Sydney’s Leichhardt Council recently made history after voting to become the first local government in the world to ban the use of metadata in their investigations.
The use and collection of private individual’s metadata, the information that describes their phone calls, emails, web searches and browser histories, has become an increasingly controversial topic.
While some believe the data is necessary for governments to track dangerous groups or individuals, many are concerned about the ramifications that a system of mass surveillance enables.
“Whilst these requests so far seem to have been restricted largely to assisting prosecutions – primarily environmental breaches – the increase in use does point to a concerning prospect for the abuse of this power, tantamount to spying on residents,” Leichhardt Mayor Darcy Byrne told City Hub.
Sadly, our Federal and State governments are not concerned.
In 2014, the Abbott Government passed laws requiring internet and phone service providers (ISPs) to store the metadata of Australian residents for a period of two years, and hand it over to a raft of government agencies without them even having to obtain a warrant.
While they are not supposed to look at the content of our emails, listen in to our phone calls, or read our text messages without a warrant, metadata still paints a detailed picture of our lives – where we are at any given time, who we contact and when, and a range of other private information. There are also concerns that, given the expense of separating meta data from content, ISPs are storing all data which, in practical terms, may be accessed by government agencies.
The Rise of the Surveillance State
If you’re planning to use encrypted devices to protect your privacy, it may be of interest to know that the Government is going out of its way to prevent individuals from taking steps to circumvent State monitoring.
Last year, the Federal Government amended the Defence Trade Controls Act to ban academics and others from publishing information about encryption, one of the methods used to avoid monitoring.
This is concerning to people like David Kaye, the UN special rapporteur for Freedom of Opinion and Expression, who threw his weight behind encryption earlier this year, arguing that mass surveillance is undermining free speech:
“Encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age.”
In Citizenfour, Laura Poitras’ chilling documentary on the scope of State surveillance in the US, it was revealed that the country’s National Security Agency has computers capable of capturing a mind-boggling 125 gigabytes of information per second, and that tens of millions of individuals are being monitored despite no evidence of any links to undesirable conduct. Even if some of that data is encrypted, the Agency is able to use past passwords and other personal information at a rate of one trillion guesses per second in order to break the code.
Protecting Your Privacy
Thankfully, there are a range of freely available tools on the internet that can help avoid the worst of this surveillance.
Picking a Password Even the NSA Can’t Crack
Thinking of a strong password can be incredibly difficult, especially when the State is capable of one trillion guesses per second. But here’s how to beat it with a pen, paper and dice.
To start with, download a copy of the Diceware word list, which contains 7,776 English words (37 pages for those printing at home). It looks quite random at first, but there’s a method to it.
Next, roll a dice five time and write down the numbers. Then, look up the corresponding word on the list. For example, your first five rolls might be 4, 5, 2, 4, and 1. Take that sequence, in this case 45241, and look up its corresponding word (ie ‘payne’). This is the first word in your new passphrase.
If we stopped there, an attacker would have a one in 7,776 chance of guessing your word on the first try. Not particularly favourable odds for you. However, if we add a second word, derived through the same method, the difficulty multiplies exponentially.
In fact, an attacker attempting to guess a seven word diceware passphrase would have a one in 1,719,070,799,748,422,591,028,658,176 chance of getting it right. At one trillion guesses per second, that passphrase would take around 27 million years to crack.
Passphrases can be used for many things, from securing your gmail account, to setting up private email and chat servers. The obvious downside to this method is trying to remember the password, and you may need to write it down and store it somewhere – which carries risks in itself.
KeePass is a free app that generates a new secure password for every service you use, it stores these on your computer, and is only accessible to those that have access to a master passphrase. That said, even the best passphrase in the world can’t stop your browser’s metadata from being collected.
Tor, or The Onion Router, is one of the easiest ways to stay anonymous on the internet. It is used around the world by journalists and activists working in oppressive countries, and by others who want their data stay out of the hands of advertisers and ISPs.
Lifehacker explains how it works: “The Tor network disguises your identity by moving your traffic across different Tor servers, and encrypting that traffic so it isn’t traced back to you. Anyone who tries would see traffic coming from random nodes on the Tor network, rather than your computer. “
To access the network, you just need to download the free Tor browser. Everything you do in the browser goes through the Tor network, and it doesn’t require any setup on your part. That said, make sure you read through Tor’s instructions for staying safe.
However, Tor does not guarantee 100% anonymity. At best, it is an extra layer of security that makes it more difficult to track your web use. It does not encrypt your other meta data, such as emails you send while browsing.
The Operating System James Bond Would Use
Imagine having a USB you could plug into any computer, that would let you browse anonymously, send encrypted emails, and save your files behind a thick wall of code. Plug it in, play away, and when you pull it out there’s not a trace of you left.
For people that are serious about hiding their electronic footprint, TAILS, or The Amnesiac Incognito Live System, is one of the best options out there. It allows users to run a fully encrypted operating system, including Tor, KeePass, a word processor, an email client and even an audio player, all off a USB stick.
The TAILS website includes clear and simple instructions for downloading and setting up the USB. Most installations take around 1 to 2 hours, and you’ll need two USBs, the Firefox browser and their download verification before you get started.
You can choose to use your TAILS USB for one-off sessions, or create an encrypted login using your passphrase to access files for later use.
Encrypted, Anonymous Phone Calls and Text Messages
Signal is a smartphone app that lets users make free, worldwide encrypted calls and send encrypted text messages to any other phone that also has it installed. The app has been personally endorsed by Edward Snowden and Laura Poitras, who both use the service.
“Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.” Poitras writes.
The app is easy to install – using it is as straightforward as normal calling and texting.
Those behind the app do not store information about the calls or messages made across their system, and they publish the apps source code online to allow people to test it for vulnerabilities.
Apple FaceTime and Google Hangout: although these aren’t designed to keep your online calls private, most internet companies, including Apple and Google, say they only give away information on a targeted basis in response to government requests.