By now you’ve read or seen the stories about extensive spying by the NSA on millions of U.S. citizens. Reportedly: The NSA routinely scoops up vast amounts of data from the internet and the phone system. Microsoft helped the NSA to circumvent its encryption. The NSA has easy access to cloud storage service SkyDrive. Skype video calls are routinely recorded by the NSA, and the info is routinely shared with the FBI and CIA “with one NSA document describing the program as a ‘team sport’.” The NSA has direct access to data from: Microsoft, Skype, Apple, Google, Facebook, and Yahoo. “XKeyscore” is an NSA tool that collects “nearly everything a user does on the internet”. It sweeps up emails, social media activity, and browsing history. And NSA analysts require no prior authorization for searches. (source: the guardian). Many of he most common internet encryption and security features, such as SSL, are not effective in preventing NSA surveillance. Basically, the NSA is able to decrypt most of the Internet.
Are there any good options left for secure communication by phone or internet? There may be a few. This prepping and survival blog post reviews 3 options for secure communication.
Are any of these options secure enough for a spy, or terrorist, or international criminal organization? No, not at all. If you are a major bad-guy and the NSA or FBI or CIA has the motivation, they can dedicate enough resources and break your encrypted communications. But the good news is that, if you are an ordinary citizen doing stuff that is of little or no interest to these government agencies, they probably won’t put in the time, effort, money, and other resources needed to break your security. So you can obtain a practical level of secure communications. However, nothing is 100% secure.
Option 1: Cryptocat
Cryptocat is an online secure chat program, so it’s text-only communication. Go to the Cryptocat website with your web browser. (It does not work on my smart phone. I don’t know about yours.) Click the download link, and the program is installed as a browser add-on.
Click the Cryptocat logo on the browser toolbar, and you are presented with a chat window. You will need to prearrange a conversation name, and respective usernames for yourself and the other person. Type in the conversation name and your nickname, and you can chat securely with anyone else using that conversation name.
Security: Cryptocat’s code is open source, and has been reviewed, critiqued, and improved over time. It is relatively secure for ordinary citizens, but not for major bad guys.
Advantages: Very simple to use. Easy to install. Works in any computer web browser. The program is being actively maintained and improved. And it’s free.
Disadvantages: It only does chat. You have to communicate with the other person by some other (presumably non-secure) means to arrange for a secure chat. The group chat feature is not as secure as the one-to-one chat feature.
Option 2: RedPhone and TextSecure
Open WhisperSystems offers two currently-free programs (as of this writing) for secure communication. RedPhone software gives you the ability to have an encrypted phone conversation with anyone else who also uses RedPhone. You both use your ordinary Android smart phone and your regular phone number. Calls to persons who do not have RedPhone software installed are not secure. There is no version for the iPhone (yet). To verify the security of the call, you each read random words chosen by the software from the phone screen. This prevents a man-in-the-middle attack by a well-funded opponent (or at least makes it very hard to do).
TextSecure is similar in that you can only communicate securely with persons who also have an Android phone and the TextSecure software. However, TextSecure works to text anyone else non-securely. Why would you want to use TextSecure for a non-encrypted conversation? Because it has the added feature that ALL your past text conversations are encrypted on your phone, even the non-secure conversations. So if you lose your phone, no one can see your past text conversations, even though you were texting with persons who were not using TextSecure.
Security: RedPhone and TextSecure are open source programs using well-established security protocols. The code has been vetted by security experts. But as with any security software, it is probably not secure against a well-funded and highly-motivated opponent (like the NSA).
Advantages: Texting is much easier than chat for secure communication; you don’t have to both be online at the same time. Texting is useful if you have to bug-out; it works on any Android phone with regular phone numbers. All your texts are encrypted on your phone, even ones from non-secure conversations. Secure voice communication is also very useful. The programs are currently free, and the security is pretty good.
Disadvantages: No iPhone version. No secure e-mail or secure video calls. It’s a relatively new program, so it’s security is not well-tested.
Option 3: Silent Circle
This option is quite a bit different from the above choices. It is a paid service. Here’s the pricing run-down. The cheapest option is also probably the best option for preppers: Silent Phone and Silent Text. The Silent Phone application does video calls as well as voice-only calls. The app is available for iPhone as well as Android. And the Text program does encrypted file transfers and has a “Burn Notice” timer to destroy any message, file, photo, video or voice recording that you specify.
However, not all the source code is openly available for review by independent experts. And the service is pricy.
There is a strange and expensive option called “Out-Circle Access” that allows you to call non-secure mobile phones and land lines. But the call is only encrypted between your phone and the Silent Circle servers. The rest of the communication, from the servers to the person you are calling is not encrypted. And this option is expensive. Maybe it works well if you are a spy in another nation, and you are only concerned about eavesdropping on the portion of the call from your end to the Silent Circle servers in the U.S. Or maybe Silent Circle has some dedicated servers for CIA or NSA use-only. Who knows? But it’s not a good add-on service for preppers.
Security: Iffy. The source code is only partially available for independent review. Silent Circle boasts: “Intelligence agencies from five countries are already using Silent Circle services.” Silent Circle claims that the NSA is unlikely to compromise their security because it would put the U.S.’s own spies at risk. But I don’t see any obstacle to the NSA compromising Silent Circle in a way that also keeps their own operatives safe. That does not seem like a particularly hard problem to solve.
Advantages: Secure video calls, secure voice calls, works on both Android and iPhone, secure Texts.
Disadvantages: It might not be secure against government intrusion. It’s expensive.
I’d go with both of the first two options: RedPhone and TextSecure from Open Whisper Systems and Cryptocat. The services they offer do not overlap, and that way you get secure voice calls, secure text, and secure chat. Both options are currently free.