How To Keep NSA Computers From Turning Your Phone Conversations Into Searchable Text

https://firstlook.org/theintercept/2015/05/08/keep-nsa-computers-turning-phone-conversations-searchable-text/

Version 0 of 1.

(This post is from our new blog: Unofficial Sources.)

As soon as my article about how NSA computers can now turn phone conversations into searchable text came out on Tuesday, people started asking me: What should I do if I don’t want them doing that to mine?

The solution, as it is to so many other outrageously invasive U.S. government tactics exposed by NSA whistleblower Edward Snowden, is, of course, Congressional legislation.

I kid, I kid.

No, the real solution is end-to-end encryption, preferably of the unbreakable kind.

And as luck would have it, you can have exactly that on your mobile phone, for the price of zero dollars and zero cents.

The Intercept’s Micah Lee wrote about this in March, in an article titled: “You Should Really Consider Installing Signal, an Encrypted Messaging App for iPhone.”

(Signal is for iPhone and iPads, and encrypts both voice and texts; RedPhone is the Android version of the voice product; TextSecure is the Android version of the text product.)

As Lee explains, the open source software group known as Open Whisper Systems, which makes all three, is gaining a reputation for combining trustworthy encryption with ease of use and mobile convenience.

Nobody – not your mobile provider, your ISP or the phone manufacturer — can promise you that your phone conversations won’t be intercepted in transit. That leaves end-to-end encryption – using a trustworthy app whose makers themselves literally cannot break the encryption — your best play.

As Lee writes:

Signal’s code is open source, meaning it can be inspected by experts, and the app also supports forward secrecy, so if an attacker steals your encryption key, they cannot go back and decrypt messages they may have collected in the past.

Using Signal and Red Phone means your voice conversations are always full scrambled. As Lee wrote:

Other apps with encryption tend to enter insecure modes at unpredictable times — unpredictable for many users, at least. Apple’s iMessage, for example, employs strong encryption, but only when communicating between two Apple devices and only when there is a proper data connection. Otherwise, iMessage falls back on insecure SMS messaging. iMessage also lacks forward secrecy and inspectable source code.

Signal also offers the ability for power users to verify the identity of the people they’re talking to, confirming that the encryption isn’t under attack. With iMessage, you just have to take Apple’s word for it.

The big announcements by Apple and Google last fall were about encrypting data on users’ phones, not the calls made by those phones.

Although regular phone calls on the iPhone are not encrypted, Apple’s extremely popular FaceTime service is encrypted by default, as is iMessage. So when you’re using those services (with another Apple user) your conversations are encrypted whether you knew it or not.

There are of course some caveats, as Lee writes:

It’s important to keep in mind that no technology is 100 percent secure, and an encrypted messaging app can only be as secure as the device you install it on. Intelligence agencies and other hackers can still exploit security bugs that have not been fixed, known as zero day exploits, to take over smartphones and bypass the encryption that privacy apps employ. But apps like Signal go a long way to making mass surveillance of billions of innocent people infeasible.

Photo illustration by Dan Froomkin and Connie Yu.