Weekly Review of Privacy in the News - Week Ended 2/7/2014

New York Post publishes article titled the United States of Paranoia:
http://nypost.com/2014/02/01/welcome-to-the-united-states-of-paranoia/

The US forces New Zealand to override it's own privacy rules for Americans living in New Zealand:
http://www.stuff.co.nz/national/politics/9681670/Move-to-alter-privacy-laws-to-help-US

Feds to decide on standards for car to car communications:
http://hosted.ap.org/dynamic/stories/U/US_TALKING_CARS?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2014-02-03-10-48-29

Belarus government may have put malicious code in the Obamacare website, healthcare.gov, possibly comprising the personal information of millions of Americans:
http://freebeacon.com/the-belarusian-connection/

New app will allow Google Glass users to identify you just by looking at you:
http://www.eonline.com/news/507361/just-when-you-thought-google-glass-couldn-t-get-creepier-new-app-allows-strangers-to-id-you-just-by-looking-at-you  Senator has concerns: http://thehill.com/blogs/hillicon-valley/technology/197580-franken-questions-facial-recognition-app

Surveillance technology can track thousands of people for many hours at a time:
http://www.washingtonpost.com/business/technology/new-surveillance-technology-can-track-everyone-in-an-area-for-several-hours-at-a-time/2014/02/05/82f1556e-876f-11e3-a5bd-844629433ba3_print.html

States launch effort to rein in government surveillance:
http://www.breitbart.com/system/wire/ap_029168fec16a42078c76fa035d4a3e1d

4 in 10 government security breaches go undetected (or at least unreported):
http://freebeacon.com/report-4-in-10-government-security-breaches-go-undetected/

Twitter threatens to sue the Obama administration in an effort to release more information to the public about how much data the company is forced to turn over to the government:
http://thehill.com/blogs/hillicon-valley/technology/197646-twitter-considers-legal-fight-to-disclose-docs

Snowden leaks went beyond NSA disclosures to what angry senior officials called "very highly classified" information:
http://pjmedia.com/tatler/2014/02/05/lawmakers-disturbed-and-angered-after-classified-briefing-reveals-extent-of-snowden-defense-leaks/

NYPD testing Google Glass:
http://venturebeat.com/2014/02/05/nypd-google-glass/

Tech giants hire lobbyest for surveillance reform at the NSA:
http://www.politico.com/story/2014/02/techs-biggest-players-hire-first-nsa-lobbyist-103214.html

$20 electronic gadget can let a hacker or anyone else take complete control of your vehicle:
http://www.dailymail.co.uk/sciencetech/article-2553026/The-gadget-hack-CAR-Terrifying-12-tool-remotely-control-headlights-locks-steering-brakes.html

NSA claims to only collect a third of American telephone call metadata and has trouble with cellphone collection:
http://www.nytimes.com/2014/02/08/us/politics/nsa-program-gathers-data-on-a-third-of-nations-calls-officials-say.html

Police Departments Tracking Your Vehicle Movements Daily

A Ford executive recently reported that Ford Motor Company knows where all of its customers are and knows when they are breaking the law.  Well something you may not know is that the police officer who just passed you on the street in his cruiser has a camera that collected a photo of your vehicle, of the driver and occupants and your license plate.  Also, it recorded your location via GPS.  Before he was out of site, your information was uploaded to a police database that is used to track your movements.

Even if your car is parked at a friends house or in your own driveway, the police have a record of it anytime they drive by.

According to police departments, this information isn't just used to look for stolen cars or wanted suspects although few stolen cars are recovered this way:

An ACLU study, based on 26,000 pages of responses from 293 police departments and state agencies across the country, found that license plate scanners produced a small fraction of "hits," or alerts to police that a suspicious vehicle had been found.

This information is also used in cases where they want to go back in time and see where a suspect may go each day and what they do.  This information can be used to put together a case of circumstantial evidence against you years later.  Some departments keep this information indefinitely.

Nationwide, they have amassed hundreds of millions of digital records tracking the movements of all Americans.

The ACLU says the scanners are creating "a single, high-resolution image of our lives."
"There's just a fundamental question of whether we're going to live in a society where these dragnet surveillance systems become routine," said Catherine Crump, an attorney with the ACLU.

In fact, the ACLU claims that these systems aren't being used to recover stolen vehicles at all, but are instead being used to gather intelligence.  They cite a newspaper investigation where the plates of a stolen motorcycle were captured 60 times, yet the person was never stopped.

The group is asking that police departments nationwide delete all records of cars not linked to any crime, which has been summarily ignored.

Drivers beware.

Privacy Campaign: The Day We Fight Back, February 11, 2014

An organization called Access Now is planning an online protest against intrusive government surveillance. The protest is planned for February 11, and is called "The Day We Fight Back". From their website:

"Together we will push back against powers that seek to observe, collect, and analyze our every digital action. Together, we will make it clear that such behavior is not compatible with democratic governance. And if we persist, eventually win this fight, together."

On February 11, Americans will ask legislators to oppose the FISA Improvements Act, support the USA Freedom Act, and enact protections for non-Americans.  Thousands of website will place banner ads on their pages asking people to join in the effort.  Grassroots protests like this have worked in the past against censorship/surveillance oriented bills such as SOPA and PIPA.

Their website is located here. Please check it out, sign up and participate on February 11 to help protect your privacy.

Weekly Review of Privacy in the News - Week ended 1/31/2014

NSA watching phone users with google maps:
http://www.theguardian.com/world/2014/jan/27/nsa-gchq-smartphone-app-angry-birds-personal-data

Facebook app asks for permission to read your text messages:
http://www.fastcompany.com/3025589/fast-feed/why-is-facebooks-app-asking-to-read-your-text-messages

British government spying on Youtube and Facebook users worldwide.  Companies deny any knowledge of the surveillance:
http://investigations.nbcnews.com/_news/2014/01/27/22469304-snowden-docs-reveal-british-spies-snooped-on-youtube-and-facebook?lite

US government and privacy advocates reach compromise which will allow companies to publicly disclose some additional data about how much data they are forced to turn over to the government under the Foreign Intelligence Surveillance Act, pending approval by the FISA court:
http://hosted.ap.org/dynamic/stories/U/US_NSA_SURVEILLANCE_COMPANIES?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT

Rand Paul says Hillary is a big proponent of surveillance state:
http://www.nationaljournal.com/technology/rand-paul-hillary-clinton-is-a-big-proponent-of-the-surveillance-state-20140128

US looks for ways to prevent spying on its spying activities:
http://apnews.myway.com//article/20140128/DABJG0G80.html

Google+ and Candy Crush are among 'leakiest apps', leaking all sorts of personal information about you to anyone: http://www.bloomberg.com/news/2014-01-29/nsa-spying-on-apps-shows-perils-of-google-candy-crush-.html

Yahoo detected major hack attack and is asking users to reset passwords:
http://www.businessinsider.com/yahoo-hack-password-reset-2014-1

How Facebook Tracks You

Facebook is used by over a billion people around the world according to the company.  It contains people's most intimate secrets and has more personal information about more people than any other site in history.  It is a literal treasure trove (ie- money machine) for advertisers targeting certain segments of the population.  However, it is also used by people trying to find you for reasons other than friendship or advertising.  The only way to be truly private on Facebook is to not use it at all.

