Phone and Data Security Post-SHTF

The recent news stories about internet and phone companies turning over vast amounts of data from millions of Americans to the U.S. government, specifically the NSA (National Security Agency), has got me thinking about data and phone security from a prepping and survival point of view.

On any given ordinary day, you might want a modest level of data and phone security. For no particular reason, people prefer not to have government scrutiny of everyday words and activities. Some people say, “If you have nothing to hide, you shouldn’t object”. But people don’t live in glass houses or fish bowls, where everything is on view to anyone who passes by. A modest degree of privacy does not indicate that you are doing anything illicit. Oh, and there’s that little thing called the Constitution, which guarantees (or so we thought) our 4th amendment right:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

So what’s the latest news on this front?

* NSA PRISM program taps in to user data of Apple, Google and others – direct access to servers of firms including Google, Skype and Yahoo
* NSA collecting phone records of millions of Verizon customers daily
* NSA has backdoor access to Internet companies’ databases – Apple, Microsoft, Yahoo, Facebook and other large tech companies let the National Security Agency search through confidential customer data, according to the Washington Post.
* NSA Internet Tapping, a History
* Obama administration defends 2nd mass surveillance project
* The Tech Companies in PRISM Aren’t Telling the Complete Truth
* Why the Metadata the NSA Has on You Matters

The first revelation was that Verizon handed over metadata from millions of phone customers, representing perhaps hundreds of millions of phone calls to the NSA, without a warrant “particularly describing the place to be searched, and the persons or things to be seized”. There was a court order, but not a warrant with the specifics described by the Bill of Former Rights (as I’m calling it now).

This metadata does not include recordings of phone conversations. It only includes things like the name and address of the customer, which numbers they called, when and how long the call lasted, and the like.

What’s worse is the report that the NSA has access to the servers of large internet companies, which might have much more detailed information, including full text of e-mails, browser search history, and password data. Then, finally, there are some sources suggesting that the NSA has had a long-standing program to record phone conversations, turn the audio into text, and then scan the text from millions of calls looking for keywords (bomb, assassination, names of political figures, etc.). No warrant, no court order, no probable cause, no improbable cause, not even a gut feeling that could be due either to a hunch or a bad burrito. Just a blanket warrantless search of millions of persons’ data. Digital privacy gone.

When the SHTF

How is all this a prepping and survival issue? It’s simple. If this is how the government behaves on any normal day, week, year, what will happen when the SHTF? A number of scenarios could increase the motivation of law enforcement and intelligence agencies to compromise our phone and data security. Suppose that terrorist attacks get worse, or a major war breaks out, or there is civil unrest, or economic collapse or any other destabilizing situation. The intrusion on our phone/data security will only get worse.

What can you do? I’ll suggest just a few simple approaches. These techniques will not give you absolutely 100% invulnerable security against any and all opponents. But it will make it much more difficult for the government to violate your right to the security of your “papers and effects”, including phone calls, text messages, and computer files.

1. Use TrueCrypt

It’s a free download and the software is highly-rated. It can encrypt your entire hard drive, entire USB drive, or make a secure file container on any drive. The software is open source and without any backdoors. If you choose a good password, even the NSA would not be able to get in (as far as we know). In any case, it is a high degree of security for no money and a little time learning to use the software.

2. Use secure Passwords

If you have a hard time remembering the many passwords needed in today’s digital society, use password safe software, a free program that stores and encrypts your usernames and passwords from various sites.

To choose a secure password, follow these simple rules:
a. do not use any words within the password
b. use at least 2 lower case letters, 2 upper case letters, and two symbols
c. do not use any pattern (e.g. word-number, or number-word, or word-number-word, etc.)
As for the password length, the longer the better.

See this Bruce Schneier article on weak passwords.

3. Use RedPhone

A small company called Whisper Systems has been developing secure phone and texting apps for a few years now. Progress was painstakingly slow due to a lack of money. Then Twitter bought up the company. Now you can get a free app from the Google Play store called “RedPhone”. Here’s a review by PC magazine. And here’s what the company says:

* Use the default system dialer and contacts apps to make calls as you normally would.
* RedPhone will give you the opportunity to upgrade to encrypted calls whenever possible.
* RedPhone calls are encrypted end-to-end, but function just like you’re used to.
* RedPhone uses your normal phone number to make and receive calls, so you don’t need yet another identifier.

It’s only available for Android phones right now.

4. Use TextSecure

The same company, Whisper Systems (wholly owned by Twitter), also has a secure texting app. It’s a free app that encrypts the stored texts on your phone and sends/receives texts securely to anyone who also has the app. But while RedPhone seamlessly integrates with your regular phone dialer, TextSecure is a separate app. Again, only for Android, but very simple to install and use.

5. Buy an external hard drive and BACK UP YOUR DATA.

Yes, I am text-shouting. Along with crazy-weak passwords, the next most common data security error is not backing up your files. Computer hard drives can fail. Computer viruses and malware can wreck your data. And this type of data insecurity is much more common and much more harmful than NSA snooping. Ruggedized external hard drives can be bought for under $100 and they hold large amounts of data.

I also use Shadow Protect (a commercial backup program) to back-up my entire hard drive, in one fell swoop, to an encrypted “image file”. That way, you don’t just back up individual files, but everything on your computer drive.

Options 1 – 4 above are free. Option 5, unfortunately causes money, but not that much when you consider the value of your data.

– Thoreau

One Response to Phone and Data Security Post-SHTF

  1. Yep, they basically tore up the 4th amendment with this. I knew in my heart that it was going on the whole time, but it’s even scarier to see how trusting and gullible people can be. That’s what frightens me. You don’t need to be a conspiracy nut job, but you should certainly believe that any scenario is possible. Technology has come so far. We’ve had the ability to do this kind of thing for a while.

    I’m not so sure though that some of these solutions are fool proof. Whisper Systems was purchased by Twitter – that makes me a little suspicious.