Revelations about government snooping show just how much they know about us. But there are ways to opt out

What are you looking at? (Image: Lucas Jackson/Reuters)

Editorial “Big brother needs a data privacy policy“

BIG BROTHER really is watching you. A series of revelations over the past week has revealed the extent of the US government’s snooping. But there are ways that the average citizen can avoid the prying eyes of the state.

Last week, whistleblower Edward Snowden – a former contractor with the National Security Agency (NSA) – told UK newspaper The Guardian that the NSA not only has details of phone calls made by millions of Verizon customers, it also has some form of access to its citizens’ internet activity as part of a programme named Prism.


The details of exactly how the NSA accesses personal data held by US internet companies are still unclear (see “Split the difference“). Access to Verizon’s call metadata was obtained using a secret court order forcing the firm to hand over information including call duration, number and cellphone tower details.

But the main cause for concern is that network science today means governments can glean remarkable insights from the vast amount of data they compile about their citizens’ every move. So what exactly can they find out about us – and how can we opt out?

Tanya Berger-Wolf at the University of Illinois in Chicago, who studies methods of extracting information from large data sets, says combining data from sources such as Google, Facebook and Verizon can tell you a lot. “You can put together a very good, composite dossier of a person,” she says.

Phone calls alone can provide plentiful information. Yves-Alexandre de Montjoye of the Massachusetts Institute of Technology and colleagues analysed 1.5 million anonymised call records from a Western cell carrier. They showed that it takes just four calls or text messages, each made at a different time and place, to distinguish one person’s movements from everyone else’s (Nature Scientific Reports, doi.org/msd).

An experiment by German politician Malte Spitz shows what happens when you fuse such data with online activity. Spitz sued German telecoms giant Deutsche Telekom to get it to hand over six months of his own phone data. Then, working with German newspaper Die Zeit, Spitz melded that data with social network and other web information about him to create a map that tracked his movements and activities. It showed where Spitz was at any given time, what he was doing, how many calls he made and how long he was connected to the internet. The NSA’s supercomputers would make light work of creating an even more detailed portrait of anyone it was interested in.

Chris Clifton, who works on data privacy at Purdue University in Indiana, says the NSA will be using software to sort the records into groups by similarity – people who make lots of calls, for example, or people who never call abroad. Patterns in time could be useful, too. If one call appears to spark a flurry of others, that might mean the first phone number belongs to an authority figure in a criminal organisation, for instance.

But for citizens who want to guard their privacy, there are a number of options. Apps like Silent Circle and RedPhone can already encrypt your calls and send them over a data connection or Wi-Fi instead of through your carrier’s voice network. They also stop carriers from logging end phone numbers. Downloads have exploded since The Guardian‘s revelations – but such apps do not give you full anonymity because they cannot prevent your movements between phone masts being tracked.

There are already apps available to encrypt your calls but they do not give you full anonymity

A new standard for communication known as WebRTC (Web Real-Time Communication) could enable users to make calls over the internet without leaving any traces at all. That’s because it doesn’t rely on centralised servers but rather sends traffic directly between individual computers.

Combined with an encrypted connection using the anonymising Tor network, which sends data via volunteer networks of computers, WebRTC could keep your internet communications invisible to prying eyes.

An organisation called Tor Servers is aiming to bolster traffic speeds across Tor exit nodes – the points at which traffic from Tor enters the real internet. Its mission statement is to “make the Tor network more stable, faster and more anonymous for everyone”.

There are even efforts afoot to build an entirely new internet, one free from control by large corporations and, by extension, governments. Project Meshnet aims to have its own router hardware, and for this to communicate without using the infrastructure of large telecoms companies. That is still some way off, but for now you can use the software version, called cjdns, which runs on existing infrastructure. Physical Meshnets are already up and running in Maryland, Seattle and New York.

And there are ways to protect people’s privacy while still obtaining information. An MIT project called openPDS works by only allowing third parties to ask questions of a data set, without allowing them to get their hands on the raw data. This, combined with legal systems that notify individuals when their data has been searched, could change the privacy debate. “Such a ‘mixed approach’ to privacy is the way forward,” de Montjoye says.

Split the difference The US National Security Agency’s Prism program seems to be lifting personal data from the internet. How? Internet giants including Google and Facebook strongly deny that the NSA has direct access to its servers. There is another way, however. A slide from an internal NSA Powerpoint presentation suggests the agency is siphoning directly from fibre-optic cables. To do this, it probably uses “splitters”, which split the light beam. Recent research by Andrew Clement at the University of Toronto, Canada, shows that 99 per cent of US internet traffic goes through one of just 18 cities. So if the NSA installed splitters at a few strategic points “it could intercept a large proportion of internet traffic”, Clement says.

This article appeared in print under the headline “We know who you are”