The problem and views by independent experts*
Internet and mobile phones changed our lives like no others. They changed the way how we communicate, do business and interact with each other. These two inventions together have also become the perfect wholesale surveillance and spying tool. Digital information can easily be tracked, altered, modified, faked, analyzed and not so easy completely wiped out. Applications we use day after day write cache, leave tracks and backdoor records of our activities.
By the moment of now, the world encounters ~4.7B+ active mobile phones. Each phone pings different networks via GSM, CDMA, LTE, Wi-Fi and other rotocols every 5 minutes leaking lots of information about where the phone owner is, who is nearby, moving directions, whom the phone owner is calling to, chatting with or emailing. This is the way how telecommunication technologies work.
4.7 Billion +
active mobile phones globally
Mobile companies are watching us
In 2012 Malte Spitz presented the talk how his mobile company is watching him. Since summer 2006 the EU Commission tabled Data Retention Directive. This directive says that each phone company in Europe, each Internet service company all over Europe, has to store a wide range of information about the users.
In summer 2006 the EU Commission tabled Data Retention Directive
Who calls whom? Who sends whom an email? Who sends whom a text message? And if you use your mobile phone, where you are. All this information is stored for at least six months, up to two years by your phone company or your Internet service provider.
They write your diary
All mobile and Internet carriers in the EU write digital diaries of their users based on the activity signals of mobile phones which they serve. They must store this data for at least 6 months and up to 2 years, but basically, they can keep it forever. Analyzing this data maps society behavior patterns, e.g. it creates a blueprint of social communications. It is possible to detect communication hubs, define who is more important and switch off communication leaders. It questions the very basic terms of freedom and privacy.
6 mos ‒ 2 yrs
4.7B+ active mobile users
globally generate huge amount of data creating behaviour fabric of states and society. This data may be stored forever.
Edward Snowden’s leaks pointed that the US intelligence agencies were using Google, Yahoo, Microsoft, Facebook, Apple, Twitter and lots of other popular global services. Sources at The New York Times confirm that the companies concede to surveillance program. Snowden’s materials revealed that the US intelligence agencies hack their domestic and foreign companies to wiretap their users.
How about the EU? What about MI6, MOSSAD, FSB, Bundesnachrichtendienst, MSS and intelligence agencies of other countries? How about their capabilities? Do they collect any data about their citizens, how about spying on foreigners?
Think they hack you gently?
The NSA has the greatest surveillance capabilities in American history... The real problem is that they're using these capabilities to make us vulnerable. They've become sort of the national hacking agency, the national surveillance agency.
Governments spy on governments, governments spy on companies, companies spy on companies, intelligence spy on bad guys, bad buys spy on governments and companies and they all spy on innocent users who do not even guess of these global behind the scene surveillance parties.
Spies of all kinds and flavors
In addition to governmental agencies, there are also many private companies specializing on extremely sophisticated surveillance techniques. They collect and analyze data about their target from different sources: mobile phones, social media, personal computers, communication contacts of their contacts, their mobiles, their social media contacts, web cameras, mobile cameras and so on. The scale of the shadow spying is crazy. Information leaks during the US presidential election campaign of 2016 unveiled hacking potential of parties interested in influencing of not controlling some serious political processes. Rumors persist that those were non-US agencies, but Russians.
Of course, they watch you politely.
Only with one eye.
On the cyber domain it will be private sector (not governmental agencies), which will protect our information...
Privacy is not negotiable.
It cannot be any good goal or holly purpose for watching all mobile users without their knowledge that they are being watched. It is not that you have nothing to hide, it is nobody's business what you are doing in your private communicate channels (calls, chats or emails). Governments will not have enough resources to protect privacy of their citizens from malicious spying by other governments or foreign intelligence. Governments (of all countries), probably, will be the first to watch their own citizens. If you don’t take care of your digital security and privacy protection nobody will do it for you.
Individuals have to
protect privacy on their own
The only way to protect information is to encrypt it.
Encryption is a good way to protect your data. In fact, in some countries using encryption is illegal and is considered to be a crime. When choosing encryption make sure you go with strong algorithms which are unfeasible and incredibly difficult to break. The US National Institute of Standardization and Technologies (NIST) developed recommendations for cryptographic algorithms, standards and sizes of encryption keys. The Wired publication describes how applying approved NIST standards NSA weakens encryption algorithms on purpose by leaving backdoors in math.
Encrypting only text may not help. What?
When it comes to email protection, many PGP encryption programs are doing well encrypting emails, but are not so good with handling cache of user activity. Extracting information from cache will tell whom you are contacting to, when and how often. Even if information of emails is hidden the cache may tell a lot about the user. Not only encryption algorithms are important, but also it also important how encryption applications work. It is important where points of encryption and decryption are. Is information processed on user’s side or on the server? Are encryption and decryption keys long enough to stand the brutal force attack? Are encryption and decryption keys protected from unauthorized use?
Everybody should encrypt their email. I’m a strong believer of strong encryption.
Strong encryption should be performed end-to-end, should be unfeasible to break, should not have any backdoors, should not have any chance for men-in-the-middle to join or wiretap conversation, should not leave any side tracks and should not write any logs or cache. If NIST recommends using 1024-bit key for RSA encryption algorithm, using longer keys (at least 2048-bit) ensures stronger level of encryption. Breaking 2048-bit RSA key is 232 times harder, than breaking 1024-bit RSA key.
Go with strong encryption
Without strong encryption, you will be spied on systematically by lots of people.
The term Independent experts is used to indicate people and specialists who by no mean are associated with No.1 BC and/or any No.1 BC brunches. Independent experts expressed their points of views in different times and all their sayings are freely available on the Internet on different sources. Independent experts are people of different professions, different specialization fields and activities who do not (and did not) have any intention to advertise and/or promote any No.1 BC product or solution. Independent experts, probably, do not know about No.1 BC existence (yet, at least). All sayings and points of views by independent experts are quoted for educational purpose only to increase awareness of modern communication tools. If the user hasn’t found the way to secure his or her communication searching Internet may offer something.