavesdropping on domestic targets, permitting the wholesale monitoring of millions of American phone calls and emails. In his thirty years at the NSA, Binney helped to engineer its automated system of networked data collection which, until 2001, was exclusively directed at foreign targets. Binney left when the organization started to use this same technology to spy on American citizens. He tells of secret electronic monitoring rooms in major US telecom facilities, controlled by the NSA, and powered by complex software programs examining Internet traffic as it passes through fiber-optic cables. (At a local event last week, Binney circulated a list of possible interception points, including 811 10th Avenue, between 53rd & 54th St., which houses the largest New York exchange of AT&T Long Lines.) He tells of software, created by a company called Narus, that parses US data sources: any communication arousing suspicion is automatically copied and sent to the NSA. Once a name enters the Narus database, all phone calls, emails and other communications are automatically routed to the NSAbs recorders. The NSA wasnbt the only intelligence-gathering agency to have its domestic surveillance powers expanded in the wake of September 11th. The USA PATRIOT Act, for instance, allows the FBI to spy on US citizens without demonstrating probable cause that its targets are engaged in criminal activities. Under Section 215 of the Act, the now infamous National Security Lettersbwhich formerly required that the information being sought pertain to a foreign power or agent of a foreign powerbcan compel the disclosure of sensitive information held by banks, credit companies, telephone carrier, and Internet Service Providers, among many others, about US citizens. The recipient of an NSL is typically gagged from disclosing the fact or nature of the request. Itbs no secret that, whereas the Fourth Amendment prevents against unreasonable search and seizure, concerns over b national securityb occasioned its disregard and the violation of privacy rights of even the most ordinary citizens. Activists have all the more reason to worry, repeatedly turning up as the subject of terrorist investigations. For instance, in 2006 the ACLU revealed that the Pentagon was secretly conducting surveillance of protest activities, antiwar organizations, and groups opposed to military recruitment policies, including Quakers and student organizations. Relying on sources from the Department of Homeland Security, local police departments, and FBI Joint Terrorism Task Forces, the Pentagon collected, stored, and shared this data through the Threat and Local Observation Database, or TALON, designed to track terrorist threats. Or take Scott Crow, a self-described anarchist and veteran organizer in the global justice movement, who, as the New York Times reported last year, is one of dozens of political activists across the country to have come under scrutiny from the FBIbs increased counterterrorism operation. The FBI set up a video camera outside his house, monitored guests as they came and went, tracked his emails and phone conversations, and picked through his trash to identify his bank and mortgage companies, presumably to send them subpoenas. Others to have been investigated included animal rights activists in Virginia and liberal Roman Catholics in Nebraska. When in 2008, President Obama took the reigns from George W. Bush, there was an expectation that much, or at least some, of this activity would be curbed. Yet, as Bamfordbs article attests, the govermentbs monitoring and collection of our digital data remains steadfast. When the Occupy protests started in mid-September of last year, I relied on data-generating technologies increasingly, more so than I had ever before. Within a few weeks I had joined multiple OWS-related listservs; Ibd started following Twitter with unprecedented commitment; I spent more hours on Facebook than I care to acknowledge. I doubt I am the only one. At the same time, there was a widespread sense of precautionbjust because we were engaging in legal activities, covered by our First Amendment rights, no one, it seemed, should presume herself exempt from the possibility of surveillance. Sensitive conversations took place in loud bars, never over email. Text messages were presumed unsafe. In meetings, cell phone batteries were removed on occasion. Nevertheless, it was easy to feel unimportant (why would anyone watch me?) and equally easy to let standards relaxbespecially when it meant reclaiming conveniences that, once enjoyed, webre difficult to give up. Leaving a trail of potentially incriminating digital data seemed inevitable. But how bad could it really be? And was there no way to use these same tools while safeguarding our privacy? In late April, I sat down with the independent security researcher, hacker, and privacy advocate Jacob Appelbaum, who knows a thing or two about the surveillance state. Appelbaum is one of the key members of the Tor project, which relies on a worldwide volunteer network of servers to reroute Internet traffic across a set of encrypted relays. Doing so conceals a userbs location, and protects her from a common form of networking surveillance known as traffic analysis, used to infer who is talking to whom over a public network. Tor is both free (as in freedom) and free of charge. Appelbaum is also the only known American member of the international not-for-profit WikiLeaks. Resnick: The recent article in Wired describes where and how the NSA plans to store its share of collected