Ten Ways You Can Avoid Being Caught in the PRISM Net

Follow TIS on Twitter: @Truth_is_Scary & Like TIS of Facebook- facebook.com/TruthisScary

James H. Hamlyn-Harris/The Conversation

Last weekend, the Washington Post published a further four slides, leaked from the US National Security Agency (NSA), which outline how data is collected through the PRISM program.

The process is fairly simple: after an NSA analyst identifies a new surveillance target and a supervisor endorses the analyst’s “reasonable belief” (defined as 51% confidence) that the target is a foreign national and overseas at the time, data collection can begin.

Just say you’re one of these new targets, or you simply don’t want to be incidentally monitored. How can you minimise the amount of data you share?

PRISM’s data collection methods

Commentators generally agree the NSA’s PRISM technology is based on optical fibre “wiretaps” placed at the connection of internet providers to companies like Google, Yahoo and Facebook in the US. (Tapping the signal here gives the companies plausible deniability, as the tap occurs outside their premises – or maybe they just don’t know, as they claim.)

A PRISM slide showing collection dataflow. Wikimedia Commons

A copy of the optical signal is split off and routed to a room operated by the NSA, where it is indexed, categorised and shipped back to the NSA for analysis later. Most of the traffic on the optical fibre is transmitted using plain text protocols – packets which contain a plain text header (to and from address) and a payload (the message).

If the payload is encrypted, the NSA still have a good chance of decrypting it. The NSA spent US$2 billion on a massive data centre in Utah, which is set to open later this year, and have recently commissioned a second in Maryland. These could house enough computers to store the NSA’s collection of intercepted traffic for years to come. Future developments in decryption could allow the NSA to decrypt the messages they are intercepting today.

Under the Patriot Act, which was signed into law in 2001 in response to the 9/11 terrorist attacks, US agencies have the authority to compel companies like Google, Yahoo and Apple to provide their private cryptographic keys to the NSA, allowing the NSA to decrypt secure traffic going through those companies. Under the same act it is an offense to tell anyone it has happened. Even without the keys, some “secure” web traffic can be decrypted using brute force methods.

A PRISM slide showing how targets are identified. Wikimedia Commons

So here are 10 simple ways you can minimise the likelihood of the NSA (and other organisations) monitoring your internet and voice traffic.

1. Encrypt your internet traffic

In the URL field of the browser, type in “https://” before the domain name. Your browser will download a certificate from the website and use it to exchange a shared encryption key. From then on, all your traffic is encrypted. If you don’t see “https” in the URL field, it’s not encrypted.

2. Check the encryption used by the websites you visit

Not all websites use good keys or encryption algorithms. At ssllabs.com you can test the sites you visit and (politely) ask them to improve their security.

3. Disable internet use tracking

There are two possible approaches to preventing website tracking: black listing and white listing. Black list programs use lists of known spyware sites and block those activities. PeerBlock is one such program.

NoScript is a white list system, and turns off JavaScript (a programming language which runs in your browser) when you visit a site unless the site is on the list. Most tracking uses JavaScript, so turning it off makes it harder (but not impossible) for the spies to track you.

Read More HERE