Suveilance Selfdefence Project « EFF [part 3]

From EFF.org

What Can I Do To Protect Myself?

When we were talking about how to defend yourself against subpoenas and search warrants, we said, "If you don't have it, they can't get it." Of course, that's only partially true: if you don't have it, they can't get it from you. But that doesn't mean they might not be able to get copies of your communications or detailed records about them from someone else, such as your communications service providers or the people and services that you communicate with. Indeed, as we outlined in the last section, it's much easier as a legal matter for the government to obtain information from these third parties - often without probable cause or any notice to you. So, you also need to remember this lesson: "If someone else has stored it, they can get it." If you let a third party store your voicemail or email, store your calendar and contacts, back up your computer, or log your communications traffic, that information will be relatively easy for the government to secretly obtain, especially compared to trying it to get it from you directly. So, we'll discuss in this section how to minimize the content that you store with third parties. We've also asked you to "encrypt, encrypt, encrypt!" in the previous sections about protecting data on your computer and while you are communicating. The same holds true when protecting against the government getting your information from other people. Although ideally you will avoid storing sensitive information with third parties, using encryption to protect the data that you do store - such as the emails you store with your provider, or the files you back up online - can provide a strong line of defense. We'll talk in this section about how to do that. Communications content that you've chosen to store with a service provider isn't the only issue, though. There are also the records that those third parties are creating about your interactions with their services. Practically everything you do online will create records, as will your phone calls. So your best defense is to think before you communicate:

• Do you really want the phone company to have a record of this call - who you called, when, and how long you talked?


• Do you really want a copy of this email floating around in the recipient's inbox, or on your or his email provider's system?


• Do you really want your cell phone provider to have a copy of that embarrassing SMS text message?


• Do you really want Google to know that you're searching for that?

It may be that the communication is so trivial or the convenience so great that you decide that the risk is worth it. But think about it - seriously consider the security trade-offs and make a decision - before you press "send". We'll give you information in this section that should help you make those decisions. Another option for minimizing the information that's recorded about you - short of avoiding using a service altogether - is to protect your anonymity using encryption and anonymous communication tools. If you want to search Google or browse Amazon without them being able to log information that the government could use to identify you, you'll need to use software such as Tor to hide your IP address, as well as carefully manage your browser's privacy settings. This section will give you the information you need to do that.

Getting Started

Learn What Your Service Providers Store

Most communications service providers and commercial web sites have privacy policies. Read them to find out:

• What information do they collect? It may be more than you think. If anyone you do business with doesn't have a privacy policy (or their policy is unclear), you should contact them and ask about what they collect.


• With whom do they share it? Most companies will share your information with other companies in their corporate family and with marketers; many companies will sell your data to anyone who wants it. Check to see if they'll let you "opt-out" of sharing your information with other companies.


• What about the government? Look in the privacy policy to see under what circumstances they'll hand your information over to the government. Try to do business with companies that will not give your information to the government unless required by law to do so. Also find out whether they will notify you if the government asks for your files, and do business with companies who will always notify you unless prohibited by law from doing so. That way, you can call a lawyer and try to stop the disclosure before it happens.

Consider using activist-friendly, privacy-respecting communications providers that offer free services. The Online Policy Group, for example, offers free web hosting and email list hosting, while Rise Up offers free email (including web-mail), web hosting, and email list hosting. These services have strong privacy policies and will notify you of any governmental or other attempt to seek customer information unless prevented by law. Cable companies that offer Internet access usually also have a policy of notifying you unless they've been gagged - in fact, because of a quirky imbalance in the law, they actually have to notify you if they can, unlike non-cable providers. So, if you're especially worried about the communications records held by your ISP, consider using a cable broadband provider.

