An NSA Whistleblower’s Guide to Encryption
Monday, July 6, 2015
VIDEO CAPTION: NSA whistleblower Thomas Drake sat down with The Real News to talk about surveillance.
We asked him about last month’s USA Freedom Act, dubbed as surveillance reform by Congress.
THOMAS DRAKE, NSA WHISTLEBLOWER: It was the first legislation that had ever been passed that was ostensibly for reform other than just continue to expand it. So that’s a good thing. The concern I have is that it actually institutionalizes practices that were already considered to be unlawful or in violation of the Constitution. It doesn’t touch the myriads of other metadata. It was actually NSA-approved, NSA had no problems with it. Essentially outsources to the telcos what NSA was already getting from the telcos but holding it in their own databases.
So they just go back to the secret court, they actually ask for, it’s basically an administrative procedure of the secret court to get the data they already had anyways. So what’s the difference?
So can’t wait for policy, can’t wait for legislation, although although you’ve got to continue to work that. So what can an individual do to protect themselves? Well, I would say anything that you would consider that you don’t want to share publicly with someone you don’t know outside of your immediate circle of family and friends and intimates, then you need to protect yourself.
If you’re making voice calls, yes, there’s technology now in an app form, Wicker is one of them, Signal is another. There are several. Those are the two primary ones. Some of them even have built in secure text messaging as well. Like Signal, for example, does have text messaging.
If you want to be prudent about protecting email and just don’t want anybody that’s coming along and reading it, especially the government or somebody else for that matter, or someone that has other intentions, then one of the standard, standard encryption mechanisms is PGP.
That’s one thing if you’re communicating. What about your computer itself, what about what’s stored on your computer? That’s where you’ll probably want to engage in the equivalent of whole disk encryption. So the drive itself is encrypted so if you were to lose the drive or have someone remotely access it, it’s going to be much more difficult for them to decrypt, or to gain access to information, because the information on the computer itself is encrypted. On a Mac, FileVault 2. TrueCrypt is another one. There’s yet others. There’s even PGP versions from some of the vendors that you can actually encrypt either the whole disk or portions of the disk.
Then if you’re communicating in a way that you don’t want–because here’s the other thing. If you’re on internet it’s quite easy for anybody with relatively modest means to know where you’re coming from. Knowing what your gateway internet protocol, your address, where you’re coming from to get on the internet. So there are things called proxies, and there are things called virtual private networks.
When you use proxies, that basically means you’re routing yourself to another place on the internet, a virtual location, from which you then communicate. That gives you a pretty high degree, especially if the proxy service itself is non-logging, and it’s protected as well. You combine that with VPN, that gives you another layer because that’s actually even more secure if it’s the right kind of VPN. Where many of the VPNs, the more modern ones, are actually encrypted.
If you’re looking to anonymize yourself combined with encryption then you have to go into an environment like Tor. Tor basically is an anonymization engine that lets you–basically splits up your activity on the net. So it obscures you. It makes it more difficult to figure out what you’re doing on the net, because it’s anonymizing you. Combine that with encryption, that’s pretty strong.
It’s true, this is one of the paradoxes here of using encryption, is the government considers any form of encryption increasingly means you may be up to no good by virtue of hiding it. By virtue of actually, of wrapping it in privacy protections or protective mechanisms, that means you may be up to no good, which draws their attention to it. So I use really–what I recommend is a combination of anonymization, where using Tor, and there are other environments as well, combined with an encrypted channel.
Some people say well hey, it doesn’t bother me, it’s not affecting me, I’m not doing anything wrong, why should I worry? Well, we should all worry whenever it’s–because the government has been routinely using us in what’s called parallel construction to go after others. And I became an [enemy state], others that I work with were labeled as threats to the state. And I gave them carte blanche to then direct the surveillance powers against people. It’s ultimately about social control, about people control. History’s not kind here, at all.
DISCLAIMER: Please note that transcripts for The Real News Network are typed from a recording of the program. TRNN cannot guarantee their complete accuracy.