data. But as the article explains, the Utah facility will have another important function: cryptanalysis, or code-breaking, as much of the data cycling through will be heavily encrypted. It also suggests that the Advanced Encryption Standard (AES), expected to remain durable for at least another decade, may be cracked by the NSA in a much shorter time if theybve built a secret computer that is considerably faster than any of the machines we know about. But more to the pointbis encryption safe? Appelbaum: Some of it is as safe as we think it can be, and some of it is not safe at all. The number one rule of b signals intelligenceb is to look for plain text, or signaling informationbwho is talking to whom. For instance, you and I have been emailing, and that information, that metadata, isnbt encrypted, even if the contents of our messages are. This b social graphb information is worth more than the content. So, if you use SSL-encryption to talk to the OWS server for example, great, they donbt know what youbre saying. Maybe. Letbs assume the crypto is perfect. They see that youbre in a discussion on the site, they see that Bob is in a discussion, and they see that Emma is in a discussion. So what happens? They see an archive of the website, maybe they see that there were messages posted, and they see that the timing of the messages correlates to the time you were all browsing there. They donbt need to know to break a crypto to know what was said and who said it. Resnick: And this type of surveillance is called b&? Appelbaum: Traffic analysis. Itbs as if they are sitting outside your house, watching you come and go, as well as the house of every activist you deal with. Except theybre doing it electronically. They watch you, they take notes, they infer information by the metadata of your life, which implies what it is that youbre doing. They can use it to figure out a cell of people, or a group of people, or whatever they call it in their parlance where activists become terrorists. And itbs through identification that they move into specific targeting, which is why itbs so important to keep this information safe first. For example, they see that webre meeting. They know that I have really good operational security. I have no phone. I have no computer. It would be very hard to track me here unless they had me physically followed. But they can still get to me by way of you. They just have to own your phone, or steal your recorder on the way out. The key thing is that good operational security has to be integrated into all of our lives so that observation of what webre doing is much harder. Of course itbs not perfect. They can still target us, for instance, by sending us an exploit in our email, or a link in a web browser that compromises each of our computers. But if they have to exploit us directly, that changes things a lot. For one, the NYPD is not going to be writing exploits. They might buy software to break into your computer, but if they make a mistake, we can catch them. But itbs impossible to catch them if theybre in a building somewhere reading our text messages as they flow by, as they go through the switching center, as they write them down. We want to raise the bar so much that they have to attack us directly, and then in theory the law protects us to some extent. Resnick: So if I were arrested, and the evidence presented came from a targeted attack on my computer, and I knew about the attack, I would have some kind of legal recourse? Appelbaum: Well, thatbs an interesting question. What is the legal standard for breaking into someonebs computer because they were at a protest? Congratulations, take that to the Supreme Court, you might be able to make some really good law. I think the answer is that itbs a national newsworthy incidentbnobody knows the cops break into peoplebs computers. The cops break into someonebs house, the Fourth Amendment is super clear about thatbit canbt be done without a warrant. Resnick: In January of last year, it was reported that the records for your Twitter accountb along with those of Julian Assange, Private Bradley Manning, Dutch hacker Rop Gonggrjp, and Icelandic lawmaker Brigatta Jonsdottirbwere subpoenaed by the US government. What is perhaps most notable in this case is not that the accounts were subpoenaed, but that the orders, usually gagged and carried out in secret, became public knowledge. Twitter contested the secrecy order and won the right to notify you. Several months later, the Wall Street Journal revealed that Google and the Internet service provider Sonic.net, had received similar orders to turn over your data. Appelbaum: Twitter notified me. But as for Google and Sonic.net, I read about it in the Wall Street Journal like everybody else. So now I can talk about it because it was in a public newspaper. Those are b 2703(d) administrative subpoenas,b and they asked for IP addresses, and the email addresses of the people I communicated with, among other things. The government asserts that it has the right to get that metadata, that b signalingb or relationship information, without a warrant. They get to gag the company, and the company canbt fight it, because itbs not their data, itbs my data, or itbs data about me, so they have no Constitutional standing. And the government asserts that I have no expectation of privacy because I willingly disclosed it to a third party. And in fact my Twitter data was given to the governmentbno one has really written about that yet. We are still appealing but we lost the stay, which means Twitter had to