Choosing a Communications Method

Again, Telephone Calls are Your Safest Bet

When it comes to protecting the privacy of communications content stored by your provider, the safest choice is to avoid storing any content with the provider at all. Therefore, just as when we were discussing wiretapping, regular old telephone calls have a distinct advantage over other communications methods: putting aside voicemail, which we'll discuss on the next page, telephone calls don't create copies. That means, unless the government goes to the technical and legal trouble of directly wiretapping you (a very low risk, compared to the government trying to obtain stored copies of your communications), or the person you are talking to is so untrustworthy that they would record your conversation without telling you (a rarity, but it does sometimes occur), your telephone call will be safe from prying ears. As you'll see on the following pages, telephone calls are far preferable to SMS text messages, which providers apparently store for long periods of time, and which are very difficult to encrypt. IM and VOIP are better alternatives, as we'll also discuss, since they can be more easily encrypted, and since instant messages and VOIP call contents are typically not logged by providers. Email is a harder case, since it necessarily creates a range of copies - with providers and with recipients - but as you'll see later, there are a number of steps you can take to make that mode of communication safer, too.

Protecting Your Voicemail

As we explained previously, copies of your communications stored by your phone company such as your voicemail receive very weak legal protection compared to copies of your communications stored in your own home. In particular, after a communication has been stored more than 180 days - or, according to the government's reading of the law, after you've first accessed that stored communication - the government no longer needs to get a warrant before obtaining that communication, and can instead use only a subpoena to the company (usually with no notice to you). When it comes to your voicemail, this means two things:

• Where possible, use your own answering machine or voicemail system, not the phone company's.


• Where it's not possible to use your own answering machine or voicemail system, such as with your cell phone, you should always delete your voicemails as soon as you listen to them!

Protecting Your Voice Over IP Communications

As best we can tell, providers of Voice Over IP telephone service such as Skype do not record your calls as a matter of routine. So, short of using encryption to protect the confidentiality of your calls there are no special steps that you need to take to ensure that the government can't obtain stored copies of your conversations. Notably, Skype uses encryption by default. However, as discussed in our VoIP article, the security of Skype's encryption system is still in question. And, as with your regular phone calls, there is always going to be some risk that the person at the end of the line is recording the conversation.

Protecting Your Email Inbox

(and Sent folder, and Drafts folder, and...)

The Stored Communications Act requires the government to obtain a warrant before seizing emails that are in "electronic storage" with your communications provider and are less than 181 days old. However, under the government's interpretation of the term "electronic storage", the emails that arrive in your inbox lose warrant protection under the Stored Communications Act, and are obtainable with nothing more than a subpoena (often with no notice to you) as soon as you've downloaded, opened, or otherwise viewed them. Similarly, the government believes that it can obtain the sent emails and draft emails that you store with your provider with only a subpoena, again often without notice to you; the government doesn't think those sent or draft emails are in "electronic storage" as defined by the statute, either. EFF is doing it's best to prove the government's interpretation wrong in court, and some courts have already disagreed with the government. Yet as far as we can tell, those court decisions haven't significantly changed the government's behavior and it still routinely obtains opened emails (and sent emails and draft emails) without warrants, regardless of how old they are. Because of the government's aggressive position, you need to be just as aggressive when it comes to defending your email privacy. As described on the next few pages, the most critical things you can do are:

• Delete emails from your provider's server as soon as you first access the messages, and store your sent and draft emails locally in your email client software, rather than with your provider.


• In order to minimize the number of emails stored with your provider - be they received, sent, or draft - avoid using webmail if at all possible, or, if you do use a webmail account, avoid the web interface and instead configure your email client software to send and receive emails directly via POP.


• Encrypt your emails whenever possible.

Protecting Email: Download and Delete!

The single most powerful step you can take to protect the privacy of your email is to not store it with your email provider. Rather than leave email on your provider's server, you should configure your email software to immediately delete incoming emails from your provider's server as you download those messages to your computer - and also make sure that your email software is configured to store your draft and sent email on your computer rather than with the provider. Of course, this is a serious security/convenience trade-off - by fetching your email using the "POP" email protocol and storing all your mail locally, you won't have access to your email from multiple devices like you would if you were using the IMAP protocol or a webmail interface, both of which store all of your mail with the provider. We realize that for some people, particularly those without their own computer, using POP and storing everything locally may not be an option. But if it is an option, and you can effectively function without storing your emails with your provider, we highly recommend doing so. For more, check out our email article.

Don't Use Webmail if You Don't Need It - or POP It.

Webmail poses a serious security trade-off for those concerned about a government adversary.

