Wednesday, May 22, 2013

New Rules for Radicals, In The Digital Age

It's no longer a secret that we now live in an unfortunate age wherein anyone who speaks up is now considered suspect. Googling "fbi peace activists" will give you hundreds of hits on articles about the federal government infiltrating and monitoring even the most benign of social movements. Entire books have been written about the subject, and I could go on and on about it. But it's now to be considered a fact of life. If you are an activist, you are also a suspect.

It's also a fact that we now live in a digital age. Everybody is connected via social media, and other digital means. But unfortunately, we now have to assume that even what we once considered "private" conversations are no longer private. And we also have to consider that the same rules that apply to the physical world, apply to the digital world as well.

The National Security Agency's Utah data center is theorized to be able to process and store 5 zettabytes worth of data. That is a measurement of data most people are not even able to comprehend. But in the most crudest of terms, it's a metric fuckton of data. It's conceivable that every bit of digital communication that crosses through US data channels ( and probably foreign as well ) can be processed, stored, and analyzed for later use.

With the US Government's poor track record on civil liberties and privacy, nobody in their right mind expects this capability to not be abused. But like I said, I can go on and on about this subject, and I will later. But for now, this is about how to try to combat blatant violations of personal privacy.

Over the years I have had a passive interest in computer security and privacy. I am by no means an "expert" on the subject, though I am a professional in other information technology fields of research. However, I feel this gives me a good opportunity to share what I feel to be the new rules for operating in the digital age.

So what does that mean to you, the freedom loving peace activist? It means you have a new set of rules to play by. Of course I have to personally interject and state that above all else, the first rule of your existence should be to always operate within the framework of the law.

I do not condone anyone using what I'm about to recommend in the commission of a crime, or to plot acts of crime or violence. In fact, if you are a bottle throwing anarchist, just stop reading right now. You're on your own with that one. But for those who want to pursue peaceful paths, but still be able to watch your back, keep reading.

The first rule of fight club, is you do not talk about fight club

This first rule is the most simplest, and most obvious. Basically do not share anything online you wouldn't want to come back to bite you. There are countless stories of people losing jobs, being convicted of crimes, and having their lives ruined because they thought they were just sharing some stupid statuses on Facebook. Your private friends only Facebook wall, or off the record twitter account, is still indexed, and still capable of being subpoenaed. If you wouldn't shout it out via a bullhorn on a busy corner during rush hour, just don't post it to begin with.

Don't ever have sensitive conversations over Skype, in fact don't ever have conversations over anything

The technology blog ARS Technica has recently reported that even encrypted Skype conversations are being monitored by Microsoft. What was once thought as a private channel of communication is now shown to be completely vulnerable to being monitored by the very same people who provide those channels. Unfortunately there are very few "safe" channels of private communications anymore. Noted author and journalist Jeremy Scahill  recently revealed in a talk at the Philadelphia Free Library that confidential informants are resorting to "old school" communications methods, since what they once thought were secure and encrypted channels are capable of being cracked by our government's digital countermeasures. If notable battle hardened authors are running scared, you should be too.

You are never browsing anonymously

A lot of people rely on the "anonymous" browsing capabilities of Firefox, Chrome, and other web browsers. But the simple fact is that you are still capable of being tracked. If you are using your home internet connection, browsing anonymously on your own computer is futile. Your ISP is still tracking and logging every connection you make, and a simple national security letter will allow federal agents to monitor everything you do, without you even knowing about it.

Better yet, if you think going to your local coffee shop and using somebody else's wifi is going to help, you should reconsider that as well. Chances are whatever router you are going through logs your computer's MAC address, which is basically a digital fingerprint of your network card. If you've ever registered your computer or software with Microsoft or Apple, chances are your MAC address is now linked with your name and other personal info.

Now, we are delving into the paranoid levels of security here, but I'm just using this to illustrate my point, there are still technically ways you can be linked to your computer.

Your macbook is cute, but it will bite you in the ass

Contrary to popular belief, your Mac is not immune to viruses and trojans. And Windows users can just forget about ever being immune to them either.

It's been reported that the FBI has actively requested the ability to infiltrate suspects computers with trojan horse programs which can monitor pretty much anything you do on your computer, including turning on that handy web cam and microphone built into your laptop. In fact, it's probably safe to assume given their track record that they have already done this without on the record approval of a judge. Much like your cell phone, you should assume your computer is watching you.

Use the force. The 256bit AES-Twofish-Serpent force

So how can you secure files locally on your computer you may not want others to have access to? Fortunately there is a free Open Source program called TrueCrypt. This program will allow you to create a secure file on your hard drive, which can then be mounted like another drive and assigned a drive letter ( in windows ) or folder ( in mac ). Of course, it's still open for debate if the government has capability to break these encryption routines, but the fact is they are pretty damn secure, and will at least protect your data in the event your computer is compromised or stolen by private parties or criminals.

If they come a-knockin', they are cleaning house

Unfortunately, some people are still never going to be immune to a good old no-knock warrant. Granted, you shouldn't engage in activities that will earn you one, but obviously the case can be made that if you are a vocal enough activist and associate with the "wrong" people, chances are you may get a visit. And if you get visited, expect every digital medium you own to be taken in for analysis. This includes flash drives, DVD's, external hard drives, digital cameras, memory cards, etc. In my younger days of dealing with people involved in computer security, I have seen this happen countless times. Your digital goods will be taken from you, and it may be months or years before you ever get them back. So your best bet is to not consider anything you store offline "secure".

Network, network, network, but keep those new "friends" in a cage.

As mentioned, social networking can be your best friend. But if you are a rabid social net-worker  you may wind up adding people to your friends list you still may not know or trust very well. Fortunately Facebook has a good way of combating this. Many people don't even know you can add people to your "Restricted" list, so that if they are on your friends list, they still will only ever see posts you flag as "Public". This is a great way to add people, and still be able to share "private" things with your real friends and family. Google+ also has this capability built in with their "Circles" feature, but realistically if you are the type of person using Google+, you've known about this since day one.

To wrap it up...

After reading all this, you may come to the conclusion that I live a life of utter paranoia. Fortunately, that is not the case. The first step to being safe, is just to be aware. A lot of these rules I don't really follow half the time, since I consider myself an open book anyway. But then again, my profile is not that high either. For those of us who lead marches, organize groups, and may unjustly be considered "suspect", you probably want to follow these guidelines a little more closely. Who knows, it could save your butt some day.

Stay safe, and aware. And keep pushing for what you believe in. And so long as you have the truth ( as well as the law) on your side, you'll probably be ok, or so we can hope.

No comments:

Post a Comment