ADVERTISEMENT
  About the SA Blog Network













Observations

Observations


Opinion, arguments & analyses from the editors of Scientific American
Observations HomeAboutContact

Is It Possible to Keep Electronic Secrets?

The views expressed are those of the author and are not necessarily those of Scientific American.


Email   PrintPrint



Cellphone lit upUnless you live under a rock, you’ve heard of PRISM, a vast digital surveillance program run by the National Security Agency that was recently revealed by a whistleblower. The NSA, part of the federal government, reportedly works in conjunction with corporations such as Google, Microsoft and Apple to share users’ information with federal authorities.

But here’s the question: Can you actually keep your personal information private?

The revelations about PRISM shake the foundation of privacy that is often guaranteed on sites such as Facebook and Google. There are a number of ways, however, to protect your personal information. Here’s a look at publicly available tools for doing so, and the pros and cons of each.

 

The Tor Project

Tor is security software that is designed to protect both the sender and receiver of information and is available in a number of free mediums, from Internet browsers to Android plugins. By bouncing data all around the world through a network of proxies, Tor makes it impossible for someone to snoop on your Internet activity—or so it claims.

Pros: It’s free. Plus, it works with a variety of devices for a number of applications. The Tor web site claims that activists, media and law enforcement use the software. In cases where surveillance agencies don’t have access to the best technology, Tor may be an excellent choice.

Cons: Tor was originally developed by the U.S. Naval Laboratory as a way to protect government communications. Logic suggests that the U.S. government has deciphered, defeated and deserted this program—why else would they let their secret communications medium fall into the hands of the public?

 

Encrypted communications

Thanks to the ever-decreasing cost of processing power, encryption software previously available only to governments is now offered to ordinary citizens, often for free. With the help of complex mathematical algorithms, chat programs such as Cryptocat and phone apps such as RedPhone turn your signals into a code unreadable by anyone except the intended recipient.

Pros: Intercepting an encrypted communication is easy; deciphering it is the hard part. Doing so could take weeks, given the complexity of the algorithm used.

Cons: The best encryption programs require both the sender and the receiver to have the same software, which could be problematic. Still, if a government agency wanted to read your encrypted messages, they could. After all, they have the best encryption programs in the world.

 

‘Burner’ phones

Take it from the drug dealers and crime syndicates: prepaid cellphones known as “burners,” which can be bought with cash and disposed without a second thought, have no connection to the buyer’s identity.

Pros: Somebody with the burner phone’s number can trace the call, but they’ll never be able to confirm your identity. Because the phones and SIM cards can be bought with cash, no identification is linked to the caller. Plus, they’re inexpensive and can be bought all over the world.

Cons: For guaranteed security, the burner phone should only be used once. This can get expensive over time. Plus, the burner phone number can appear on phone records. The only truly anonymous call is between people using two burner phones.

 

My final judgment in digital privacy is this: nothing is foolproof. Given the known (and potentially unknown) resources of surveillance agencies around the world, it’s quite difficult to stay completely private. Any information you’ve loaded to a server that you don’t own, such as a Facebook post or an Instagram photo, is probably impossible for you to protect.

Bryan Bumgardner About the Author: Summer intern with Scientific American. Lover of anthropology, French and deep conversation. Follow on Twitter @@BryanBumgardner.

The views expressed are those of the author and are not necessarily those of Scientific American.





Rights & Permissions

Comments 9 Comments

Add Comment
  1. 1. Azuaron 8:10 pm 06/10/2013

    How do you prevent your bike from getting stolen?

    Lock it up better than the bike sitting next to it.

    If an organization such as the NSA is determined to get YOUR information, there’s not much you can do to stop them. They’ll put you under surveillance, tap all your communications, break your encrypted data, interrogate your friends, etc. etc..

    But if the NSA doesn’t care about YOU, so much as ANYBODY they can fish out of cyberspace… well, let’s put it this way, they aren’t breaking EVERY SINGLE encrypted signal bouncing across the globe. All you have to do to be ignored is use better encryption than most people, which currently means any encryption at all.

    Link to this
  2. 2. Simon Says 9:07 pm 06/10/2013

    *lol* There are 1000′s of different ways to protect your communication. It depends on a number of things, mostly creativity, determinism, willingness, and the amount of money you want to spend.

    Simple ways? Use a different language, remember the Navaho Talkers, simple concept never decoded. Don’t use Navaho, use something else, there are hundreds of languages out there. Use something passed on an irrational number for your base in your code. Use a pinpoint laser or microwave system. Go old school, how many people use Morse Code anymore? Create a simple language code that can easily be changed. Code is simple, just don’t use it more than a few times. Don’t forget public telephones.