disclose the data to the government, and whether or not they can use it is pending appeal. Once they get the data, itbs not like itbs private or secretband even if they canbt use it as evidence, they can still use it in their investigations. Resnick: In January of this year, the Twitter account of writer and OWS protester Malcolm Harris was subpoenaed by the Manhattan District Attorneybs Office. I think itbs safe to assume these incidents are not anomalies. In which case, is there a way to use social media sites like Twitter without putting our private data at risk? Because these sites can be very useful tools of course. Appelbaum: In the case of something like Twitter, you can use Tor on the Android phonebwe have a version of Tor for Android called Orbotband Twitter together and thatbs essentially the best youbre going to do. And even that isnbt particularly great. Twitter keeps a list of IP addresses where youbve logged in, but if you use Tor, it wonbt know you are logging in from your phone. Itbs powerful, but the main problem is that itbs kind of complicated to use. On your computer, you can use the Tor browser, and when you log into Twitter, youbre fine, no problem allbyour IP address will trace back to Tor again. So now when the government asserts that you have no expectation of privacy, you can say all right, well I believe I have an expectation of privacy, which is why I use Tor. I signal that. And the private messaging capability of Twitterbdonbt use it for sensitive stuff. Twitter keeps a copy of all its messages. Resnick: During the perceived wave of Internet activism throughout the 2009 Iranian election protests, a new proprietary software called Haystack received a lot of media attention. Haystack promised Iranian activists tightly encrypted messages, access to censored websites, and the ability to obfuscate Internet traffic. You later tested the software and demonstrated its claims to be false. For those of us who donbt have your technical skill set, how can we assess whether a particular tool is safe to use, especially if itbs new? Appelbaum: First, is the source code available? Second, if the claims are just too good to be true, they probably are. Therebs a thing called snake oil crypto or snake oil software, where the product promises the moon and the sun. When a developer promises that a proprietary software is super secure and only used by important people, itbs sketchy. Third, are the people working on this part of the community that has a reputation for accomplishing these things? Thatbs a hard one, but ask someone you know and trust. How would you go on a date with someone? How would you do an action with someone? Transitive trust is just as important in these situations. Another thing to look at is whether itbs centralized or decentralized. For example Haystack was centralized, whereas Tor is decentralized. Also, how is it sustained? Will it inject ads into your web browser, like AnchorFree, the producer of the Hotspot Shield VPN? Or is it like Riseup.net, whose VPN service monetizes not through your traffic, but through donations and solidarity and mutual aid? And if they can inject ads, that means they can inject a back door. Thatbs super sketchybif they do that, thatbs bad news. So you want to be careful about that. Finally, remember: The truth is like a bullet that pierces through the armor of charlatans. Resnick: What should we know about cell phones? Itbs hard to imagine going to a protest without one. But like all networked technologies, surely they are double-edged? Appelbaum: Cell phones are tracking devices that make phone calls. Itbs sad, but itbs true. Which means software solutions donbt always matter. You can have a secure set of tools on your phone, but it doesnbt change the fact that your phone tracks everywhere you go. And the police can potentially push updates onto your phone that backdoor it and allow it to be turned into a microphone remotely, and do other stuff like that. The police can identify everybody at a protest by bringing in a device called an IMSI catcher. Itbs a fake cell phone tower that can be built for 1500 bucks. And once nearby, everybodybs cell phones will automatically jump onto the tower, and if the phonebs unique identifier is exposed, all the police have to do is go to the phone company and ask for their information. Resnick: So phones are tracking devices. They can also be used for surreptitious recording. Would taking the battery out disable this capability? Appelbaum: Maybe. But iPhones, for instance, donbt have a removable battery; they power off via the power button. So if I wrote a backdoor for the iPhone, it would play an animation that looked just like a black screen. And then when you pressed the button to turn it back on it would pretend to boot. Just play two videos. Resnick: And how easy is it to create something like to that? Appelbaum: There are weaponized toolkits sold by companies like FinFisher that enable breaking into BlackBerries, Android phones, iPhones, Symbian devices and other platforms. And with a single click, say, the police can own a person, and take over her phone. Resnick: Rightbin November of last year, the Wall Street Journal first reported on this new global market for off-the-shelf surveillance technology, and created b Surveillance Catalogb on their website, which includes documents obtained from attendees of a secretive surveillance conference held near Washington, D.C. WikiLeaks has also released documents on these companies. The industry has grown from almost nothing to a retail market