But if you insist on using it, there are some things you can do.  Before we get to that, let's talk a little bit about how Facebook works.  Facebook itself, or anyone who has access to your Facebook can determine a number of things about you just by your friend list.  Your friend list makes it almost impossible to maintain anonymity.  So if you think you are outsmarting everybody by not putting your hometown or your high school on your 'About Me' page, you are mistaken.

Here is an example of what is known as a social graph:

Thank you to mark-photo.com for allowing me to share this graph with my readers.

Facebook has one of these for all 1.1 billion of their users (in fact, there are apps out there, like Touchgraph, that will let you create one of your very own).  I know it looks sort of complicated, but it is very simple.  Each dot on the graph represents a person that the Facebook user knows.  Lines between two dots represent mutual friends.  Clusters of friends were labeled by the user.  The central figure in the middle is actually the Facebook user's spouse who are commonly centerpieces on these graphs as spouses often know many of the same people.  So this Facebook user is friends with a number of people from his old high school, many of whom are also friends with each other.  The three lines heading off to college represent someone from his high school that went to his college.  The line from high school to family represents someone from his family who went to his high school.  The elementary school cluster suggests that he moved to a different area or changed school systems (such as private or charter to public or vice-versa) at some point because not a single person from his elementary school knows anyone from his high school.  The six dots to the right of the high school cluster (that sort of look like a stingray) appear to be some sort of group or club from back before he was married because none of them know his wife or went to any of his schools.

So even if this Facebook user chooses not to share where he went to high school, the information is still quite obvious and is available to anyone who goes through and looks at the high school cluster profiles as undoubtedly, one or more of his friends have indicated where they went to high school on their profiles. This would reveal where he grew up.  The elementary school cluster would show where he used to live before he moved.  The same applies to his choice of college.

This is a lot of information gleaned from someone I don't even know and I don't have any access to their account.  And I'm not even an expert at this sort of thing.  Imagine the possibilities for an expert with the proper access credentials, which are quite easy to obtain by hackers or others wanting to know more about you.

Each one of us has a unique social fingerprint, and Facebook does an excellent job of bringing this information all together.  It is quite difficult to hide your fingerprint.  Perhaps you already know that Facebook collects too much information and you've tried to take measures to maintain some semblance of privacy in this part of the online world.  For example, maybe you have created a fake name on Facebook to maintain your anonymity.  This may help a tiny bit to keep casual users from identifying you, but like real life, changing your name won't change your social fingerprint and even casual users would be able to easily identify you by the people you have friended (for example Mom and Dad, brothers and sisters, aunts and uncles are all readily apparent on Facebook even if you haven't tagged them as relatives).

Perhaps you've thought REALLY hard about this and decided to friend a bunch of random people to confuse things.  Maybe you have had added many, many friends so those with access to your Facebook would have a harder time determining your personal information like where you went to high school.  But since all of your random friend requests probably do not know each other, you will still be left with the clusters seen above, along with single unconnected dots of the people you added in a futile attempt to gain some anonymity.  Here is the chart above after adding 48 random people who do not know each other or any of your other friends:

See the 48 individual dots at the bottom left?  Those are the 48 people you added to 'muddy the waters.'  As you can see, it didn't change your social fingerprint very much.  Also, Facebook monitors accounts for people friending people they don't know (ostensibly to stop spammers) and will slow your ability to make friend requests, turn off that ability for a period of time, or close your account (especially if the account is not seasoned/new).  They know that you don't know any of those 48 people and so do you, now that you know how to read a social graph.  Changing your name and adding random friends does nothing to change your social fingerprint.

The NSA's phone metadata collection program works much the same way as described above.  This is why they collect metadata information and don't really care about the content of your messages or phone calls (though they listen to calls, including calls of world leaders, and read messages regularly for no apparent reason).  They feed this information into supercomputers put it all together to build electronic dossiers on all of us.  The more datapoints they have on each of us (such as IP addresses, emails, credit card data, banking, travel, etc), the higher the quality dossier they have.  They can gather far more intelligence this way than actually listening in on your phone calls or reading your emails.

Stay tuned for Part 2 where I will discuss strategies for increasing your privacy on Facebook.

How to Remove Exif Data From Photos

Last week, I wrote about how to remove the exif information your digital camera or smartphone attaches to your photographs. Exif, which stands for exchangeable image file format, is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras. Exif data contains a number of metadata tags about the photo such as the date and time it was taken, make and model of the camera, various camera settings and other information including GPS information.  Exif data is a risk because by sharing photos over the internet, you may be revealing personal information such as where you live, where you work or where your children go to school.

 You have several options available.

Privacy Action Plan (PAP) - How to remove exif data from your photographs

PRS - Level 3

One way to remove your exif information is to use the details tab within the properties dialog box in File Manager.  Simply find the file within File Manager, then right click on it and choose properties.  Click on the details tab, then click on the link at the bottom that says "Remove Properties and Personal Information"

The following dialogue box will appear:

Choose 'Create a copy with all possible properties removed'.  This will make a separate copy and leave all of your exif data intact in your existing photo.  Or you can leave some of the information there by choosing which attributes you would like removed, such as any GPS information.  This will actually remove the exif data in the existing file.

If you do not have this option available in the properties dialog box, you can remove this information for free online.  This method is less safe than removing it on your computer because you have to upload your photo with the exif information to the website so it can be removed.

There are a number of websites out there that will remove exif data for free, such as http://www.exifremove.com.  You upload the photo to the website and then download a new photo with the exif information removed.

There are various free downloadable tools for doing this as well, some of which can remove exif data from many photos all at once such as this program http://www.exiferaser.com/.  This option avoids the problem above of uploading images to a website.

