When Government is the Hacker, How Do You Protect Yourself?

FBI Director James Comey

FBI Director James Comey Mike Groll/AP File Photo

Featured eBooks
Space Tech
Read Now

CDM

Read Now

Digital Transformation

Read Now
Aliya Sternstein By Aliya Sternstein,
Senior Correspondent

By Aliya Sternstein

|

FBI malware and mass government surveillance breach U.S. citizens’ privacy, tech firms say.

During October's National Cybersecurity Awareness Month, when industry and government are supposed to unite in solidarity against hackers, some companies are pointing the finger at the elephant hacker in the room -- the government itself.

Leaks by ex-intelligence contractor Edward Snowden ignited awareness that U.S. authorities access U.S. citizens' private call records and correspondence with foreigners. Just like cyber criminals, they break into personal devices, using phishing techniques. Bogus, yet persuasive emails -- say, ones that contain an Associated Press article about bomb threats at schools -- secretly slip surveillance malware into a suspect's computer.

The feds also compel telecom companies to turn over bulk call records and tap international communications.

Tech developers cashing in on the mass spying revelations are promoting products that prevent the government from breaching citizens' data.

Yet these companies, according to U.S. authorities, are impeding legal efforts to track down criminals and terrorists.

The code-making, code-breaking tug of war was highlighted by remarks this month from FBI Director James Comey, in which he said encrypted, lock-boxed communications could make the job of law enforcement more difficult.

FBI 'Struggling to Keep Up'

"We are struggling to keep up with changing technology and to maintain our ability to actually collect the information we are authorized to collect," he said at an Oct. 16 forum hosted by the Brookings Institution. "And if the challenges of real-time data interception threaten to leave us in the dark, encryption threatens to lead us all to a very, very dark place. I am a huge believer in the rule of law, but I also believe that no one in this country should be beyond the law. There should be no law-free zones in this country."

This fall, Internet giants Apple and Google joined the encryption revolution by promising to offer consumers software that automatically scrambles their messages into secret code.

Apple spokesman Colin Johnson referenced a company webpage promoting its commitment to confidentiality. The site assures that devices running iOS 8 will be protected from governments seeking to collect photos, messages, email, contacts, call history, iTunes content, notes and reminders. All that data is encrypted. The only entity with a passcode to unlock the ciphers is the user.

“It’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8," the webpage states.

Google officials offered a similar privacy pledge: “For over three years, Android has offered encryption, and keys are not stored off of the device so they cannot be shared with law enforcement. As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on.”

Tips from Privacy-Conscious Companies

Even some former U.S. national security personnel are selling software to draw a line between the authorities and private individuals.

Mike Janke, previously a Navy SEAL and now co-founder of encrypted communications provider Silent Circle, recommended the following for "pulling back the protections that were already granted to you in the Constitution":

  • "What happens when you use encryption is that you force the government and law enforcement to actually use the legal system."
  • Do not let the government force product makers to dent security on their merchandise: "If you make technology weak, it opens it up to criminals and to hackers."
  • “We are all for intelligence agencies using technology to find bad guys. Absolutely. But what we are not for is the max vacuuming of all citizens' data."

Jennifer DeTrani, general counsel and chief privacy officer at texting service Wickr, says any U.S. citizen interested in protecting privacy rights should take the following precautions:

  • "Watch out for front-facing cameras on your phone, tablet, computer and TV. Masking tape is still the best solution. It is also good to plug your headphone jacks; this will stop 99 percent of the bugs from listening."
  • “Be careful what apps you download. Look closely at the company behind the app and the privacy policy. Do not import your address book without careful consideration.”
  • “If you don’t want your location physically tracked, consider removing your battery or shielding your phone in a Faraday cage when you are not using it."

Andy Feit, chief executive officer of Enlocked, who co-created an encryption Web tool marketed as the simplest way to secure email, advises that citizens take these precautions:

  • Communicate using tools that lock out even the communications provider from being able to read your messages.
  • PGP encryption, which is used by most secure communications providers, hasn't been broken to anyone's knowledge. The technology slows the government's ability to surveil, he said. "The days of them being able to just blanket mass surveillance an entire community or country or set of users -- it would be much, much harder, when that happens," he said.
  • "In the end, I want the NSA and the CIA ... to do it in the right way and not (by) monitoring everybody . . . It’s hard work. That's what you are paid to do.”

Law Enforcement Officials Want to Keep "Backdoors"

The Office of the Director of National Intelligence, which coordinates data surveillance activities across civilian and defense intelligence agencies, deferred to the FBI’s position on encryption and new technologies.

FBI officials view such incognito communications as detrimental to the public’s well-being. The government continues urging businesses to build "backdoors" into products before they hit store shelves.

"There is much more risk associated with the after-the-fact intercept capability being built in," Comey said. "There is a non-zero risk associated with building it in, in the first place. But there is also risk to us, as a society, by foregoing the ability to collect that information with lawful authority. My view is that the risk mitigation associated with building it in the front end and the risk avoidance by not having a dark spot -- that is spreading across our entire country -- makes sense."

And while the market imperative for companies to offer privacy-protecting services appears sensible, it's not industry's role to decide whether it is safe, he added.

Businesses are saying, “’Our stuff is protected.’ I get that and that makes sense for them to advocate that position," Comey said, but "I think what they are not able to advocate -- because it's frankly not a thing they own except as citizens in this great country -- is the safety trade off, the security trade off."

NEXT STORY: Building top-notch information security teams

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.