Electronic Frontier Foundation On Computer Security

The Electronic Frontier Foundation describes themselves as "the leading civil liberties group defending your rights in the digital world."   In this recent story on abcnews.com, EFF spokepeople, along with others, describe different ways we can protect our information from surveillance and information-gathering.  The EFF has launched a Surveillance Self-Defense Project to help us protect our systems from being spied on by the US government.

7 Ways to Stop Uncle Sam from Spying On You

Privacy Experts Offer Tips on Protecting Your Digital Communications and Transactions

You say you have no secrets. Your life's an open book. You have nothing to hide. But still, do you really want to make it easy for Uncle Sam -- or anyone else for that matter -- to rifle through your contact lists, read your e-mails or monitor your cash flow?

Probably not.

But privacy advocates say it's never been easier for the government to collect information about you.

"We all benefit from the explosion in communications technology, but it also means that there are new and growing caches of sensitive data about us," said Kevin Bankston, a senior staff attorney for the Electronic Frontier Foundation, a digital rights group that, this week, launched a surveillance self-defense campaign.

On issues of digital privacy, Bankston said, the law has not kept pace with the boom in technology. Left out on a limb legally, he continued, Americans need to defend themselves technologically.

Not only do we need to be careful about protecting the information we store on our computers and cell phones, we need to be wary about data stored on the servers and in the databases of third-party companies who don't necessarily make privacy a priority.

ABCNews.com spoke with the Electronic Frontier Foundation and other privacy advocates to learn some easy ways to protect our private information. Here are a few of their tips:

1. They can't take what you don't have. So, delete, delete, delete.

Bankston emphasized that it's very important to think carefully about the records you keep and establish a plan for the kinds of documents you hold on to and the length of time you hold on to them.

"If you don't have it, they can't get it," he said, adding that it's unlikely that we need e-mails that date back one, two or three years.

But it's not just documents and e-mail that we need to get rid of.

Check your Web browser regularly to clear the history of sites you've been looking at, the files you've downloaded, cached copies of Web pages and cookies from the sites you've visited.

Although it's convenient, the EFF advises against letting the browser save passwords for Web sites and data you enter into Web forms. If your computer is seized or stolen, all that information becomes exposed.

Don't Forget About IM

Privacy experts also caution that you can't forget about all those instant messaging conversations you have throughout the day. By default, most IM clients log all of your conversations. Check the software's preferences so that you know if it's saving the messages and for how long. And then decide if you want to set the system to not save any messages at all or clear out every month or every week.

Finally, privacy advocates say that when you delete, make sure you actually delete.

"Deleting" a file on your computer -- moving the file to the trash and then emptying the folder -- doesn't actually get rid of the file for good. It just makes the file invisible to the user and lets the computer know it can be overwritten with new data. Even if it gets overwritten, which could take weeks or years, computer experts can still figure out the initial data.

However, software exists that can securely delete files by overwriting them several times. The EFF says your operating system probably already includes software that can do this, and if not the EFF site includes links to other free deletion tools.

2. If you keep it, encrypt it.

You may think you're not tech-savvy enough to say it, let alone do it. But then again, once upon a time the Internet was out of reach for most of us.

Encryption isn't as complicated as it sounds, and privacy experts say it's becoming a modern necessity.

"Why is it worth it to get a lock for your house?" Bankston asked. "Your computer is your virtual house."

A panoply of software exists to encrypt either the full disk or individual files, depending on your needs. The EFF recommends using mainstream programs rather than obscure ones because they're more likely to have been reviewed by experts.

If you don't want to go through the trouble of encrypting the files on your computer because you don't think they're sensitive enough, experts say at the very least you should encrypt your communications.

It's a little known fact that some e-mail and instant messaging clients offer an encrypted option. Gmail, for example, allows users to choose to use the encrypted option in their preferences, although Yahoo and Hotmail do not. Microsoft Office Live -- Microsoft's answer to Google Docs -- also offers an encrypted option.

These encryption tools won't stop someone from getting the data after it's sent, but Chris Soghoian, a student fellow at Harvard University's Berkman Center for Internet and Society, said they'll prevent the "corrupt insider" or the "creepy guy in the cyber cafe" from spying on your conversation.

"One of the biggest threats to people's privacy is instant messaging communication," he cautioned.

Soghoian said free tools such as the Adium for Mac users and Pidgin for PC users can encrypt your conversations, whether you use AIM, Yahoo, Google Chat or other platforms.