Of course, you could always attempt to instruct your smartphone or camera to not record exif information to start with (at least the location data).  Some devices will let you do this, others will not.  Some helpful advice can be found here: http://www.icanstalku.com/how.php#disable

Weekly Review of Privacy in the News - Week ended January 24, 2014

Senator Patrick Leahy (D) VT, say the government needs to stop spying on the American people:

http://dailycaller.com/2014/01/19/sen-leahy-on-nsa-spying-we-need-to-stop-government-from-controlling-american-people-video/

Michael Morell, ex-deputy director of the CIA has admitted that there have been minor breeches of the NSA database that tracks the activities of all Americans:

http://dailycaller.com/2014/01/19/top-cia-official-admits-minor-abuses-of-nsa-database-video/

Senator Diane Feinstein (D) CA, tells Americans to get used to NSA database as it is here to stay:

http://thehill.com/blogs/hillicon-valley/technology/195899-feinstein-metadata-program-here-to-stay

The Supreme Court has decided to review whether police can review the information in your cellphone after making an arrest:
http://www.reuters.com/article/2014/01/17/us-usa-court-cellphone-idUSBREA0G1H320140117

Romanian police claim to have caught Guccifer:
http://www.washingtonpost.com/blogs/style-blog/wp/2014/01/22/guccifer-the-hacker-who-leaked-george-w-bush-paintings-reportedly-arrested-in-romania/

Edward Snowden does a live Q&A chat session on January 23 regarding mass surveillance by the government:
http://freesnowden.is/asksnowden.html

Blimp-like surveillance aircraft to be installed for three year period over Maryland:
http://www.washingtonpost.com/business/technology/blimplike-surveillance-crafts-set-to-deploy-over-maryland-heighten-privacy-concerns/2014/01/22/71a48796-7ca1-11e3-95c6-0a7aa80874bc_print.html

Privacy board says bulk data collection of telephone calls is illegal:
http://www.cnn.com/2014/01/23/politics/nsa-telephone-records-privacy/

Republicans call for end to NSA spying:
http://swampland.time.com/2014/01/24/exclusive-republican-party-calls-for-investigation-into-nsa-snooping/

Facebook being sued for sharing private messages between users with third parties:
http://money.cnn.com/2014/01/03/technology/facebook-privacy-lawsuit/

How Exif Data in Your Photos Impacts Your Privacy

When is a picture worth more than a thousand words?  When it contains hidden data that is transferred within the picture file you just emailed unsecurely or shared with the world on Google+.  Exif, which stands for exchangeable image file format, is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras.

Exif data contains a number of metadata tags about the photo such as the date and time it was taken, make and model of the camera, various camera settings and other information including GPS information.  The GPS information is the most disturbing part from a privacy perspective.  If you take a photo inside your home and upload it to Google+ someone trying to dox you can instantly determine where you live by simply looking at the GPS coordinates embedded in the photo you uploaded.  Not all cameras record GPS data and some cameras record more exif data than others, but all modern cameras record at least some exif data with each photo taken.  This data follows your photo around, unless you actively take steps to remove it before the photo is uploaded to the internet.

Various social media sites treat exif data differently.  Facebook resizes and compresses photos uploaded to its servers and removes some of the associated exif data.  So does Twitter.  Google+ on the other hand, leaves all of the exif data intact and available for viewing by anyone who has access.

Here is a sample photo I found on the internet that contains a substantial amount of exif data:

You can download this photo to your computer to examine the exif data or you can use various online tools.  If you download it to your computer, you can go to file manager, right click on the photo, select properties and click on the details tab.

If you are browsing the internet and you want to see the exif data without downloading the photo, you can go to a number of online sites, like exifdata.com, which will analyze the photo for you and report the exif data.

If you right click on the photo you want to research and select 'Copy Link Address' or 'Copy Image URL' you can paste it into the 'Submit an image URL' box here:

When we submit that URL, the site returns a significant amount of metadata information related to this photograph:

You can see the photo that was analyzed and some summary information, including where the photo was taken.  If you click on the 'detailed' button, there is even more information about this photo.

That photo you thought was just a picture of you and your family actually tells an entire story that cannot be seen by viewing the photo.

Next week, I will discuss how to remove exif data from your photos.

How To Keep Yourself From Being Doxxed

Yesterday, I discussed some internet resources people use to dox others.  If you recall from yesterday's post, doxxing someone means to 'document' what you can find on the internet about someone and build a dossier on them.

Privacy Action Plan (PAP) - How to Keep Yourself from Being Doxxed
PRS - Level 3

The number one way to keep yourself from being doxxed on the internet is to keep your personal information private.  Whether you are playing online games with anonymous friends or watching youtube videos with friends on tinychat,  you should always limit the personal information you share with people unless you know them well enough to feel comfortable giving them your information.  Even little bits of information, which by themselves may not dox you, can dox you when put these pieces together with other information.  Some people like the challenge of building a dox on another person and will gather the seemingly innocuous things you say together over a period of months to build a dox on you.

Use pseudonyms for every site you register on.  There are no laws that require that you need to use your real name on any site.  If you need to make an email to register, try yandex.com, which allows you to create an email address without providing an identifying information.  While it may be against the site Terms of Service to use a fake name on Facebook, it isn't illegal to do so.  And you should if you want to avoid being doxxed.  Take care in choosing an alias.  Using the fake name 'gameplayer' is far less revealing than something like James1984 if your name is James and you were born in 1984.  James1984 in and of itself isn't going to reveal much about you, but as you talk to people and they learn little bits and pieces about you, this information will become useful in a dox.  In fact, even just your IP address and James1984 would narrow down who you are to just a few possibilities without you saying anything.  If you want to use a real sounding but totally fake name and address, try fakenamegenerator.com.

Use proxies and VPNs (virtual private networks) to hide your IP address.  I am going to have a future post on proxies and VPN's but for now I will summarize.  Proxies and VPN's allow you to browse the internet with a high level of anonymity.  The proxy acts like a shield between your computer and the internet.  Your computer communicates with the proxy server, which goes out and fetches your data and sends it back to you, (typically communications are sent from your computer and received back to you in encrypted form).  There are an abundance of free proxy server choices out there.  For simple proxies suitable for web viewing, try hidemyass.com or look for another at proxy.org.  VPN's are a bit more complex but offer even greater protection.

Remove all exif data from any photos you upload to the internet.  Tomorrow, I will discuss exactly what exif data is, how it can be used to dox you and how it can be removed from your photographs.

What is Doxxing?

You may have never heard the word doxxing, but doxxing is something that has been done, in one form or another, since the first person on the planet learned that someone else is here with them.  There are various definitions on the internet of precisely what this term means, but in summary it means to 'document' what you can find on the internet about someone and build a dossier on them.  Some people take this a step further and publicly reveal what they have learned as part of the doxxing process.  What used to take a private investigator weeks of visiting courthouses and libraries, can be done in minutes using the internet.

In its simplest form, a doxxer might learn of your email address from an innocuous post and trace your email to your real name and address.  In more complex cases, they may be able to dox your family members, learn your medical history, criminal record, education levels and even salaries.  None of this is against the law.  Even publishing this information is legal if all of it was obtained from legal sources (ie - not obtained from stealing someone's password and getting into their Facebook account or hacking into their credit card account, email accounts, etc).  Try using these sites to dox yourself by typing in your name and city or your username (any site will do) or email address and learn what anyone can find out about you.