Webmail is usually free, very easy to use, and super-convenient, especially if you want the ability to access your email from several different computers or mobile devices. However, deleting your email from your provider's servers as soon as you've downloaded - a critical step to protecting your email's privacy against the government - is hard if not impossible to do when you use a webmail service like Gmail or Yahoo! Mail, especially if you want to maintain access to a copy of that email. Since you view your email in your browser rather than downloading it to email client software, the only conveniently accessible copy of your email is going to be the one you store with your provider. If you take the idea of a government adversary seriously, webmail is a very bad risk. The government is hundreds if not thousands of times more likely to try and obtain your stored email rather than wiretap it. Indeed, the reason that the number of wiretaps on electronic communications is so low is because it's so easy to obtain the same information from the provider's storage. So, if you think that government adversaries may pose a threat to your privacy, we strongly recommend that you not use webmail for any unencrypted sensitive communications, unless you simply can't live your life or do your job without an easy-to-access-anywhere inbox. If you really don't need that kind of access and usually access your mail from the same computer, the convenience of webmail probably isn't worth the risk. If you do use a webmail account, though, one way of mitigating the risk is to avoid using the web interface and instead download your emails directly to your email client software using POP and immediately delete them from the provider's server. This option may not be available from all webmail providers, but it is offered by major providers such as Gmail, Microsoft and Yahoo!. You'll lose the convenient access to past messages via the web, and it might not be free (Microsoft and Yahoo! charge a fee of $19.95 per year for POP service through Hotmail Plus and Yahoo! Mail Plus, while Google's Gmail service offers the option at no cost), but you'll still have cheap and reliable email service.

Protecting Email: Use Email Encryption When You Can

Using email encryption is a good idea even if you are storing all your email locally, if only to counter the wiretapping threat. But using encryption becomes all the more important if you are storing your email content with your email provider. If the government comes calling on your provider with a subpoena for your stored emails, you'll wish you had learned how to protect those messages with encryption, so visit our email article and learn now!

Protecting Instant Messaging

Major IM service providers like AOL, Yahoo! And Microsoft say that they don't store your IM messages after they are transmitted. We think they are telling the truth, but even so, you should use encryption when IMing, if only because it is so easy to do (see our IM article to find out how). Gmail's chat, on the other hand, logs all of your IMs by default as a feature and stores them online in your Google account for you to access later. If you use Google Talk or Gmail's chat service, we strongly recommend turning off this feature by going "Off the Record" or "OTR", as Google calls it - so that you aren't storing those transcripts with Google. If you really need access to past transcripts, log them on your own computer using your IM software's settings (subject, of course, to the data retention policy you established after reading our section on protecting data stored on your computer). However, also keep in mind that many if not most of the people you chat with will be keeping their own logs on their own computer (or in their Google account if using Gchat, unless you've gone "Off the Record").

Protecting SMS

Avoid Texting Sensitive Communications

Major cell phone providers claim that they don't log your SMS text messages except for a very short period of time to ensure delivery (see, e.g., statements from providers in this news story entitled "Most Text Messages Are Saved Only Briefly", or another article containing similar claims). However, there is reason to doubt these claims: we've seen several cases where SMS messages were disclosed by a provider months or even years after they were originally sent. For example, as USA Today recounts, text messages were subpoenaed in the Kobe Bryant rape case four months after they were sent, despite A&T Wireless' claims that customers' text messages are deleted within 72 hours. According to that story, "How messages in the Bryant case would be available four months later isn't known; most likely they were retrieved from an archival storage system." Considering such incidents, provider-side logging of your SMS text messages must be considered a high risk. Furthermore, although we think that the Stored Communications Act and the Fourth Amendment require the government in most cases to get a warrant before obtaining your pager or SMS messages from your provider, there are several known cases where it has obtained such messages without warrants under the lower legal standards reserved for non-content records, using only subpoenas. Not only is there the threat of your provider logging your messages and the government subpoenaing them, but also the near certainty that the phones of the people you are communicating with are logging those messages, adding yet another point of vulnerability. That's in addition to the logs on your own phone, which you should delete regularly based on the data retention policy you developed after reading about "Data Stored on Your Computer." However, keep in mind that with the right forensic tools, investigators will likely be able to recover even those deleted messages if they ever get a hold of your phone, and the secure deletion options for mobile devices are still quite limited. Finally, although there have been some efforts at coming up with encryption solutions that work for SMS (as described in our mobile devices article), none of those techniques are easily or widely used. Therefore, given the possibility that your SMS texts are logged by your provider, that the government may be able to obtain those messages from your provider without warrants and without notice to you, and that such messages are hard if not impossible to encrypt, along with the certainty that they will be logged on your phone and the phones of the people you communicate with, we strongly recommend against using SMS for any sensitive communications.

