Please note that, although I primarily refer to the NSA in this article, unchecked, rampant surveillance is actually a worldwide problem.
The NSA has been in the news a lot lately, and for all the wrong reasons. It shouldn't be surprising to anyone that all of this is happening. It's been coming for years now and anyone had the ability to see it coming, if they were careful enough to pay attention. The question now becomes how to deal with it. It's a complex problem and, like many complex problems, requires a multi-pronged effort to address it.
In order to explain how to do that it's best to understand how we got here. To do that we must back up first and trace things back a few decades to the beginning of the Internet. Some felt that the Internet would be used as a tool to spread knowledge and information. It would empower the masses. Anonymity was easy. Censorship was impossible. Easy copying would destroy the traditional movie and music industries. Even bigger changes seemed inevitable. Many believed that the Internet was the tool that was going to be used to begin a new world order. It was going to be the start of a utopian age in our collective history.
To some extent this has happened but that utopian vision never really did fully materialize, but two other things did that were critical in making mass surveillance possible.
One is that, little by little, people started becoming dependent on the Internet. It is a fact that many of the Internet-using public place their e-mail, photos, videos, calendars, address books, search terms, messages, documents, and perhaps their entire lives into massive data collection silos belonging to companies like Google, Facebook, Apple, Microsoft, and others. The existence of such huge repositories of information makes a tasty target to anyone that is interested.
The second thing that happened is that people began to increasingly access their data using devices that they have ever diminishing control over: iPhones, iPads, Android phones, Kindles, ChromeBooks, and so on. Unlike operating systems made up of free software (such as GNU/Linux), these devices are controlled entirely by vendors, who limit what software can run, what they can do, how they're updated, and so on. Even desktop computers are heading in the direction of more vendor control and less user control. The lack of control over their own computing devices meant that people were forbidden from knowing what was being done with their data and, even if they did know, were powerless to stop it.
With most of the Internet-using public reliant on software that they cannot study and using third party services that sell them out, it began to create the perfect storm that made mass surveillance possible. It seems somewhat ironic that the public actually helped with their own surveillance by using these things.
That is how we got here. The next question is what to do about it. For that, it's important to understand how things are being done. When the NSA wants information, they get it and they have several methods at their disposal. This is probably not exhaustive but what is known so far is:
That covers how we get here, and what's happening now. After hearing about all of the avenues that the NSA has at its disposal to do surveillance on people, it is easy for a person to think that there is nothing that they can do in order to avoid surveillance. However, this is nowhere near the truth. There are a lot of things that people can do in order to avoid surveillance, minimize what information can be obtained, and make it harder to obtain that. Some of these are regulatory while some are technical.
Those giant repositories of information made the NSA's job very easy by providing a form of one-stop shopping for them. Tearing down those data collection silos is an important step, so the first step anyone can do is move out of that silo and host your own data instead.
When it comes to centralized social networks I can only say one thing about them: Get rid of them. Close your Facebook, your Twitter, and all of your centralized social media accounts and never use them again. Social media networks are a treasure trove of personal information that the NSA and other government agencies can easily have access to. Use decentralized social networking instead:
Don't use a cell phone. Surveillance is inevitable in this case: Whenever your phone is powered on, your cell phone company is able to record where you are, the phone calls and text messages sent and received, and what was accessed over the Internet, etc. If you do use one, you'll have to accept that surveillance is inevitable although there are still steps that can be taken to minimize it:
Don't use email. It is insecure. Look at something encrypted and decentralized like BitMessage. If you must use email, run it yourself on your own machine out of your own home and use GPG and SSL/TLS to communicate with the recipient, who should also be using their own mail server (or at the very least maybe arrangements could be made for them to use yours.) I have written about running your own server previously. Check the archive.
Don't store files in public cloud services. Going by Snowden's leaks, cloud service providers have been juicy targets for the NSA. Add to that the unresolved crisis that is Megaupload, and you can see why you should not store data in public clouds. NSA personnel do not necessarily need access to your cloud account - they can grab data as you upload your files. The same methods can be used to collect information from software-as-a-service applications like Office 365 and Google Drive. To protect yourself, store data in your own servers, encrypt your traffic, and limit communications.
Keep web browsing private - Avoid relying on the "Do Not Track" feature. It cannot prevent snooping. Use the Electronic Frontier Foundation's HTTPS Everywhere extension. It uses the popular Secure Sockets Layer encryption scheme to keep web browsing private but doesn't prevent the NSA from knowing what servers or people you're communicating with. To avoid that, an even better option is to use HTTPS Everywhere along with TOR.
Always use free software encryption. Unlike proprietary programs, they are less likely to incorporate backdoors and if there is one it can be removed by the people using the software.
Use free boot firmware. Most computers begin to run proprietary software as soon as you press the power button, in the form of the BIOS. Given that we know that NSA has BIOS exploits, it's more important than ever to use a free one. The Free Software Foundation recently certified a laptop to Respect Your Freedom, all the way down to the boot firmware. This can't be said of every machine running coreboot: It took specific hardware and a modified version of coreboot with proprietary software removed to pull this off.
Use 100% free software GNU/Linux distributions. The Free Software Foundation maintains a list of these at https://www.gnu.org/distros/. The combination of free boot firmware and a 100% free GNU/Linux distribution means that the people using these systems can be sure that their computers are working for them, and not against them.
These are just some ideas - there may be more. Please feel free to share your ideas with me so that I can update this. Ultimately, the methods I've mentioned will only serve as a way to make it more difficult for the NSA to collect information, but it will not be impossible. As it sits right now they have the full weight and power of the United States government behind them so if they decide that they want some information, they will find a way to get it. The only way that we are going to be able to protect our privacy is by demanding regulatory change. If you haven't already done so, start petitioning the relevant authorities.
Copyright © 2013 Jason Self. See license.shtml for license conditions. Please copy and share.