Mr. Anderson’s Rough Guide to Anonymous Protest

B4D45GpCMAEixpp.jpg:large

Note: These methods are not foolproof. Even if you take every precaution described below, you should still assume that you are being watched, tracked, and recorded. Act accordingly.

I. Leave your cellphone at home. It is safe to assume that “Stingrays” (also known as “cell site simulators” or “IMSI catchers”) are being used at every #BlackLivesMatter protest around the country. These devices trick your phone into connecting to them by simulating a cell tower, allowing law enforcement to intercept your text messages and phone calls as well as your location information and International Mobile Subscriber Identity (your phone’s unique identifier). They are small enough to be mounted on vehicles and can even be placed on airplanes and helicopters to track protesters from the sky. It is probably best to leave your cellphone at home. If this is impractical for you, you might want to consider using secure messaging apps such as Wickr or TextSecure. Note that as long as your phone is turned on, your location information and IMSI information can still be intercepted.

II. Avoid exposing your face to cameras. Police love to video record protesters exercising their First Amendment rights. Unless you want to run the risk of having images of your face uploaded to a network of shadowy databases to be matched with driver’s license photographs and other government records for tracking purposes, it is wise to consider covering up your face or applying face paint in a manner that prevents facial recognition software from identifying you. Some believe covering your face is cowardly, but if the choice is between being indexed in a virtually boundless, unaccountable surveillance system and the right to protest anonymously without retribution, I’ll take the latter any day.

Selection_048

III. Avoid advertising your location or other personal information on social media. Fusion centers and police departments like to track people using social media geolocation software to track social media posts in real-time. This is likely one of the tools used by the Massachusetts fusion centers for tracking #BlackLivesMatter protesters in Boston. You may want to avoid using social media altogether while at a protest; but if you feel the need, it might be a good idea to create a fake account to make it a little more difficult for spies to monitor you.

IV. Use PGP for encrypted emails. Encryption is your friend. “PGP” stands for “Pretty Good Privacy”, and it holds true to its name. Think of PGP as an airtight container that keeps your emails away from the eyes of anyone except the intended recipient(s). Sure, it can be a little tough to set up, but once you have it installed, it’s actually very easy to use.

Here is a guide to installing PGP for Mac OS X.
Here is a guide to installing PGP for Windows and GNU/Linux.

V. Use Tor and/or a VPN. Tor is free software that provides anonymity by routing your Internet activity through a series of other users running Tor relays. The goal is to prevent eavesdroppers from seeing the web pages you visit by bouncing your connection around the network, making it appear as if you are accessing the Internet from a completely random location. Similarly, Virtual Private Networks route your connection through a server of your choice, making it appear as if you are connecting to the Internet from France, Canada, Sweden, or pretty much anywhere. Unlike Tor, good VPNs are not free, but they can be as inexpensive as $3.33 per month.

Suffolk County DA Conley logging parents’ keystrokes, for “safety”

We think our version captures the spirit of this initiative better than the original.
We think our version captures the spirit of this initiative better than the original.

Well, well. This “school safety” stuff keeps getting more interesting.

I didn’t focus on the elements of the school safety task force’s report that dealt with teaching children to “be safe” on the Internet, because, well, they sounded pretty innocuous. Turns out I wasn’t paranoid enough.

EFF reports that DAs and police departments across the country have been distributing elderly spyware called “ComputerCop” to parents as part of feel-good “Internet Safety” events at schools. This apparently includes a “service” called “KeyAlert”, which allows parents to track their children’s keystrokes. When it collects those keystrokes, it also stores them unencrypted on your hard drive (on Windows machines) and transmits them, unencrypted, to a third-party server so that the parents can be emailed when chosen keywords are typed. And, as readers of this blog will know, law enforcement can then request that keylogged data from the third party without a warrant.

Well, that’s fabulous. Sounds pretty useful. For law enforcement. Why not, then, promote keyloggers on as many computers as possible? And as with social media, it looks like offering something for free really helps members of the public surveil themselves. EFF notes:

Continue reading Suffolk County DA Conley logging parents’ keystrokes, for “safety”

Local Police May Be Hacking Your Phone: Piercing Secrecy Around Stingrays

Without your knowledge or permission, your smartphone’s calls could be being intercepted right now by your local police department, and your taxes are definitely being misused to pay for unconstitutional police snooping.

stingray_wsj

We have reported before on “stingrays”, which started being used by local police departments in around 2006. These devices impersonate a cellphone tower and intercept the calls that would otherwise flow to other actual nearby towers. Initially bulky, stingrays can now be laptop-sized or smaller, and the most advanced models are light enough to be carried by drones. Police departments conceal their use of this technology when applying for warrants to conduct surveillance, so judges can’t distinguish between applying for a “regular” interception on an individual phone and a stingray interception which gathers all traffic from nearby cellphone towers. The devices’ main manufacturer, Harris Corporation, even obliges police departments contractually to conceal their use of stingrays. The Obama administration is so keen to preserve the cloak of secrecy around stingrays that they sent in the US Marshals to prevent the ACLU from obtaining documents relating to stingray use by a north Florida police department. The courts are beginning to recognize the intrusive nature of cellphone tower dump data, but have not yet grappled with the fact that using stingrays, law enforcement don’t have to ask a cellphone company for the data; they can just suck it up without permission.

