No communication is 100 percent secure. But, activists and journalists can be their own watchdogs when it comes to protecting their privacy online. For the past two weeks I have sought to look into tools which can be used to protect digital surveillance.
Activists in South Africa have raised concerns that state intelligence structures may be monitoring their activities. This is what commentator Jane Duncan terms as the ‘rise of the securocrats’, where South Africa’s security cluster is becoming increasingly powerful, secretive, and involved in political affairs of the country. Secrocrats is also defined as a military or police officer who holds an influential position in the government; an advocate of the close involvement of military and police officers in government.
While they have established instances that this could be happening in the country, civil society is playing a significant role to challenge the government on this matter.
Thanks to Right2Know for challenging the state on calling for a new Inspector General for Intelligence (IGI) – the public protector of the spies – to be appointed urgently. R2K is a democratic activist driven organization, also known as a umbrella social movement under which are non-governmental organizations addressing issues that affect citizens such as social justice, electricity, labour issues, human rights, etc. Its mandate is to defend and advance the free flow of information necessary to meet people’s social, economic, political and ecological needs.
What does ‘monitoring’ mean?
According to Right2Know monitoring also used interchangeably as ‘surveillance and intelligence gathering’ is when state bodies are collecting information on the activities of an organization or individuals. There are several kinds of surveillance such as monitoring public websites such as blogs, Twitter and Facebook; news media; attending public meetings openly or posing as a member of the public during gatherings, people’s phone calls, electronic mails or Internet usage-sometimes called signals interception or “bugging”.
Nonetheless the list is endless but electronic surveillance is becoming more a popular as many people are establishing communication online more than in person. Electronic surveillance is hard to trance however, it is vital for journalists and activists to have mechanisms to protect their communication.
I have established seven user-friendly applications that can be used to build more private platforms online. These tools are Signal, TextSecure, RedPhone, MiniLock, Meet.Jit.si, Mailvelope and SpiderOak.
Signal is a free and open source app that replaces your regular Short Messaging Service (SMS) messenger app, allowing you to send and receive SMS messages as normal, except that when texting other Signal users in your contact list, all messages are automatically encrypted. What does this mean? Encryption and decrypting content requires a complex password- known as a key-for authentication. Very often, this key is held by the company providing services such as email or web hosting, so they have full access to your data. Governments can compel the company to hand over your information, or try to back into its servers to get direct access.
When texting non-Signal users you are given the option to invite them to Signal, or can simply send a message as normal via (unencrypted) SMS. Note that in the past TextSecure allowed users to send encrypted messages over SMS (as opposed to the internet), but this feature was removed from TextSecure due to lack of interest, and is not present in Signal.) Signal is works like TextSecure and RedPhone as Open Whisper Systems released Signal app for iOS that combines the functionality of TextSecure and RedPhone, making it a compatible app for iPhones.
This means that existing Android users will find TextSecure app automatically updated to Signal, while RedPhone users are advised to uninstall the app (and install Signal instead, if you do not already have it installed).
TextSecure and RedPhone
TextSecure and RedPhone are Android apps developed by security outfit Open Whisper Systems. They provide secure encrypted text chat and Voice over Internet Protocol (VoIP) voice call capabilities respectively. VoIP (voice over IP) is an IP telephony term for a set of facilities used to manage the delivery of voice information over the Internet.It involves sending voice information in digital form in discrete packets rather than by using the traditional circuit-committed protocols of the public switched telephone network. These two tools are regarded among others as the best (and arguably the best) options available for keeping your conversations private on Android.
TextSecure is easy-to-use. It looks like WhatsApp but encrypts texts, pictures, videos and audio. It is an open-source and provides end-to-end encryption. Open source can be defined as the code used to write computer software, usually privately-owned, meaning that whoever developed it has sole access to it. Open-source code is available for anyone to see and analyse. While it might seem counter-intuitive, this is widely considered to be the best way to make software secure. It helps ensure it does not do anything nasty, like providing a ‘back door’ for intelligence agencies, and to be discovered and patched up.
End-to-end encryption means only you know the key, and your communications stay private. To the company transmitting your messages, or anybody trying to intercept them, they will look like a long string of random numbers and letters. Third parties can know who you communicated with, but they cannot see your messages.
RedPhone encrypts all voice calls end-to-end over the internet, so you only pay for the Wi-Fi or data. It is free and open source.
MiniLock is a free and open source, web plug-in that lets users encrypt and share files- including videos, email attachments and photos. You upload and send your file using a unique ID, so it can be downloaded by the person you share it with. miniLock uses your email and secret passphrase to generate a miniLock (identity) ID. miniLock IDs are small and easy to share online. Anyone can use your ID to encrypt files to you, and you can encrypt files to friends using their miniLock IDs. MiniLock uses modern cryptographic primitives to accomplish this securely.
Meet.Jit.si helps secure video calls and instant messaging. It secures voice and video calls, video conferences, instant messages and file transfers. It runs directly in your browser, encrypting calls and chats end-to-end. For a desktop version, try Jitsi for Windows, Linux, Mac OS X and Android. It is free and open-source (reference).
This is a web browser add-on online privacy tool, providing end-to-end email encryption. Mailvelope can be configured for almost any web-based email provider, including Gmail, Yahoo and Outlook. It is free and open-source.
SpiderOak is a US based cloud sharing and storage tool. Like Meet.Jit.si, SpiderOak is also accessible through an app for Windows, Mac and Linux computer platforms, and Android, N900 Maemo and iOS mobile platforms. Unfortunately it is not an open-source but, some components of it are. But, it assists users to back-up files, sync between devices and share files privately. It fully encrypts your data end-to-end, so even the company cannot see your documents. SpiderOak costs US $12 a month (approximately R150- R200). In a July 2014 interview, former NSA contractor Edward Snowden recommended SpiderOak over Dropbox, citing its better protection against government surveillance.
As intelligent agencies intrude on people’s information and communication, especially online, it is worth noting that it is hard to detect electronic surveillance. But, using available applications to protect your privacy online is better than no protection at all.