Over the weekend, The Washington Post reported that 9 out of 10 people caught in the National Security Agency’s vast surveillance dragnet between 2009 and 2012 were everyday internet users with no connection to national security threats, including hundreds of US citizens. While the surveillance aided in the capture of at least a couple of suspected terrorists, the government intercepted the details of the daily lives of more than 10,000 innocent account holders in the process.
Since former NSA contractor Edward Snowden began leaking the details last year of the NSA’s vast surveillance capabilities, the amount of collateral damage to individual privacy at home and abroad has put the agency under intense public scrutiny. Privacy experts, however, say that the now-infamous NSA surveillance programs such as Quantum and PRISM not only threaten individual privacy; they threaten the overall security of the internet as a whole.
On Monday, the New America Foundation held a panel discussion, at its offices in Washington, DC, titled, “National Insecurity Agency: How the NSA’s Surveillance Programs Undermine Internet Security.” The panel featured several policy and cryptology experts, including Bruce Schneier, an author and cryptologist who worked with The Guardian on the Snowden leaks.
“The issue is not that the NSA is spying on whoever the bad guy is who they want to spy on,” Schneier said during the talk. “The issue is that they are deliberately weakening the security of everyone else in the world in order to make that spying easier.”
From emails to online bank accounts, much information on the internet is encrypted to protect privacy, but the NSA has secretly worked for more than a decade to undermine encryption tools and standards for its own benefit. The NSA has worked to give itself backdoor access through widely used software and hardware products like Juniper Network’s tools for businesses. The agency has also stockpiled exploitable security vulnerabilities instead of flagging them for repair; implanted spyware in computers across the world and even hacked into Yahoo and Google’s private data links.
“If the Chinese government had proposed to put in a backdoor into our computers and then paid a company $10 million to make that the standard, we would be furious,” said Joe Hall, chief technologist at the Center for Democracy and Technology.
Hall referred to RSA, an influential computer privacy firm that allegedly allowed the NSA to engineer weak points in widely-used encryption tools under a $10 million contract.
“That’s exactly what the NSA has become: the best hacker in the entire world,” Hall said.
The NSA denies undermining the security of the internet, but Schneier said that if the NSA can create a weakness, then other hackers could exploit it.
“Put a backdoor in, three years from now, criminals are using it,” Schneier said. “Now what?”
Last month, the US House voted to approve two amendments that would defund the NSA’s efforts to undermine encryption standards and work with companies to insert backdoors into commercial software. The Obama administration has made a few policy tweaks in light of the Snowden revelations but has so far refrained from any public overhaul of the NSA’s global surveillance programs.
Unless you are a skilled hacker or programmer, it’s difficult to guarantee total protection from the prying eyes of the government and others online, but there are many tools out there that can help. Hall, who likened using security tools to good hygiene, recommended several tools to implement. They may not seem capable of protecting you from the powerful eyes of Big Brother, but together they help us be “less smelly in your digital lives, so to speak.”
Here are some tools that experts say can help anyone be more secure in an insecure online world:
• Use a Virtual Private Network (VPN), especially on public Wi-Fi: The Wi-Fi in your local coffee shop may not be as secure as the connection you use at home, and a VPN can protect data you send and receive from prying eyes on the same network (i.e. the other people in the coffee shop). Businesses commonly use VPN’s to connect employees on remote networks, but anyone can use a VPN to encrypt incoming and outgoing data on open Wi-Fi.
• Download a password manager: Never use the same password for two different accounts again. Password managers use algorithms to generate powerful, random passwords for all of your devices and accounts – and they keep track of them so you don’t have to. The privacy advocates at Reset The Net recommend the Master Password app.
• Encrypt your web browsing: The Electronic Frontier Foundation (EFF), a leading online privacy and freedom group, has developed a plug-in that ensures that, if a website has the option of providing your browser with an encrypted connection, then this security option is turned on when you open a webpage. It’s the difference between seeing “HTTP” and “HTTPS” in your browser’s address bar. “S” stands for secure, and many popular websites have this option, but it can be difficult to use without the EFF’s helpful plug-in.
• Browsing anonymously can also be done with software like Tor, which disguises your online identity by routing and encrypting your traffic across different servers so it cannot be traced back to you. Tor is good for keeping your browsing habits away from advertisers, and it’s also good for dodging censors and authorities in oppressive countries. People accessing hidden services like the black market smuggling site Silk Road have also used Tor, so using Tor could potentially raise a red flag and make you a target for government surveillance. Still, experts say that using Tor is still safer than browsing in the open. Tor is currently offered by a nonprofit dedicated to promoting online privacy.
You can learn about more easy-to-use privacy apps at Reset The Net, which recently released a “Privacy Pack” of recommended tools for the most commonly used platforms and mobile devices.