Online Storage of Your Private Data

Online Storage of Your Private Data

There's a lot of talk these days about how convenient it is to store your data in the internet "cloud." Why store your calendar or contacts list or critical documents on one computer, or buy a hard drive to back up your files at home, when you can store them "in the cloud" and access them from anywhere using services like Google Calendar, or Google Docs, or remote backup services that will store copies of all your files for you? Well, here's a reason: the government can easily subpoena that data from those providers, with no notice to you. As we already described in the "What Can The Government Do?" section, the communications stored by your communications service providers are very weakly protected compared to those you store yourself: after 180 days (or after you've downloaded a copy, according to the DOJ), the government can get those communications with only a subpoena and usually with no notice to you. But the situation is even worse when it comes to data that you store with someone other than your communications provider - so called "remote computing services" (RCSs). Under the Stored Communications Act, the government can obtain data that you send to an RCS for storage or processing with only a subpoena regardless of how old it is, and although the government is supposed to notify you before they do, the law makes it very easy for investigators to delay that notice until after they've gotten your data. Therefore, storing all that data yourself, on your own computers - without relying on RCSs - is the most legally secure way to handle your private information. If you do choose to store copies of your files online, though, we strongly recommend encrypting those files yourself before you do (visit our article on disk and file encryption to learn how), or using services like IDrive or MozyPro that give you the option of encrypting your files using your own private encryption key.

Protecting Your Search Privacy and Your Web Browsing Activity

The search history you generate when using search engines like Google or Yahoo! reveals incredibly sensitive data about what you look at - or even think of looking at - on the web. These logs may be tied to your identity based on your IP address, the cookie files that the search engine places on your computer, or your account information if you've registered to use the search engine or other services offered by the provider. And as discussed earlier in the "What Can the Government Do?" section, these logs are subject to uncertain legal protections. Considering the sensitivity of search logs and the questions surrounding their legal status, we highly recommend that you exercise great care to ensure that your identity cannot be linked to your search queries. For an in-depth discussion of how to do that, read EFF's "Six Tips to Protect Your Search Privacy". You should also take a look at our article on browsers to learn more about cookie management and on the anonymizing software Tor to learn more about how to mask your IP address. These same techniques can be used to protect you against logging by any web site you visit, not just search engines, and we recommend that you do use them whenever you visit a web site and don't want that site to log personally-identifying information about you and the pages that you read. Finally, we recommend avoiding using one online portal for multiple services - e.g., try to avoid using Yahoo! Search and Yahoo! Mail, or Google Search and Google Reader. Not only are you making it easier for the search provider to identify you by virtue of linking all of your activity to your personalized account, but you are also offering the government a convenient "one-stop shop" opportunity to access a wide range of your personal information at once. Using these "mega-portals" to manage all aspects of your online life might be convenient, but it also creates a single point of failure that raises a serious security risk.

TMI on the Web

Do You Really Want to Publish that Blog Post, Flickr that Picture, or Broadcast that Facebook Status?

