By Office of Foreign Programs, Clandestine Reporters Working Group
The worst trait for a social movement is a Face for the movement. Personalizing an age, such as an age of surveillance, organizes, at the same time, a body for inspection — laying out the rows and columns in order.
What has happened with “privacy” is a short list of public figures sponsor tools (often the same tools), and whether those tools are necessary to security becomes a minor problem. Here the humanities has a task: analyzing how we perceive a problem and how the perception is itself a problem.
To narrow this inquiry further, take professionals in journalism. The data security narrative has been that privacy is a science with rules for securing information. The matter is simply hiding information methods, and we need just wait for an authority to say, “Here are the rules [or an amendment to a rule].” Sun Tzu’s “Art of War” is read as the “Science of War” or “A Mathematics of War.”
The presupposition is we find answers to security problems with mathematical precision and then share the formuli. Everyone behaves similarly. “Use PGP, Tails, Signal and Red Phone and VPN and OTR and F and G and H and J.”
This is the easy way out and the most dangerous perception of privacy issues. Notice how the movement functions: sharing technology tools in waves, starting from public figures and covering their followers in neat, succinct intervals. Government hunting expeditions are like firing from a helicopter into a field of buffalo. The buffalo run together in one direction.
Imagine a large supermarket chain runs facial recognition in its camera systems: scanning customers upon entry and again at the checkout, matching items bought with the facial profile and databasing the “package” for further purchasing habit tracking then selling packages to marketing and advertising firms; image scanning in the aisles when staring at products, deducing age and gender. A science of surveillance might include countermeasures to facial recognition. An art of surveillance would add, as a blend, mixing items, sharing shopping lists with friends on rotation, buying unconventional items infrequently, and rotating supermarket trips. The latter art (misinformation) complements the technology (disrupting image quality of face).
Applying the science and art dynamic to journalists’ security, we see that encrypting email is, by itself, inviting the Leper Christ “into one’s arms and into one’s bed.” Being the martyr and fighter of a “revolution,” is misguided. Revealing and advertising information hiding is the first mistake, and using it without misinformation is the second mistake. The third mistake is using either prong negligently, which is really a few stems from the trunk of 1 and 2. Since 1997, theft of private and public keys is accomplished with mathematical precision. Discipline, patience, and creativity are needed.
Illustration to this line of thought: imagine a journalist in her home office, hotel room, or business office in Jakarta. She sets up two laptops, one personal and one for “secure” communication, inserting a removable USB drive running Tails, connecting to VPN, opening up Tor and her PGP email to send a message. She types a draft, edits, and sends a message to her source in Brussels. Having applied the rules to her situation (and here is the critique of rule-bound systems), she is confident her email cannot be read by anyone other than her source in Brussels.
What is the first mistake? Typing.
We’ve understood since 2009, six years ago (computing power growing exponentially), that ground power sources can be tapped and monitored for keyboard signals generated by key strokes. The voltage fluctuations in the ground lines give keystroke signatures. Those signatures can be rewritten as characters and databased in real time.
Since 2008, at least, keystrokes can be logged by their radio frequency waves emanating from keyboards. In another method, lasers pointed at certain laptop points or nearby objects can detect modulations caused by vibrations from striking keys. We’ve also seen that federal and state law enforcement, with a warrant, surveil space with cameras the size of a fish eye, which can be set up to record keyboard activity.
The point here is that all the “gold standard” encryption programs available become absolutely worthless. Extend from this vertex of folly to our cellphones, smartphones, tablets, GPS devices, among other things.
Our first advice is to stop typing. The radio signals can be picked up outside cafes and on the other side of the wall. Ground power to the home, office, school, and elsewhere is likely tapped. Cameras in every comfortable setting record the keyboard in high definition. Lasers pointed at the computer at every public corner detect keystrokes. Carrying equipment to remote places is going to warrant more detailed scrutiny.
Seems like it is time to get creative. As an exercise, here is one example.
Like the supermarket example, assume fingerprint, DNA, hair samples, fiber samples, gait recognition, and facial recognition have been profiled and databased. We must consider the network analysis of targets and work to minimize, not “all-or-nothing remove,” any damage.
A good start is to create false leads. Type in the normal course of business. Type regularly the needs of daily life. And add some vague and descriptive messages of future plans. Mix in profiles of different subculture followers (from cosplay to boat sailing), taking on new hobbies, pursuing travels, meeting new and interesting people.
The source in Brussels should be someone met on a forum about model airplanes and what type of enamel and paint is best for Hasegawa F-22 Raptor. Search convention shows and sign up with hobby groups. Think about the logistics of an investigation, resources to continue surveillance, and the time needed to analyze mapping of one’s network. Make the network as large and as dense as possible.
At the right time, having considered technologies and assumed the worst, a disciplined routine would include A and B perhaps meeting at the Aviation Working Group convention in Cape Town. See also: academic conference, non-profit work, volunteer organization, music lesson).
Tails and PGP and Tor and VPN, at this point, are not necessary. Using those technologies only attracts attention and leads to more thorough and revealing network analysis, not less. Hiding information is not completely abandoned in all settings, but supplemented with defensive techniques that counter the end goal of surveillance, not specific surveillance technologies.
Appear mundane and readable as if an open book. Meanwhile, with the right mix of creativity and patience, reporters can work nine to five and pursue their arts, including misinformation, after hours, when the hard targets operate.
Originally published by Clandestine Reporters Working Group.
Content posted to MyMPN open blogs is the opinion of the author alone, and should not be attributed to MintPress News.