For anyone in the habit of wearing a tinfoil hat, the last couple of weeks have been ones of redemption. With a steady stream of revelations about the National Security Agency’s astonishingly broad intelligence-gathering activities, conspiracy theories about its reach have seemingly been validated.
Those same raise a related question: Are there ways to avoid the NSA’s prying eyes?
It turns out there are (for the most part, anyway). And for the companies selling communication tools to circumvent surveillance programs, business is going like gangbusters.
Silent Circle, a company that provides encrypted email, phone, and messaging services, has seen sales increase 400 percent so far this month (you can now take advantage of a 50-percent discount on its full suite of services). Moxie Marlinspike, the hacker and developer behind Whisper Systems, another purveyor of encrypted communications tools, says his service has seen a 3,000-percent increase in its new active user rate since June 6, when the story about the NSA’s PRISM program first broke, though he did not offer specifics about the number of users the company has signed up. Cryptocat, a free encrypted chat service, welcomed almost 5,000 new users last week, and server traffic is currently running 80 percent above average for its 65,000 regular users, according to Nadim Kobeissi, the site’s lead developer. And Tor, a web browser that protects its users from so-called "traffic analysis," has seen a 17-percent increase in its mean daily users in the United States (the number of users is now approaching 90,000).
"We are running around with our hair on fire — it’s insane," Silent Circle CEO Mike Janke told Foreign Policy.
Utilizing a peer-to-peer encryption tool, Silent Circle’s communication tools — which include everything from email to text messaging to video conferencing — promise near-anonymity on the web. In layman’s terms, these services scrable your communications with users using a similar encryption protocol, turning your message into a bunch of gibberish for the NSA analyst listening in.
Silent Circle’s offerings are part of a burgeoning movement online to ensure user anonymity and prevent privacy breaches, but tools such as encrypted email can only do so much to fight back against the NSA. In recent years, encryption technology has become so advanced that the agency has largely moved away from using brute-force decryption methods — that is, leveraging an immense amount of computer power to unlock a given encryption algorithm — and instead adopted traffic analysis methods, according to Janke.
As part of this new approach, the NSA scoops up immense troves of a given type of communication and tries to spot patterns in those exchanges. That technique, known as traffic analysis, allows the agency to establish connections between people and groups on the Internet. And by identifying its targets in the morass of messages, the NSA can map a given target’s entire social network. That information can often be more valuable than the content of the message itself.
All this means that encryption tools like those offered by Silent Circle are only a first step — a reality that Janke fully acknowledges — and that email is particularly vulnerable to NSA snooping.
"Due to the physics of email — how a server needs to take that data and send it down to someone else — it is vulnerable to metadata and it hangs around forever," Janke said, referring to secondary data — the contents of the "to" and "from" fields, say, or routing information. (That said, Silent Circle avoids some of these problems by retaining a minimal amount of user data. If the government comes knocking — as it has — Silent Circle has nothing to give them.)
This climate has helped popularize services such as Tor, which masks a user’s location by bouncing the user’s connection off a large number of servers. It’s a little like trying to throw off someone who’s tailing you by making many sharp turns in your car. Tor uses the vast architecture of the web to achieve a similar effect.
So, to review: If you want to prevent the NSA from listening in on your conversations, hop on Tor, log onto Cryptocat, and talk all you want about your plans for global domination.
But even then, if the NSA knows your identity and considers you a sufficient threat, it has the ability to hack into your computer and track every keystroke you make. There’s little encryption can do about that.