Thursday, May 30, 2013

USA - The Growing Threat of Online Surveillance and How to Protect Yourself

OFF THE WIRE
This is a guest post by IVPN’s Christopher Reynolds. IVPN (www.ivpn.net) is a virtual private network, and Electronic Frontier Foundation member, dedicated to protecting online privacy.
———-
The U.S. is in the middle of an upheaval when it comes to monitoring citizens’ online activities. Over the last few years, law enforcement agencies have been pushing for unprecedented powers of surveillance and access to your private online communications. While it’s true that surveillance laws need to be updated for the internet age, it’s clear law enforcement is simply using this opportunity to achieve its Holy Grail – the ability to spy on citizens without any judicial oversight.
Although it hasn’t yet been made law, we’ve already seen warrantless surveillance of online communications. The NSA wiretapping controversy saw the Bush administration collect web logs and emails, directly from Internet Service Providers, without any judicial oversight and largely in effort to silence critics of the government (instead of the stated aim of defeating terrorism) (http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy). Rather than reverse this practice, the Obama adminstration instead sought to continue it under new FISA guidelines (http://www.nytimes.com/2010/04/01/us/01nsa.html?_r=0).
Not content with accessing information from ISPs, legislators introduced CISPA to make it easier for law enforcement to access your information from private companies (https://www.eff.org/deeplinks/2013/04/cispa-passes-out-house-without-any-fixes-core-concerns). CISPA attempted to allow companies, such as Google and Facebook, to spy on users’ personal information and share data with not just the government, but anyone, without fear of legal repercussions. While CISPA passed the House convincingly, it was thankfully defeated due to a the threat of a veto by Obama. But the issue of online surveillance remains and another bill will undoubtedly be drafted to take CISPA’s place. Remember, unlike the data stored in your house, emails stored on a server are not protected by the Fourth Amendment (http://digitaldueprocess.org/index.cfm?objectid=37940370-2551-11DF-8E02000C296BA163).
On top of CISPA-esque legislation, the growing threat of a data retention bill in the US also looms large. Data retention is the practice of ISPs storing customers’ online data. This data includes every website you’ve visited, all your email logs, and your billing information. In Europe a ‘Data Retention Directive’ has been in place since 2006, forcing every ISP to retain online data for at least 1 year following cancellation of their service (http://en.wikipedia.org/wiki/Data_Retention_Directive). The US currently does not have a state-mandated data retention policy. But the Obama administration is clearly pushing for such a law (https://www.cdt.org/blogs/john-morris/doj-looking-mandatory-internet-data-retention-law?quicktabs_4=0). At the moment ISPs are free to set their own policies. As this article shows, some ISPs retain data for around a year, while others like AT&T refuse to even disclose how long they store your information (http://torrentfreak.com/how-long-does-your-isp-store-ip-address-logs-120629/).
Protecting your data
Make no mistake, abuse of power by law enforcement extends to the online world. But there are tools you can use to protect yourself. Here’s a quick rundown of the three most popular ways to keep your data private.
TOR (https://www.torproject.org/)
The Onion Router (TOR) is a free-to-use privacy platform, which obscures your IP address and lets your surf the web (almost) anonymously. The only problem with TOR is that you have to place some trust in the individuals running the exit nodes which help protect your IP address. Also because it’s free, TOR frequently suffers from slower connection speeds and is not suitable for downloading large files.
L2P (http://www.i2p2.de/index.html)
L2P is another free-to-use platform, which helps anonymise your data. L2P is generally considered harder to use than TOR, mainly because it’s less common and there’s less support for beginner users. However, L2P is well-suited to sharing files directly between users and arguably offers greater privacy than TOR.
Virtual Private Networks
Full disclosure: I work for the Virtual Private Network and privacy service IVPN (www.ivpn.net). Commercial VPNs offer a privacy service usually on a subscription pricing-model. There are loads of VPNs out there, but not all of them are genuine privacy services. Some retain customer data in exactly the same way as an ISP and are therefore compelled by law to hand over that data if requested. Before signing-up to a VPN make sure you check their data retention policy. The benefits of using a VPN over TOR is that they’re generally easier to set-up and offer faster speeds. You can find out more on choosing a VPN that protects your data right here (http://www.ivpn.net/blog/when-law-enforcement-knocks-on-a-vpns-door-what-happens) and here’s a great list of VPNs that take privacy seriously (http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/).
Christopher Reynolds