Most people over age ten can remember a time when the idea that mobile computing and communications devices spy on their users was considered something that only happened in Hollywood movies. However, after over a decade since Edward Snowden revealed the digital spying apparatus of the NSA, the revelations have been more or less constant. A number of high-level tech security professionals like John McAfee have suffered extensive legal assault for corroborating Snowden’s claims and making their own as well.
To cap it off, there was the Vault 7 WikiLeaks release. This document showed that the CIA and other intelligence agencies can and do employ a wide range of deceptive spying practices, which they use to secretly obtain the personal data of all Americans.
Among the most startling of these revelations was the use of proxy servers to put “Russian fingerprints” on a given cyber attack. Even more frightening are some of the technologies the CIA was said to possess, such as the ability to make a copy of a document simply by having a device in the same room with the target document, and the ability to remotely hack storage devices that are not powered and not connected to the Internet.
Now, we are learning that companies like Google are playing an active role in the collection of private data. This data is being sold with or without user consent to advertisers, and it is being given to government intelligence agencies without your knowledge.
The American smartphone market is among the largest in the world, second only to China. Yet, the average American is frighteningly incurious about what happens to the data that travels through these devices on a constant basis.
The New York Times recently wrote an article on the subject. It read, in part, “… unlike other methods of investigation used by the police, the police don’t start with an actual suspect or even a target device—they work backward from a location and time to identify a suspect. This makes it a fishing expedition—the very kind of search that the Fourth Amendment was intended to prevent. Searches like these—where the only information the police have is that a crime has occurred—are much more likely to implicate innocent people who just happen to be in the wrong place at the wrong time. Every device owner in the area during the time at issue becomes a suspect—for no other reason than that they own a device that shares location information with Google.”
Of course, police performing illegal searches of citizen’s private data is just the tip of the iceberg when it comes to government spying.
Fortunately, some government officials are concerned about these violations of our Constitutional right to privacy. A group of lawmakers recently wrote a letter to Google’s CEO, Sundar Pichai. It was drafted by a bipartisan group of Republicans and Democrats who agree that Americans have a right to have their privacy respected and protected.
The letter asked that user data be regarded as private and left inaccessible by default. Pinchai’s response was less than promising. It read, in part, “… users can delete their location history data, or turn off the product entirely, at any time.”
This answer is unsatisfactory, to say the least. Most operating systems are constructed with a back door that allows intelligence agents and hackers to access a user’s information whether the user gives permission or not. What’s more, most devices come with a feature that sets location data sharing to “On” by default.
There are also a number of so-called bugs that give government agents easy access to user information. For example, a “roving bug” was discovered which enables FBI agents to eavesdrop on nearby conversations.
But the truth is that these “bugs” and “backdoors” are not an accident. They are built in intentionally. Think of your computer as a metal box. Each one will have a “door” that permits the user to access the data inside. But on most devices, those doors come with external hinges that can be dismantled. Most operating systems are like this, allowing competent hackers, police and government agencies to bypass the ordinary log in security measures.
There is little doubt that these accesses are being abused by actors within the intelligence agencies on a regular basis. These spying entities count on the ignorance and general apathy of users.
There is nothing you can do to completely stop these privacy intrusions. But other operating systems, like Linux, are built more like safes. Attackers have to use the mainline access method before they can dismantle the system. Installing Linux has the ability to stop most low-level attacks. Much more overt hacks would have to be used to attack a more savvy user.