The web is a powerful engine of personal expression, giving you a wide variety of online venues to speak your mind and communicate with friends or the public. But before you publish that blog post on MySpace or Blogger, post a picture to a picture-sharing sites like Flickr or Picasa, or broadcast your status on Facebook or using Twitter, think, "Is this really information that you want to expose on the web?" Even if you do now, think about years from now: will you want evidence of this youthful indiscretion or that personal opinion floating around on the web in the future? Remember, you don't have any expectation of privacy in information that you post to the public web, and information that you post now but delete later may still persist, whether on the pages of the friends you communicated with (like your Wall Posts to a friend on Facebook), or in Google's cache of old web pages, or the Internet Archive's library of public web pages. One way of limiting the risks of posting information about yourself on the web is to use the privacy settings offered by social sharing sites like Flickr or Facebook, with which you can avoid publishing your information to the public web and can define which of your "friends" on the same service are allowed access to your information. However, these settings can sometimes be confusing and difficult to configure correctly, and it's unclear how robust such privacy protections would be against the attacks of a dedicated hacker. There's also the possibility that an adversary may try to "friend" you using fake information to pose as someone you know or would want to know. (A good rule of thumb is to only become "friends" with people that you know personally, after verifying with them via another means of communication - for example, by emailing them or calling them - to ensure that they are the ones that actually made the request.). Then there's the additional threat of adversaries gaining access to your account information by convincing you to use their "app." Finally, of course, there's always the risk that one of your "friends" will republish to others the information that you thought you had posted privately. So, even if you think you've strictly controlled access to your Facebook profile or Flickr page, you should recognize the significant risk that what you post there might leak out, and act accordingly. Another option, if you're more interested in sharing information and opinion than in socializing, is to communicate anonymously, without tying your posts to your real identity. For an extended discussion of how to do that safely and effectively, take a look at our guide on "How to Blog Safely (About Work or Anything Else)."

Protecting Your Location Information

More on Cell Phone Tracking

We described earlier how the government can enlist your phone company's help in tracking the location of your phone in real time. However, that's not the only location privacy threat posed by your cell phone: your provider also keeps records of where your cell phone was each time you made or received a phone call. In particular, phone companies typically log the cell phone tower you were closest to when you called someone or someone called you, as well as which "sector" of the tower's coverage area your phone was in. Particularly in urban environments where there are lots of cell towers, such records can locate you with a fairly high degree of precision, sometimes to within a city block or even within a particular building. The government routinely obtains these kinds of location records with only subpoenas and with no notice to the target, although EFF is working hard to ensure that such data can only be obtained with a search warrant. Unfortunately, there's nothing you can do to prevent these records from being created short of not making phone calls, and turning your phone off to ensure that no one calls you. Indeed, turning your phone off might be your only recourse - particularly since some experts have advised us that the phone companies not only log the location of your phone when a call is made but also log the closest cell tower whenever your phone is turned on, as your phone continuously registers itself with the cell network. Therefore, as is true with every communications device that you use, your best defense is to think before you use your cell phone. Do you really want your phone company to have a log reflecting that you were in that part of town at that time? If not, then you should turn the cell phone off. Another potential solution is to anonymously purchase a prepaid cell phone using cash. The phone company will still have the same location data, but it won't be as easily linked to your identity. Keep in mind, however, that even if the phone company doesn't have subscriber information like your name and address, investigators might be able to quickly associate you with the phone based on the people you communicate with, or based on security camera footage from the store where you bought the phone. For more information about the privacy risks posed by cell phones, take a look at our article on mobile devices. You may also want to take a look at the advice offered by MobileActive.org in its Primer on Mobile Surveillance.

Summing Up

Whenever you use technology to communicate, you will necessarily leave traces of your activity with third parties like your phone company, your ISP, or your search engine provider. If a third party has it, the government can get it, often under weak legal standards and without any notice to you. So remember:

• Think before you communicate. Do you really want there to be a record of this?


• Choose to make a telephone call when you can, rather than using SMS or the Internet, unless your communications are encrypted. Otherwise, there may be a record of the content of your communication on some third party's server or in an archival database.


• Avoid storing your data with third parties when you can. The records you store with others receive much less legal protection than those you store yourself.


• Use file encryption where possible if you do choose to store data with an online service.


• If you are using email or voicemail, delete the copies stored by your communications provider as soon as you download or listen to them.


• Learn how to hide your identity online and minimize the information that online services log about you by learning how to configure your browser and use anonymizing technologies like Tor.

Powerful new communications technologies carry with them powerful risks to the privacy and security of your communications. Learn to defend yourself!

Legal disclaimer: This guide is for informational purposes only and does not constitute legal advice. EFF's aim is to provide a general description of the legal and technical issues surrounding you or your organization's computer and communications security, and different factual situations and different legal jurisdictions will result in different answers to a number of questions. Therefore, please do not act on this legal information alone; if you have any specific legal problems, issues, or questions, seek a complete review of your situation with a lawyer licensed to practice in your jurisdiction.

Links to Wikipdia: Malware, Privacy, Surveillance, Uberveillance

More articles about Uberveillance

More articles about Privacy