    If you are talking about cell phone transmissions or social media exchanges, you must be rather stupid to put anything private into it and you get what you deserve,

    Link to this
  3. 3. Simon Says 9:14 pm 06/10/2013

    Oh, I forgot another simple one. Use air waves, such as SSB/CB, but turn the freq. a bit off length so that it is either garbled or sounds like static, match up the other transceiver. I could probably come up with a few score more in a minute or so, but that would be boring.

    Link to this
  4. 4. N a g n o s t i c 11:18 pm 06/10/2013

    It’s not boring at all, Simon Says. Coded communication fascinates me. I suspect money’s to be made in hobbyist grade books about code, coding kits, etc.

    Link to this
  5. 5. tharter 9:45 am 06/11/2013

    @Simon Says

    You are quite nieve if you believe that simple steganography, basic substitution systems, or simple languages will even slow down an organization like the NSA. I’m no crypto expert, but I’ve certainly read the standard public texts on the subject and understand data communications.

    OTOH I think you’re correct to a point in terms of remaining obscure. If you were say communicating via PGP encrypted messages stegged into some image files and shuffled around via a series of SMTP servers via Tor over TLS, with careful setup, you probably will remain under the radar.

    The problem with this notion is twofold. First of all with really pervasive monitoring NOTHING can remain undetected. Your opponent then only has to do enough traffic analysis and match it with things you cannot hide, like where you drive, who your friends are, what you say in public, etc and eventually if you are doing something they are interested in knowing about they’ll flag you. At this stage the NSA and other similar organizations probably have enough blind spots and types of information they aren’t fully tapped into yet that you might operate for a good long time, carefully. However, at this rate in 10 years we will be living in a total panopticon. NOTHING will be unrevealed.

    The truth is the panopticon is inevitable. We would simply be much smarter to make it all out in the open before its too late. Once someone has a monopoly on the data they are going to be VERY hard to dislodge from power.

    Link to this
  6. 6. Bea*M 1:00 pm 06/11/2013

    You know I’ve been reading about “burner phones” forever, but our prepaid cell phones aren’t activated without a name and contact phone number–of course people can lie, but then it isn’t the phone, it’s the lying, isn’t it? Which bad guys do.
    As it is, all our cells are in my name, ’cause everyone else in the house either is technically inept or phobic–one of the numbers isn’t being used ’cause my husband stomped the phone in frustration. That’s why I go cheap.
    My point is, I think “burner” phones are a myth.

    Link to this
  7. 7. nanorat 2:07 pm 06/11/2013

    The best protection is no protection. There is nothing that will attract the attention of the NSA more than encrypted messages. Just: 1) Slip into the anonymity of the billions of other messages. 2) Don’t break any laws. I don’t understand what all the hubbub is about. Did anybody EVER think there was an expectation of privacy on the internet????

    Link to this
  8. 8. jgrosay 4:43 pm 06/11/2013

    Somebody said here in SciAm, that the key to safety is: ‘Redundancy, redundancy, redundancy’, however, even if you may consider building a device prepared to withstand one, two, three or more mechanical failures or hardware and software faults, nobody can build a system able to resist an human being having the decission and will to destroy or hack it; burglars and policemen all belong to the human race, all are supposed to be born equal (in dignity), just safety bodies are supposed to have more means at their disposal. Or not?

    Link to this
  9. 9. RalphD 9:28 am 06/16/2013

    Tor performs a very limited security-enhancement task. Its first purpose is to hide the location of a person browsing the internet. It is effective at denying that information to the proprietor of an ordinary web host.

    Tor does not attempt to conceal the contents of your communication.

    An adversary like the NSA might be prevented from routinely screening your Tor-mediated communications for origin information. That is to say, if NSA does not initially know anything about you, Tor might prevent NSA from noticing your existence for a while. Tor can also obscure to some extent the location of a web host which is running inside a Tor server. This can afford some light protection to the proprietor of that hidden host.

    Bottom line: Tor is not likely to be much of an impediment to NSA if they already know who you are and wish to gather information about you. Bef the NSA does not know that you and your activities exist, the Tor network might provide some protection against routine meta-communication screening.

    Security professionals: please point out any errors I have made in this comment.

    Link to this

Add a Comment
You must sign in or register as a ScientificAmerican.com member to submit a comment.

More from Scientific American

Scientific American Holiday Sale

Black Friday/Cyber Monday Blow-Out Sale

Enter code:
HOLIDAY 2014
at checkout

Get 20% off now! >

X

Email this Article

X