There are multiple websites you can use to dox someone using various bits and pieces of information you may have obtained about someone and all of them are free:

If someone has sent you an email, you can find out their IP address (Internet protocol address) using helpful information from this site:
http://aruljohn.com/info/howtofindipaddress/.  IP addresses are helpful when performing a dox because you can learn the general area where the person you are doxxing lives (Click here to learn your IP address and associated location data or to search the IP address of someone you know).  An IP address, which works much like a street address used by the postal service, is simply the address of your computer on the internet.  Having an IP address of the person you are doxxing can eliminate 99.99% of the geographical area of the world, though it will not reveal the exact location of the person.  Also, having the ability to decipher an IP address is a great tool if you are receiving emails from multiple accounts claiming to be different people.  You can check their email IP's to know if they are being sent from the same IP, and are thus the same person.

If you don't have an email from the person you are trying to dox, but you are in contact with them in a chat room, forum or IRC, you can use this site if you are clever enough to get the person you are doxxing to click on the link the site provides.  After they click on the link, their IP address is emailed to you (it's free, but your email address is required).

Perhaps one of the best ways to dox someone is through the social media site Facebook.  There is an enormous amount of information on Facebook and Facebook's default settings tend to make everything a user posts public unless a user takes action to increase their privacy.  So even if you aren't friends with someone, you may still be able to glean a significant amount of information from what is available 'publicly' without being friends.

Linkedin.com is another great one for finding people's career history and professional credentials.  It can also be used to determine if you and the person you are doxxing know some of the same people (up to 3 degrees of separation).  Both Facebook and LinkedIn will require you to set up an account in order to access any information.

Pipl.com has accumulated significant amounts of information on millions of people.  When doxxing people, if you have usernames, email addresses or real names, try this site first as they will present multiple options to you as to who you might be looking for.  Often, the person you are looking for is on the pipl.com list.

You can also try typing any information you have about someone into google.com, which can yield surprisingly detailed results.  Another good one is people.yahoo.com.

Spokeo.com gathers similar information to the ones above and even includes some ancestry information.  They say they have more information if you buy a subscription, though I have not tried this.

Zabasearch.com is good for verifying information you have about a specific person to know you are on target during your dox work.  Let's say you are looking for the phone number of John Smith in Anyplace, CA and you know Mr. Smith was born in November of 1982.  If Zabasearch returns a hit, you have added assurance that this is the right John Smith because it includes his city, state and birthday.  The additional data Zabasearch returns, namely the phone and address, is almost surely his current or previous address and phone number.

Some other internet sites you can use for doxxing:
http://www.wink.com/
http://www.123people.com/
http://www.peekyou.com/
http://www.yasni.com/
http://www.anywho.com/whitepages
http://www.peoplefinders.com/

Another site to assist with doxxing is tineye.com.  This site searches an image you upload or a url location you provide and searches it against the trillions of images on the internet.  If the picture you have is anywhere else on the internet, tineye will find it.  Maybe it is in a blog or on Facebook or at reunion.com which can assist you with your doxxing work.

Google also has a powerful image search engine located here: http://www.google.com/imghp
This site can be used to read exif data from photos: http://regex.info/exif.cgi.  Exif data is simply information that your camera stored inside your photo.  It often includes things like where you were when the photo was taken as well as the time and date and potentially other information.  I will have a future post on removing exif data from photos you upload to the internet.

Other great sources of information are county property appraisal websites (Google <county name> property appraiser) and state business registration websites (Google <state name> division of corporations) run by the county and state governments.  With states involved in so many aspects of business these days, many millions of people are in publicly available state licensing websites (Google <state name> professional licensing website).  Everyone from doctors to dentists to hairstylists to dog groomers are in state licensing databases.  These websites and free and are available to the public for browsing.  Also, official records from the courthouse provide pdf copies of things like mortgage documents and can be used to verify things like handwriting and signatures and include information about debts, judgments, liens, divorces and other personal matters (Google <county name> official records).

My next post will be how to best protect yourself from doxxing.

Tracking You Through Your Automobile

The Detroit News recently reported that a Ford Motor Company executive, Jim Farley, revealed that Ford tracks all of its customers while they are driving their vehicles.  Farley, who was the headliner at the Consumer Electronics Show in Las Vegas a couple of weeks ago, made this disturbing statement during his presentation:

“We know everyone who breaks the law, we know when you’re doing it,” Farley said, according to a report in Business Insider. “We have GPS in your car, so we know what you’re doing. By the way, we don’t supply that data to anyone.”

Not surprisingly, Ford denounced those comments and Mr. Farley apologized for saying it.  Senator Al Franken, MN (D) demanded answers from Ford about their tracking customers and said that Ford does in fact share this information with third parties.  Ford says that nobody is tracked without providing their express consent.  Express consent, however, is provided when customers use a navigation or voice-activated system, which the vast majority of people with newer model vehicles do.  So despite Ford denouncing those comments and Mr. Farley apologizing, his comments for all intents and purposes are true.

Perhaps all of this discussion about tracking is moot though, because congress passed a law several years ago requiring that by model year 2015, all manufacturers are to install event data recorders, commonly known as 'black boxes' inside their vehicles.  The black boxes record all sorts of information, purportedly to aid crash investigators at accident sites.  96% of new vehicles already have them.  Some of them are tied into GPS systems and it won't be long until all of them are.  Some believe these boxes are less about accidents and more of segway into usage based vehicle taxes.

Perhaps not surprisingly, some people are already voluntarily allowing insurance companies to track their vehicle usage in return for lower premiums.  This insurance, known as usage-based insurance or black box insurance has been around since 1998 and thankfully, hasn't taken off here in the US.

There aren't many laws about who owns black box data as only 13 states have passed any legislation regulating the control of this information.  Vehicles that currently have black boxes are reportedly accessed regularly at crash sites or tow yards without consumer authorization.  Even if you were able to protect your information in the black box, other people may be willing to give up your black box after an accident.  Normally, when your car is totaled, the insurance company 'buys' the car from you, so they can provide the black box to whomever they choose.  There is a good article here with more details about how these black boxes work and what to expect when they are in your vehicle, if they aren't already there.

Privacy Action Plan - How to maintain the locational privacy of your vehicle.
PRS - Level 3

The simplest way to maintain your privacy is to not purchase a car with a navigation system installed.  Most smartphones have navigation apps which you can use and then turn them off when you are finished.  Do not use any voice activated systems installed in the vehicle either.  The added bonus is that by buying cars without these features, you will be able to save money on the car.