Keep Your System Current

3. Run the most up-to-date browsing software.

Soghoian told ABCNews.com that running the newest Web browsing software is another easy best practice that not enough people employ.

Whether you use Internet Explorer, Safari or something else, make sure it's been "released in the past few months, not the past few years," he said.

The newer versions automatically update to make sure you're using the most secure browser.

4. Manage your cookies.

Aside from the sweet temptations in a jar, cookies are pieces of information used to track your browsing habits online. If your browser is set to accept them, they will tell a site when you visit a page and what you do on it.

It's difficult to block them altogether, because if you did you wouldn't be able to log into some sites or make travel reservations and other online transactions. But privacy experts say you should try to manage them.

For example, the EFF says that on many browsers you can choose a cookie setting that only allows cookies to persist until you quit the browser. Other users could choose a setting that lets them manually decide whether or not to accept cookies from each site they visit.

5. Consider anonymity.

Released just a few months ago, Tor is an free, easy-to-use tool designed to protect your identity online by hiding your IP (Internet protocol) address. Not only does it anonymize your Web browsing, publishing and instant messaging, it also encrypts part of your communication on the Internet.

It is recommended by EFF, Human Rights Watch and Global Voices Online.

Storage Options

6. Store your data locally whenever possible.

Google Docs and other third-party services are mighty convenient. They make it easy to share information and store big files on someone else's server (freeing up space on our own computers). But EFF's Bankston cautions against it when possible.

Very little is known about surveillance compliance, or how amenable companies are to handing over our information to the government, he said. But the small window we do have into this "shadowy" world, he said, indicates that we can't count on third party companies with which we store information to stand up for us.

"We have to assume the worst -- that when companies are approached for information, they aren't going to put up a fight," he said.

At some point it will ideally be safer to do more "in the cloud," but until those services are more secure, privacy experts recommend storing important files on your own computer.

7. Remember that the law needs to catch up.

Overall, experts emphasize, don't take your privacy for granted. Privacy laws are among the most complicated, and for the most part they have not kept up with technology.

You may have nothing to hide, they say, but you also have the right to not have someone looking over your shoulder.

"The ability to control the information that goes out about you is a fundamental human activity," Jay Stanley, a privacy expert with the American Civil Liberties Union, told ABCNews.com. "It's essential to the dignity of a person in a civil society."

Dig in.

0 Character restriction
Your text should be more than 10 characters

People in this conversation

  • Guest (nastassja)

    *** HIDING IP ADDRESS WITH TOR ***
    Tor will not protect your transmitted information unless it is encrypted by your computer and decrypted by the end user. Additionally, since May 14, 2007 all telecommunications carriers in the US were required by the Communications Assistance for Law Enforcement Act (CALEA) of 1994 to install hardware for law enforcement agencies to perform unlimited warrantless wiretapping of all civilian electronic communications, including real time monitoring of phone calls, email, and web traffic. Due to the possibilites enabled by CALEA compliance, unless your encryption method is impeccable (i.e. the random number generator is truly random) your internet activity will not be certainly secure from the eyes of the US Government even if you use Tor and encrypt your data as the Tor folks suggest.
    For more info, see:
    1) Kim Zetter's article in Wired on September 9, 2007;
    http://www.wired.com/politics/security/news/2007/09/embassy_hacks?currentPage=1 />
    2) The Tor project's wiki site FAQs:
    https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ


    *** CELL-PHONE USERS ***
    If your cell phone has a microphone your phone's microphone can be used by the FBI to monitor conversations that are going on nearby the phone, even when it is off (does your alarm work even when the phone is off?). Taking out your battery when your not using your phone can solve that problem.

    For more information on law enforcement using cell phone microphones to tap nearby conversations:
    1) McCullagh, Declan; Anne Broache (December 1, 2006). "FBI taps cell phone mic as eavesdropping tool" CNet News. http://news.cnet.com/FBI-taps-cell-phone-mic-as-eavesdropping-tool/2100-1029_3-6140191.html. Retrieved on 2009-03-14.

    2) Odell, Mark (August 1, 2005). "Use of mobile helped police keep tabs on suspect" (in English). Financial Times. http://news.ft.com/cms/s/7166b8a2-02cb-11da-84e5-00000e2511c8.html. Retrieved on 2009-03-14.

  • Guest (Zack)

    Some good basics. Thanks for posting.

    I'd like to make everyone aware of this <a href="/http://www.torproject.org/" rel="nofollow">site</a>, which is referenced in the post.