Now there is a new way to rip that cloak. Popular Science quotes the CEO of ESD America, which manufactures the $3,500 “CryptoPhone 500”, eagerly describing how his phones could detect when stingrays were being used in their vicinity. While testing the CryptoPhone 500 in August, users found 17 sites around the country where stingrays appeared to be being used on passersby. They could detect the use of stingrays because stingrays downgrade your connection from 4G to the less secure 2G and then turn off your phone’s encryption. Normal Android smartphones or IPhones are oblivious to this process.

Twitter users have been speculating whether these 17 sites map onto the sites of fusion centers around the country. Since we’re familiar with both stingrays and fusion centers, we can say conclusively that they don’t. Most sites seem to be in commercial areas, not around fusion center or military locations. ESD is not providing the precise site locations, and stingrays’ mobility further complicates the process of detecting them. We think that CryptoPhone users have captured what is likely to be only a small subset of stingray usage not by fusion centers, or by the NSA, but by regular local police departments around the nation. We’re supporting the efforts of researchers like Muckrock who want to get more transparency about stingray use by police departments, and to keep an eye out for proposals in your community to “upgrade” police department technology.

So, do we all have to go out and upgrade to the CryptoPhone 500 in order to feel safe in our communications? Well, no; there’s another, cheaper way to find out whether the government is using stingrays in your community.

Continue reading Local Police May Be Hacking Your Phone: Piercing Secrecy Around Stingrays

The Day We Fight Back: Join the resistance against mass surveillance!

The Internet is organizing to oppose mass surveillance on February 11, the anniversary of Aaron Swartz’s passing. We’re calling it The Day We Fight Back. This is what we’re doing and how you can get involved.

Call Your Congressmember
Both of our Senators here in Massachusetts and four of our Congressmembers (Tierney, McGovern, Capuano, Keating) have co-sponsored the USA FREEDOM Act, which represents the best near-term chance of meaningful reform of the surveillance state. Now would be an excellent time for newly minted Congresswoman Katherine Clark (D-Malden) to follow through on her pledge during the campaign to oppose mass surveillance. We’ll be coordinating calls with the ACLU of Massachusetts and others to try to get all nine of our U. S. House members to support it. We need volunteers for all nine congressional districts, so if you can, please sign up to help below.

UPDATE: Courtesy of PrivacySOS, we have news that Rep. Stephen Lynch (D-MA08) has signed on as a cosponsor. That now makes a majority of Massachusetts representatives cosponsoring the USA Freedom Act.

Cryptoparty at Northeastern
Cryptoparties train members of the public in techniques that go some way toward protecting your communications and your personal data from intrusion by outsiders (non-governmental or governmental). In collaboration with the Tor Project, the Massachusetts Pirate Party, the ACLU of Massachusetts, the National Lawyers’ Guild and others, we’re putting on a cryptoparty at Northeastern University:

Continue reading The Day We Fight Back: Join the resistance against mass surveillance!

By 2020, Commercial Vendors Will Offer Quantum Encryption

From the cover of Physics World magazine, March 2013
From the cover of Physics World magazine, March 2013

One of the major problems with challenging the surveillance state is that it is extremely difficult to prove legally that you have been under surveillance. The only people able to prove it are the government themselves, or (in highly unusual cases) people to whom the government has accidentally disclosed that they are under surveillance.

What if, then, there were a commercially available solution that was able to prove that you were under surveillance, and that changed encryption keys so rapidly that your data could be vulnerable at most for a few seconds before becoming secure again? This is the promise of quantum encryption systems.

Continue reading By 2020, Commercial Vendors Will Offer Quantum Encryption

Raytheon’s “Riot” Software: Big Data Analytics and Data Security for Activists

I run the Campaign for Digital Fourth Amendment Rights out of an incubator in Cambridge, Mass. Many startups at the incubator base their innovative products around “big data”, and the concept attracts substantial academic attention locally as well.

It’s natural that law enforcement would be interested in employing the same techniques, accessing information that people put on the Internet and on their devices about themselves, their location and their habits. Massachusetts-based Raytheon, the world’s fifth-largest defense contractor, has developed a product for law enforcement called “Riot”. Riot acts as a search engine, gathering information about people from Facebook, Twitter, Foursquare and other places. Raytheon refers to Riot as “extreme-scale analytics”, possibly because “wicked awesome analytics” was already trademarked. The Guardian has found a video from inside Raytheon demonstrating the software’s capabilities.

Continue reading Raytheon’s “Riot” Software: Big Data Analytics and Data Security for Activists