Don't buy usage-based/black box insurance.  These boxes are obviously a serious invasion of privacy.

Check your owner's manual to see if your car has a black box (manufacturers are required to include this information somewhere in the owner's manual).  If you do have a black box, take your car to a knowledgeable car technician and see if it can be removed or disabled, without affecting other features of the vehicle, such as airbags, which some black boxes are tied into.  Check the laws in your state.

Weekly Review of Privacy in the News - Week of January 13, 2014

Businesses using your phone to build a customer profile on you:
http://online.wsj.com/news/articles/SB10001424052702303453004579290632128929194

Identity thieves increasingly using tax returns to steal identities:
http://www.cnbc.com/id/101332463

Google pays $3.2 billion for NEST, expanding reach into homes:
http://www.zdnet.com/googles-reach-expands-into-your-home-more-via-3-2-billion-nest-acquisition-7000025109/

Edward Snowden to join board of Freedom of the Press Foundation:
http://www.nytimes.com/2014/01/15/us/politics/snowden-to-join-board-of-press-freedom-foundation.html?src=twr&_r=0

Law enforcement agencies 'borrowing' drones supposed to be used for border patrols:
http://www.washingtonpost.com/world/national-security/border-patrol-drones-being-borrowed-by-other-agencies-more-often-than-previously-known/2014/01/14/5f987af0-7d49-11e3-9556-4a4bf7bcbd84_print.html

Secret surveillance court judges are against changes recommend by panel
http://www.latimes.com/nation/la-na-nsa-reform-20140115,0,5995749.story#axzz2qfmDhF1D including recommendations for a privacy advocate to participate in proceedings http://apnews.myway.com/article/20140115/DABATCVO3.html

Few changes expected at NSA:
http://www.cbsnews.com/news/obama-expected-to-preserve-nsa-programs-but-bolster-oversight/

Target data breach part of broad effort by hackers to steal information from retailers:
http://online.wsj.com/news/articles/SB10001424052702304419104579324902602426862

Starbucks was caught storing mobile passwords in clear text:
http://wtop.com/1373/3543679/Starbucks-caught-storing-mobile-passwords-in-clear-text

The National Security Agency (NSA) collects 200 million text messages per day:
http://www.theguardian.com/world/2014/jan/16/nsa-collects-millions-text-messages-daily-untargeted-global-sweep and the president's own review panel concluded that the program has not been responsible for preventing any terrorist attacks: http://www.nationaljournal.com/technology/obama-s-plan-to-rein-in-nsa-phone-sweeps-20140117

President Barack Obama announces that he had no idea about the extent of NSA snooping:
http://www.truthrevolt.org/news/obama-claims-ignorance-extent-nsa-surveillance

President Barack Obama is going to recommend that private companies hold the phone, email and text message data collected from nearly all Americans on a daily basis:
http://www.wtop.com/289/3544357/AP-Source-NSA-phone-data-control-may-come-to-end

NSA Official claims NSA data regularly used in in court cases for prosecuting Americans and instructs local law enforcement to create parallel data to make it look like the information came from somewhere else since the NSA data is being collected without a warrant and is inadmissible:
http://www.cnsnews.com/mrctv-blog/matt-vespa/nsa-official-we-are-now-police-state

A Phone that the NSA Cannot Hack?

An interesting article was published yesterday about a Madrid-based communications firm introducing an encrypted cellular phone called the Blackphone.  The phone is pictured here:

This cellular phone offers all of the conveniences of a normal smartphone, but offers encryption for everything you do on the phone, going so far as to claim that the phone will protect you from the prying eyes of everyone and anyone, including hackers and even the NSA.

Readers of this blog know that this is a PRS Level 0.  It is impossible to do what the company is claiming using standard operating systems and regular apps on normal cell towers, but this is a clever marketing gimmick!

Tips for protecting privacy on your cellphone were discussed in a previous blog post which can be found here.

Your Computer Could Be Accessed Even When Not Connected to the Internet

As if right out of a James Bond movie, the New York Times reported today that there is technology that has been in use since 2008 that allows your computer to be monitored, even when it is not connected to the internet.  This is done through a tiny specially designed radio chip that can be implanted into a computer allowing activity on the non-connected computer to be monitored.  The tiny chips operate off of radio frequencies and are typically installed by a spy, a manufacturer or an unwittingly user.  I would add hackers to that list as well.

It was recently reported that the NSA is able to intercept packages of computer equipment sent through the mail and divert them to a facility where they carefully open the packages and install monitoring software (a process called interdiction).  I would certainly think that these chips would be part of the 'standard surveillance package' secretly inserted into these computers during interdiction.

The monitoring part happens when anyone with access to these chips activates the one inside your computer.  They can be miles away and send a radio wave to your computer and your computer will communicate back to them allowing access to your files or even allowing them to reactivate your internet connection.  Science fiction becomes reality.

Most computers parts today are made in China, Japan and Taiwan.  One has to wonder if these countries are already installing such equipment on these computers without anyone's knowledge.  After all, while China may be the premier trading partner with the US, socially, culturally and otherwise the Chinese and US governments have many differences.  What a great way for the Chinese government to learn all about what Americans are doing by simply implanting these tiny chips into the computers they ship.

That this technology exists is the most worrisome part.  Your computer could be compromised by hackers or others looking to do you harm even when you aren't connected.  The computer you are using now could have been interdicted and infected.  The chip could have been implanted by the manufacturer, by the NSA, by a postal service crime organization, by your company's IT department or by someone who broke into your home.  If you bought your computer used, the chances are even higher because you don't know who has had access to that computer and installed this bug.

Privacy Action Plan - How to protect the data on your computer when it is not connected to the internet
PRS - Level 4

Thankfully, the solution to gaining privacy in this area is simple.  Turn your computer off when you are not using it.  Since many computers still have many areas that are 'on' even after the computer is shut down, you should unplug it and remove the battery as well.  If you don't want to remove the battery each time you shut down, a Faraday Bag should work since these bugs reportedly work off of covert, but ordinary radio waves.

Is Someone Watching You Through Your Laptop or Smartphone Camera?

A recent interview with an ex-FBI official revealed something that many of us have probably never thought about.  That camera at the top of your laptop screen may be in use without your knowledge and without the indicator light coming on.  As reported by Oliver Darcy, an editor from The Blaze news site, a high level ex-FBI official said:

“The FBI has been able to covertly activate a computer’s camera — without triggering the light that lets users know it is recording — for several years, and has used that technique mainly in terrorism cases or the most serious criminal investigations.”

While I appreciate the FBI's work in this area with respect to serious crimes, if the FBI can do it, so can hackers, like Guccifer, who the FBI has been unable to track down despite him being a high profile target with a fairly public image.  I did a write up on him last week which can be viewed here.

