Breaking out of the PRISM
Your personal information, data that you may store in your email, cloud storage, video calls you make through Skype, Google, Yahoo or Apple are all accessible to spying programmes such as PRISM.
Any type of Internet user must know how such programmes work and what is at stake, says MIR UBAID. PIX: Published in Livemint on June 20, 2013.
News in the United States of NSA leaks by its former contractor Edward Snowden is perhaps the biggest reminder in recent history of just how vulnerable our data is on the Internet. On July 1, it was revealed that India is one of the countries that are being spied upon by the NSA. While governments of countries including Germany and France have reacted sharply towards the NSA programme, the Indian government chose to support it.
Instead of terming NSA’s spying on Indian citizens as illegal, External Affairs minister Salman Khurshid defended the programme, saying it is “only computer analysis of patterns of calls and emails that are being sent.” He went on to say that “the information that US got of their scrutiny, helped them prevent serious terrorist attacks in several countries.” Khurshid seems to be among an increasingly small group of people who think the PRISM programme actually “prevented terrorist attacks.”
Bruce Schneier, an internationally renowned security technologist and author who was also described as a “security guru” by The Economist, seems to think otherwise. In a New York Times opinion column he said, “Reading the documents leaked so far, I don't see anything that needs to be kept secret. The argument that exposing these documents helps the terrorists doesn't even pass the laugh test; there's nothing here that changes anything any potential terrorist would do or not do.”
Debates on whether such spying programmes are legal or not continue, just as those on if Snowden is a hero or a traitor do. But in the midst of these debates, what the average individual needs to focus on is what exactly is at risk here. Your personal information, data that you may store in your email, cloud storage, video calls you make through Skype, Google, Yahoo or Apple are all accessible to spying programmes such as PRISM, despite India having its own specialised programme called CMS (Central Monitoring System).
Governments often have a wide palette of designs and algorithms for their respective spying programmes, making each one of those work differently than the other. But at the end of the day, all of them have only one task to carry out: spying on people. It is necessary to realise the difference between spying by a computer hacker and a sophisticated programme designed by a government agency whose job is to monitor data. While a hacker may hack a computer by tapping through only a few wires of communication, PRISM monitors all of the data through every accessible channel. The documents revealed by Snowden have shown us big internet companies like Google, Yahoo and Microsoft are involved with NSA under the project called PRISM even though all of them have denied such allegiance. This makes it more complicated as most Internet users rely on email, video, chat and other software from these same companies.
While NSA may have to breach the fourth amendment of the US constitution to snoop on its own citizens, there is no law that protects citizens from PRISM overseas. Also majority of Internet servers are stationed in the US, therefore information uploaded and downloaded by people living in other countries will eventually pass through these servers.
According to a secret document accessed by The Washington Post, “The NSA and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets.” While the US government may say that such programmes are designed to protect the citizens of its country, it is up to governments in other countries to stand up for the rights of their own civilians.
While some people may support such programmes that may help curb terrorism, there are others who believe Internet freedom and privacy have nothing to do with terrorism. That may be another debate but here we need to realise that any type of Internet user must know how such programmes work and what is at stake.
We often use our personal information online; information that we don’t want to share with anyone else--such as our bank account information, medical history, personal photographs and more. However, many Internet users believe that wanting to hide such information doesn’t necessarily make them a terrorist.
Now that the External Affairs minister of India has supported the US spying programme instead of defending the Indian citizen’s right to privacy, and has even denied asylum request to Snowden, online users here need to be sensitive about their online information. The Indian government, instead of standing for the rights of its citizens has chosen to defend the NSA programme. Now it is left to the citizens of India themselves to protect their online information.
First of all Internet users need to get some insights into the PRISM programme; how and why it started, how it works and who is involved. This article on The Guardian provides all the basic information that you need to know.
Interestingly, immediately after the whole drama about NSA leaks went viral, a website named PRISM-break.org was launched. The site provides brief details about popular software that we use daily and gives a list of alternative software designed to protect privacy and data. While NSA’s PRISM is an example of how shady and ugly Internet can be, PRISM-break is an example of how there is always an alternative to almost anything on the internet.
The open-source community is known to have focused on Internet freedom and online security. Now is the best time for Internet users to start exploring this world that exists on the Internet. Open source software is there to help users so they are not bound to using sponsored products of companies that work with governments. And while some politicians might be ready to sacrifice your information so that they don’t ruin their relations with influential countries, the open source community of the Internet will always be developing software which can offer a safer option for personal data. The only thing that stands between Internet users and open-source software is—opening up to it.
India’s national PRISM: CMS
While tech geeks are rolling out more information on how to tackle PRISM, India has come out with a PRISM-like programme of its own. Known as CMS, the project implemented by Centre for Development of Telematics (C-DOT) will monitor online activity, phone calls on land lines and cell phones, location, text messages and other forms of telecommunications. The project is supposed to go live in August and its announcement by the Centre makes it clear that monitoring social media is one of its primary goals. Looking at previous records of social media monitoring by the government, it is clear that the government has had more success in arresting its own citizens who have been critical of politicians rather than foiling any terror attacks or arresting any terrorists. National security is the main topic of focus on which the project is being forced on Indian citizens without their consultation or consent.
Some of the differences between CMS and PRISM are:
- While PRISM was carried out by the US government in complete secrecy, the Indian government has been very open about its implementation and purpose.
- PRISM was mainly designed to spy on people foreign to US. CMS on the other hand will be monitoring Indian telecommunications only.
- CMS is designed to monitor phone calls, text messages in addition to online activity while PRISM was designed to spy on people through their online activity only.
Minister for Telecommunications, Milind Deora during a recent Google hangout session said that “most people may not be aware of” CMS because it is “slightly technical.” But he also assured that CMS is far better than the previous system when it comes to privacy of people. He said that people can safely use social media to “share information, for fun, for educational purposes” and also warned about “provocative speeches that can create law and order offline.”
While the exact design of working of CMS is not clear yet, it would be difficult to find out the ways to tackle with such scale of surveillance. Evading surveillance of your phone calls and text messages is technically impossible right now. Our phones run proprietary operating systems and every phone is identifiable by an IMEI number or the IMSI number on the SIM card. These factors make it virtually impossible to defend against CMS scale surveillance.
When it comes to computers, there may still be some possibility of protecting your online activity and data. While the softwares discussed with regard to PRISM may help in case of CMS as well, but configuring them will ultimately decide howsecure your internet activity is. For example, Tor is highly successful when it comes to encrypting your communication. But, if you are using software that is not set up or configured properly with Tor, then your system will become accessible for surveillance. Before using softwares like Tor, it is recommended to read how to set them up for extra protection.
All the people who are ready to trust the government with CMS like systems can let the government spy on them. Others who are not ready for that yet, or are concerned about their privacy when it comes to communicating on the internet and want to minimize the possibilities for surveillance agencies can consult Electronic Frontier Foundation’s Defensive Technology section of their “Surveillance Self Defense” project or The Hoot’s “Privacy & Data Security” guide.
Other websites focusing on online security and worth checking out are:
The Tor Project