worth $5 billion per year. And whereas companies making and selling this gear say it is available only to governments and law enforcement and is intended to catch criminals, critics say the market represents a new sort of arms trade supplying Western governments and repressive nations alike. Appelbaum: Itbs scary because [accessing these products is so] easy. But when a company builds a backdoor, and sells it, and says trust us, only good guys will use itb& well, first of all, we donbt know how to secure computers, and anybody that says otherwise is full of shit. If Google can get owned, and Boeing can get owned, and Lockheed Martin can get owned, and engineering and communication documents from Marine One can show up on a filesharing network, is it realistic to assume that perfect security is possible? Knowing this is the case, the right thing is to not build any backdoors. Or assume these backdoors are all abused and bypass them so that the data acquired is very uninteresting. Like encrypted phone calls between two peoplebitbs true they can wiretap the data, but theybll just get noise. When Hillary Clinton and the State Department say they want to help people abroad fight repressive governments, they paint Internet freedom as something they can enable with $25 million. Whereas in reality the FBI makes sure that our communications tech isnbt secure. This makes it impossible for people like me to help people abroad overthrow their governments because our government has ensured that all their technology is backdoor ready. And in theory, they try to legitimize state surveillance here, and there they try to make it illegitimate. They say, b In over-there-a-stan, surveillance is oppressive. But over here, itbs okay, we have a lawful process.b (Which is not necessarily a judicial process. For example, Eric Holder and the drones . . . sounds like a band, right?) Resnick: Okay, so one thing Ibve heard more than once at meetings when security culture comes up is that . . . well, therebs a sense that too much precaution grows into (or comes out of) paranoia, and paranoia breeds mistrustband all of it can be paralyzing and lead to a kind of inertia. How would you respond to something like that? Appelbaum: The people who that say thatbif theybre not cops, theybre feeling unempowered. The first response people have is, whatever, Ibm not important. And the second is, theybre not watching me, and even if they were, therebs nothing they could find because Ibm not doing anything illegal. But the thing is, taking precautions with your communications is like safe sex in that you have a responsibility to other people to be safebyour transgressions can fuck other people over. The reality is that when you find out it will be too late. Itbs not about doing a perfect job, itbs about recognizing you have a responsibility to do that job at all, and doing the best job you can manage, without it breaking down your ability to communicate, without it ruining your day, and understanding that sometimes itbs not safe to undertake an action, even if other times you would. Thatbs the education component. So security culture stuff sounds crazy, but the technological capabilities of the police, especially with these toolkits for sale, is vast. And to thwart that by taking all the phones at a party and putting them in a bag and putting them in the freezer and turning on music in the other roombtrue, someone in the meeting might be a snitch, but at least therebs no audio recording of you. Part of informed consent is understanding the risks you are taking as you decide whether to participate in something. Thatbs what makes us freebthe freedom to question what webre willing to do. And of course itbs fine to do that. But itbs not fine to say, I donbt believe therebs a risk, youbre being paranoid, Ibm not a target. When people say that they donbt want to take precautions, we need to show them how easy it is to do it. And to insist that not doing it is irresponsible, and most of all, that these measures are effective to a degree, and worth doing for that reason. And itbs not about perfection, because perfection is the enemy of b good enough.b I would encourage people to think about the activity they want to engage in, and then say, Hey, this is what I want to do. Work together collaboratively to figure out how to do that safely and securely, but also easily without needing to give someone a technical education. Because thatbs a path of madness. And if people arenbt willing to change their behaviors a little bit, you just canbt work with them. I mean thatbs really what it comes down to. If people pretend that theybre not being oppressed by the state when they are literally being physically beaten, and forced to give up retinal scans, thatbs fucking ridiculous. We have to take drastic measures for some of these things. The FBI has this big fear that theybre going to b go dark,b which means that all the ways they currently obtain information will disappear. Well, America started with law enforcement in the dark; once, we were perceived to be innocent until proven guilty. And just because the surveillance is expanding, and continues to expand, doesnbt mean we shouldnbt push back. If you havenbt committed a crime they should have no reason to get that information about you, especially without a warrant. Resnick: Are there any other tools or advice you would suggest to an activist, or anyone for that matter? Appelbaum: Well, itbs important to consider the whole picture of all the electronic devices that we have. First, you should