This activity isn't just limited to computers.  Recently Apple denied that they were involved in a backdoor program that gives the NSA the ability to remotely activate any iphone user's camera and microphone without the user knowing.  The program, called DROPOUT JEEP, was released as part of the documents that Edward Snowden has been releasing about the extent of US government surveillance of its citizens.  Again, if the government can access your phone, so can hackers.  It is even possible for anyone with access to use your phone and send out messages that appear to be coming from you.  Curiously, the document detailing the program was dated 2008, suggesting they have had this ability for a significant period of time.

It does no good to simply shut down your phone because your phone can be powered on remotely.  Of course you can power down your phone and put it in the refrigerator as Edward Snowden made reporters do when he met them in Hong Kong, though results may vary.

Privacy Action Plan (PAP) - How to Protect Your Computer Camera and Microphone From Remote Activation
PRS - Privacy Level 4

Place a post it note or small piece of electrical tape over your laptop camera and microphone.  Only take it off if you plan on using your camera.  For added privacy, go to control panel > hardware and sound > device manager, and click disable your microphone and camera or remove the device drivers completely.  Should you need to use them in the future, you can reenable them by clicking 'enable'.

Privacy Action Plan (PAP) - How to Protect Your Phone Camera and Microphone from Remote Activation
PRS - Privacy Level 2

Whether you have an iPhone, Android or a Windows Phone, perform a factory reset.  It is an easy process and there is a useful guide here for iPhone users.  If you own an iPhone, you can also bring it to any Apple store and they can do this for you free of charge.  Do this periodically to protect against any new unknown worms, viruses or other infections.  I would also place a piece of electrical tape over the camera so that if it is activated remotely no one can see anything.  Your microphone will still be accessible since you will need your microphone to use your telephone, so keep your phone tucked away in your purse, briefcase or backpack.
____________________________________________________

"I always feel like somebody's watching me and I have no privacy." ~ Michael Jackson

Is Your Laptop at Risk of Search and/or Seizure?

In a decision quietly made during the week between Christmas and New Year's Day, a federal judge has reaffirmed an Obama policy that let's police search and/or seize your laptop without probable cause if you are within 100 miles of a US border.  More details are available here.

Approximately 197 million people, or almost two-thirds of the US population, lives within 100 miles of a US border, including residents of such cities as New York, Washington, Boston, San Francisco, Los Angeles, Miami and dozens of other metropolitan areas.

Attorneys for the plaintiff argued that it is a violation of people's 4th amendment rights against searches and seizures without probable cause.  Judge Korman disagreed and threw the case out stating the following:

“Laptops have only come into widespread use in the twenty-first century. Prior to that time, lawyers, photographers, and scholars managed to travel overseas and consult with clients, take photographs, and conduct scholarly research,” wrote Korman.

“No one ever suggested the possibility of a border search had a chilling effect on his or her First Amendment rights. While it is true that laptops make overseas work more convenient, the precaution plaintiffs may choose to take to 'mitigate' the alleged harm associated with the remote possibility of a border search are simply among the many inconveniences associated with international travel.” 

The ACLU is considering an appeal.  The main concern is that since the Department of Homeland Security was created, there have been a number of interior checkpoints set up where people are regularly stopped and searched.  The contention is that the information on their laptops should be protected under the 4th amendment since they are inside the United States and not at a border crossing.

If you do find yourself being asked for your password to your laptop by a government authority, the decision is yours as to whether or not you want to comply.  You don't need to provide anything to law enforcement or even say anything without a court order (with the exception of an ID or name/date of birth in some places, and in all places if you are driving a motor vehicle).  Personally, I would provide as little as possible to the police or any other authority without a court order and an attorney.  Let them seize the laptop until you have appropriate legal representation to ensure that your rights are preserved.

Privacy Action Plan (PAP) - How to Secure Data on your Laptop While Travelling

PRS Level 3 - Keep a backup copy of your laptop in the cloud while travelling.  If your laptop is seized, you can redownload your information on a new laptop.  If you have very sensitive information on your computer, you should consider using something like Truecrypt to protect your information which reportedly takes more than a lifetime to decrypt.  Encryption options will be the subject of a future post.

Has anyone ever asked to search your laptop?  Do you have any comments or questions about the information presented above?  Please email me at uncommonprivacy@gmail.com or comment below!

Who is Guccifer?

Several things have led me to gain a deeper understand of privacy, including intrusive government surveillance, the potential for mischief from those who would do us harm along with simply wanting to be left alone.  But nothing is more disturbing than what hackers can do with your personal information.  An individual named Guccifer stands at the top of the hacker list (I will refer to Guccifer as 'he' for ease of writing though Guccifer could certainly be a she).  The name Guccifer appears to be a mash up of the words of the designer brand Gucci and the devil Lucifer.

This individual is believed to have hacked into numerous email accounts of heads of state, including George W. Bush's sister Dorothy Bush Koch.  He used the account to circulate images of George H.W. Bush in the hospital.  He also broke into Colin Powell's email and even secret service and FBI agents.

These are all high profile targets, with presumably multiple levels of high tech security given their positions.  These security measures are no match for Guccifer.  Not only does he break into whatever he wants, but the FBI can't even seem to track him down, despite of his high profile crimes against government officials worldwide, heads of large corporations and Hollywood personalities.

Guccifer recently made the news again, revealing a whole new crop of people who were hacked by this individual, including journalist Carl Bernstein, Sex and the City author Candace Bushnell, the CEO of MetLife, Steve Kandarian, James Roche, former Secretary of the Air Force, Laura Manning Johnson, a top Homeland Security official who is ex-CIA, among many others including an Obama appointee.  Even fitness star Denise Austin was hacked by Guccifer!

This Smoking Gun article provides more detail of what occurred and who was affected, but we can learn from the mistakes of some of these people.  Some of the mistakes people made:

• People's security questions used to gain access to accounts were correctly guessed by Guccifer.  He reviewed Wikipedia pages on these people to obtain background information on them and used a list of the most common dog and cat names.
• He obtained people's email addresses from their contact lists and then hacked into those.
• He obtained sensitive phone numbers of high level people from hacked accounts where people elected to have their phone bills emailed to them
• He obtain passwords and PIN numbers people had kept in Microsoft Word document per the Smoking Gun website:

Combined, the two [Word documents] (which were found in the “Guccifer” archive) offered free access to accounts with eBay, Netflix, PayPal, Xbox, Amazon, Sprint, Etsy, Facebook, Dropbox, Time Warner, and Skype. Not to mention credit card, banking, insurance, retirement, and frequent flyer accounts. The former G-man’s list even included a three-digit password for a “Gun Lock.”

If he can do this to high level people, how protected are you?

Unless you are a Rockefeller or a UN official, you probably aren't on Guccifer's radar screen, but what about all of the Guccifer wannabes out there who find it challenging and fun to see just what they can hack into and steal from ordinary people?

This is just one reason why privacy is so important and why I started this blog.  While we cannot protect ourselves and our families from everything, we can take simple steps to achieve uncommon privacy.

Privacy Action Plan (PAP) - How to Protect Your Email

PRS - Level 3

• Do not put your real name in your email.  Put your first name and last name initial in the From: field on your emails.  Instead of Albert.Einstein@yahoo.com, choose genius4422@yahoo.com.
• Security questions are there to help you regain access to your account if you forget your password.  Your security questions do not have to be obvious or even true.  You can and should make them up.  Where did you go to elementary school: banana.  What is the name of your dog: meteorology.  What is your mother's maiden name (a particularly terrible security question that can easily be figured out on ancestry.com): 10W30.  Write these answers down on a piece of paper somewhere or commit them to memory.
• Write your contacts down with pen and paper and don't keep them in your contact list.  This is a tough one to do and you should consider the cost/benefit to yourself and your friends' identities for having this information stored online.  There is no better way to prevent your friends' emails from being hacked than to simply delete their information from your contacts write their information down.
• If you have bills emailed to you, pay them, delete them and remove them from your electronic 'trash can'
• Don't keep passwords and PINs in a Word file or any other electronic file.
• Empty your browser history and cache daily.  Your history and cache can be used to steal your identity.
• Disconnect your wifi at night or when away from your computer for long periods of time.  If someone has gained access to your computer, they'll probably use that access at night when you are sleeping so you won't notice.  If the wifi adapter on your computer is off, you are safe from any hacking. 
• I recommend using an offshore email provider, such as Yandex or Autistici as hackers seem to be focused on American company email services like Yahoo, Hotmail, etc.

Movie/Documentary Review - Track Me If You Can

Track Me If You Can is a movie/documentary about what it would take to start your life over, wipe the slate clean and be free of 'Big Brother.'  While the overall plot of the film is a bit cheesy and some of the suggestions are unnecessary or over the top, he does bring up some interesting privacy related tips, which is why I choose to review it for this blog.

The documentary is narrated by a man named Aton Edwards, a self-proclaimed expert in emergency preparedness and self-reliance.  The film starts with all of the ways we are being monitored in the electronic age and then goes into a scene with a man (Aton Edwards) in a panic packing up all of his belongings from his home and hitting the road.  He had been planning for the day he would have to 'bug out' for the past three months.  He talks about changing your appearance and then gets into the process of 'disconnecting' and suggests the average American is tracked by more than 200 databases.

He talks about closing bank accounts, emails, credit cards, etc.  He suggests leaving your social network accounts in tact in order to spread 'disinformation' about your actual whereabouts.  In the film, he updates his status to say he's going to Alaska, which of course he is not.  By doing this, he has gained both an element of privacy because he hasn't revealed where he is headed and thrown off anyone who may be trying to track him by making up the story about going to Alaska.

He then goes on to talk about destroying your computer's hard drive by various methods including boiling, hammers and using magnets.  He also talks about the importance of destroying any books you may own and trophies you have collected as they reveal the places you've been and may return to again.  And don't throw this stuff in the trash, which is a good point as in most jurisdictions, your trash is legally available to anyone when it is left out by the street or placed in a dumpster.

He then gets into how your cellphone gives away a plethora of information about you (See the recent post about cellphone monitoring here).  He also suggests using your cellphone to disseminate disinformation by leaving it someplace and hoping it gets picked up by someone (after you have cleared out all of your contacts).  Anyone tracking the geolocation of the phone would be tracking a random stranger who picked up the phone and was carrying it with them.

He then gets into all of the ways your car can be tracked, such as toll road scanning, interstate cameras, the GPS NAV system in your car (including emergency services like OnStar where the microphone in your car can be turned on without you knowing allowing your conversation to be overheard).  He also talks about how RFID chips are now being imbedded in some tires.

Some suggestions in the movie are a little over the top, such as not eating the old foods you used to in case someone is watching, for example, all of the 'vegetarian restaurants', because they know you don't eat meat.  I can't imagine a scenario where anyone would be casing all of the vegetarian restaurants they think you might visit.  But I think his point was to break patterns, which is always a good idea for people looking to maintain their privacy.

He then gets into Biometric Portable Acquisition Computers (BPAC) and how anyone with one of these machines can lift a fingerprint from a glass to determine your identity.  I had never heard of a BPAC, and Aton's claims that anyone can buy one are true as they are listed for sale on ebay.  These machines measure biometric information such as fingerprints, iris scans and blood vessel mapping.  Someone with a BPAC could hack into a national biometric database and determine who you are.  His answer to not leaving fingerprints behind is to buy things in disposable containers and presumably keep your trash with you.  This bit of privacy is a little over the top too as anyone tracking you probably already knows who you are (why else would they be tracking you).  The information Aton offers could come in handy though for people who have refused to cooperate with a law enforcement investigation as I have seen numerous documentaries where they follow potential suspects around in an effort to collect their DNA in an effort to link them to a crime scene.  Later in the film Aton reveals that these BPAC machines can actually determine who you are by scanning your face from up to 60 feet away.  Presumably you would need to be in the database and the BPAC user would need to have access to the database to know who you are, which I'm sure would be no small feat.  But it is interesting to learn that this technology is there and that someone who is 60 feet away from you may be able to use this machine to know exactly who you are.

He then goes into some information on detecting cameras and microphones in your motel room and gets back into DNA again by discussing the importance of sleeping in a sleeping bag and not on the bed because you will shed skin and hair.

He then gets into purchasing a prepaid phone (see the PRS Level 2 buying a prepaid cellphone here).  He suggests using it for outbound calls only, but we've already discussed that it is easy to determine who you are by who you are calling.  He then talks about how your phone can be turned on remotely allowing anyone with access to listen to your conversations and view your cam without your knowledge.  While this film was made in 2010, it is eerily prescient of the future as a recent news article reported that an ex-FBI agent admitted that they do in fact have this capability.  That means that hackers have that capability too.

He then goes on to discuss infrared (night vision) cameras and discusses a unique way of preventing the camera from recording your face.  He demonstrates a hat equipped with infrared lights of it's own, like this one here, creating a bright light over his head, masking his face.  The lights are invisible to the naked eye, but the camera sees them as very bright lights.  I have not tried this so I have no idea if this is for real.

He then goes on to suggest that medium sized cities offer the highest level of anonymity versus small towns and large cities.  Then he suggests legally changing your name to a common one, which seems like a good idea if you want to increase your privacy.  There are millions of Smiths, Johnsons, etc.  However, all legal name changes are public information accessible by anyone, though these records are generally kept at the local level and therefore are not easily accessible.