use Tor and the Tor browser for web browsing. Know that your home internet connection is probably not safe, particularly if itbs tied to your name. If you use a Mac or Windows operating system, be especially careful. For instance, therebs a program called Evilgrade that makes it easy for attackers to install a backdoor on a computer by exploiting weaknesses in the auto-update feature of many software programs. So if you have Adobebs PDF reader, and youbre downloading and installing the update from Adobe, well, maybe youbll get a little extra thing, and youbre owned. And the cops have a different but better version of that software. Which is part of why I encourage people to use Ubontu or Debian or Linux instead of proprietary systems like a Mac or whatever. Because there are exploits for everything. If youbre in a particularly sensitive situation, use a live bootable CD called TAILSbit gives you a Linux desktop where everything routes over Tor with no configuration. Or, if youbre feeling multilingual, host stuff in another country. Open an email account in Sweden, and use TAILS to access it. Most important is to know your options. A notepad next to a fireplace is a lot more secure than a computer in some ways, especially a computer with no encryption. You can always throw the notepad in the fireplace and thatbs that. For email, using Riseup.net is good news. The solutions they offer are integrated with Tor as much as possible. Theybre badass. Because of the way they run the system, Ibm pretty sure that the only data they have is encrypted. And Ibd like to think that what little unencrypted data they do have, they will fight tooth and nail to protect. Whereas, yes, you can use Tor and Gmail together, but itbs not as integratedbwhen you sign in, Gmail doesnbt ask if you want to route this over Tor. But also, Google inspects your traffic as a method of monetization. Ibd rather give Riseup fifty dollars a month for the equivalent service of Gmail, knowing their commitment to privacy. And also knowing that they would tell the cops to go fuck themselves. Therebs a lot of value in that. For chatting, use software with off-the-record messaging (OTR)bnot Googlebs b go off the record,b but the actual encryption softwarebwhich allows you to have an end-to-end encrypted conversation. And configure it to work with Tor. You can bootstrap a secure communication channel on top of an insecure one. On a Mac, use Adiumbit comes with OTR, but you still have to turn it on. When you chat with people, click verify and read the fingerprint to each other over the telephone. You want to do this because there could be a b man in the middleb relaying the messages, which means that you are both talking to a third party, and that third party is recording it all. As for your cell phone, consider it a tracking device and a monitoring device and treat it appropriately. Be very careful about using cell phones, but consider especially the patterns you make. If you pull the battery, youbve generated an anomaly in your behavior, and perhaps thatbs when they trigger people to go physically surveil you. Instead, maybe donbt turn it off, just leave it at home. Because, as I said earlier, in a world with lots of data retention, our data trails tell a story about us, and even if the story is made of truthful facts, itbs not necessarily the truth. On a cell phone, you can install stuff like OStel, which allows you to make encrypted voice-over-the-Internet calls, or PrivateGSMbitbs not free, but itbs available for BlackBerries, Android phones, iPhones and so on. Which means that if they want to intercept your communication, they have to break into your phone. Itbs not perfect. Gibberbot for the Android allows you to use Tor and Jabberbwhich is like Google Chatbwith OTR automatically configured. You type in your Jabber ID, it routes over Tor, and when you chat with other people, it encrypts the messages end-to-end so even the Jabber server canbt see whatbs being said. And there are a lot of tools like that to choose from. Another thing to consider is the mode in which we meet. If we want to edit something collaboratively, therebs a program called Etherpad. And therebs a social networking application called Crabgrass, and hosted at we.riseup.net. Itbs like a private Facebook. Riseup still has a lot of the data, but itbs private by default. So itbs secure, short of being hacked, which is possible, or short of some legal process. And if you use it in a Tor browser, and never reveal information about yourself, youbre in really good shape. Unlike Facebook, which is like the Stasi, but crowdsourced. And I mean that in the nicest way possible. I once had a Facebook accountbitbs fun and a great way to meet people. But it is not safe for political organizing, especially when youbre part of the minority, or when youbre not part of the minority, but you are part of the disempowered majority. As a final thought, Ibd say just to remember that a big part of this is social behavior and not technology per se. And a big part of it is accepting that while we may live in a dystopian society right now, we donbt always have to. Thatbs the tradeoff, right? Because what is OWS working toward? The answer is, something different. And if we want an end to social inequality, the surveillance state is part of what we have to change. If we make it worthless to surveil people, we will have done this. So, it needs to be the case that what we do doesnbt hang us for what we wish to create. Image: NSA headquarters, Ft. Meade, MD.
participants (1)
-
Eugen Leitl