He then discusses getting 'back on the grid', opening a bank account in your new name and getting a new job in a different field to 'hide your tracks'.  But doing either of these things would reveal your identity.  The bank is going to require your social security number, which doesn't change after you change your name.  Your employer will require it too unless you are being paid under the table, which is illegal.  Even if you are being paid under the table, your new employer may still want to check references.  You're going to have to give him your old name in order to do that or make contact with your references and tell them your new name, again revealing your identity.  You are also going to need to file a tax return, which will of course reveal your identity.

He then spends about 15 seconds on what sounds like using proxy servers for obtaining internet anonymity.  This is a very complex area and I am planning future posts as I learn more about this subject.

Aton then describes to the viewer RFID chips in groceries and suggests taking your food out of it's original containers and putting it in tupperware.  I think this is completely unnecessary, even for the very privacy minded people among us.  An RFID in a box of Cheerios won't reveal anyone's identity.  An RFID inside a license or passport certainly could.

The film wraps up with some future predictions about surveillance which may or may not come to fruition.

A gaping hole in the film is contact with relatives and old friends.  A single phone call to Mom or your children is all it takes to completely blow your cover and all of these efforts to hide will be worthless.

I recommend this film simply for some of the privacy related ideas it contains, but I would take the rest of this as simply entertainment.
______________________________________________

Privacy Action Plan (PAP) for people wanting to disappear and start their life over:

Despite the tips provided in this documentary, there is no way to do this legally.

• Banking and employment regulations are strictly enforced and your information is checked against multiple sources (primarily using your unchangeable permanent social security number)
• Legally changing your name is a publicly available record
• You must file a tax return annually if you earn more than $600

Because of these reasons, there is no legal PAP for someone wanting to completely disappear and start their life over 'on the grid' while remaining in the US.  It is a Level 0.
"You're on a mission to regain your privacy" ~ Aton Edwards, Track Me If You Can

Cellphone Privacy Ruling by the Secret Court

The secret court that authorizes the collection of data on almost every phone call placed in the United States (the Foreign Intelligence Surveillance Court) has reauthorized the intelligence authorities to continue the practice for another three months.  This is not a news event because this court has always done whatever the intelligence agencies ask.  I'll leave it to other bloggers to discuss the 4th amendment implications of this practice.

So this would be an appropriate time to discuss what exactly is happening with the collection of cellphone information and what options are available to you to keep your conversations private.

First, what they are doing in a nutshell (if you haven't heard this already):

The National Security Agency (NSA) is collecting certain data points for each phone call made inside and outside the United States.  They have admitted to collecting the phone number that is being called and the phone number that is calling.  They have also admitted to recording the time that the call occurred as well as the duration of the call along with geolocational data for the caller and callee (such as which cell towers handled the phone call).  This information is called metadata.  There is nothing to stop them from recording the contents of the call and I assume that they are, though there has been no admission of recording conversations without probable cause and a court order.

What can you do about it Privacy Action Plan (PAP):

PRS Level 2 - Buy a prepaid phone with cash.  Wal-mart offers a whole array of prepaid phones that you can buy for cash.  Depending on the local laws, prepaid phones may be available to those who do not have a permanent address, phone number, or valid credit card. This makes them popular with students away from home and travelers.  Take the battery out when not in use as it can be used to track your movements.  Also it is easy to figure out who you are by who you are calling.  More on this below.

PRS Level 2 - Encrypt your email with something like PGP.  PGP, which stands for pretty good privacy, encrypts your email communications so that the only person who can read your message is someone with the key.  However, there are lots of potential work arounds for PGP which would allow an unauthorized party to read your emails.  Some of these include, breaking into the sender's or the receiver's email via either computer or either email provider.  Another is interception of the key.  If a third party has your key, they can read your email.  Lastly, code breaking decrypters can decrypt your email.  These are supercomputers that can break all sorts of encryption codes. 

PRS Level 3 - Use a pay phone.  Pay phones are said to number less than 300,000 across the US (down from over 2.5 million in 1998) due to the growth of cell phones and the popularity of the 'Obama phone' program as many low income people used to comprise the majority of pay phone users.  While they are fewer in number, they are still available at very busy locations such as bus stops, airports, truck stops, some hotels (near the conference room areas) and some larger shopping venues.  The phone may reveal the telephone number to your caller, but that won't necessarily do much since it is a pubic payphone and isn't associated with you.  Disadvantages:  This isn't a level 4 because pay phone calls are still subject to metadata collection which can easily identify you, especially if you use the phone multiple times to call different people.

PRS Level 3 - Write a note.  The art of simply writing a note has been falling to the wayside with the invention of e-mail, but it is certainly a great way to communicate privately.  Drop it off personally because all of the USPS mail sent is also harvested for metadata (this will be the subject of a future post).  Disadvantages:  Notes can be found by others.  They also require your presence (or a proxy) which can compromise your privacy and the presence of the receiver.

PRS Level 4 - Modify a wired home intercom system.  A home intercom system is like owning your own private phone company.  You'll want to choose wired, since wireless signals could be intercepted.  Admittedly, this solution isn't for everyone.  But depending on where you are located, you may be able to run the intercom wires, along with the appropriate signal amplifiers, to the homes of neighbors using a system like one of these: http://www.home-technology-store.com/intercom/voice-intercom.aspx.  These systems even allow you to 'call' a certain intercom so you aren't broadcasting to everyone with an intercom unit in their home.

PRS Level 4 - Train a homing pigeon.  Homing pigeons can fly very long distances and communicate messages that are impossible to track without an aircraft.  There is more information here: American Racing Pigeon Union or you can Google 'How to train a homing pigeon'.  There is a whole community of people who can do this for you or can guide you in training your own bird to relay messages for you offering exceptional privacy. 

Why is a prepaid cellphone paid for with cash and registered anonymously only a PRS Level 2?  Because a prepaid cellphone phone number is easily read by the person you are calling, undoing any hope of privacy.  Furthermore, it is an easy job of anyone with access to your calling data to know who you are simply by who you are calling.  No one has to even hear your voice, as a simple computer algorithm will determine who you are because you have a unique calling pattern, much like a fingerprint.  Also, it is very easy to establish your movement by cell tower tracking which is being recorded and stored.  As a result, you are back to your identity being revealed and your movements being tracked.  Perhaps if you were able to block your number and used the phone once in one location then threw it away it could be the equivalent of a Level 3, but simply using a pay phone to maintain your privacy is a much better (and cheaper) Level 3 option.

What other ideas can you think of for increasing the privacy of your communications?  Please share in the comment section below.