Opting out of PRISM, the NSA's global surveillance program

As you will have no doubt have seen in the news, the National Security Agency (NSA), a US government agency, has been running a hitherto top-secret global surveillance program called PRISM, in collaboration with US technology giants Microsoft, Google, Yahoo and Facebook among others (although Twitter was conspicuous by its absence from the leaked presentation slides).

Basically if you visit the website or use an application or Operating System of one of the collaborating companies, PRISM clandestinely logs your online activities. The activities of the NSA were leaked by ex-CIA operative Edward Snowden to Glenn Greenwald and hence the Guardian and the Washington Post (although the Washington Post subsequently heavily edited its story).

This article examines suggested alternative software and services according to the site PRISM Break and gives an analysis of the events. In any case, the Internet needs to be protected from governments and big corporations.

Which companies participated in PRISM

The following companies are involved in the PRISM scandal, according to the PRISM presentation slides:

Participating company	Since
Microsoft	11/09/2007
Yahoo	12/03/2008
Google	14/01/2009
Facebook	06/03/2009
PalTalk	07/12/2009
YouTube (owned by Google)	24/09/2010
Skype (owned by Microsoft)	06/02/2011
AOL	31/03/2011
Apple	October 2012

All the aforementioned companies are known for producing and providing proprietary closed-source services. Naturally, all Microsoft and Apple software is paid. Moreover, some of the above like Microsoft and Apple as well as Google are also known for their vendor lock-ins.

Twitter, however, is conspicuous by its absence from the slides, and does have a track record of attempting to resist demands to hand over data. Nonetheless, the PRISM Break website includes Twitter on its list of services to avoid due to Twitter itself being proprietary and closed source.

Suggested alternatives according to PRISM Break

The PRISM Break website gives a comprehensive list (in several languages as well as English) of free and open-source alternatives to proprietary and closed source software, and which also avoids sending data to the US NSA.

This website includes a list of recommended/alternative web browsers, web browser add-ons, web search, map services, instant messaging services, video conferencing / Voice over IP (VoIP), social networking, cloud storage, document collaboration, media publishing (WordPress.org, Noblogs.org, ZenPhoto, Piwigo, and MediaGoblin), email services, email clients, email encryption (OpenPGP, GPG, TorBirdy and add-ons based on OpenPGP), online financial transactions (BitCoin and alternative cryptocurrencies), web analytics (Piwik and Open Web Analytics), DNS providers, Darknet, Meshnet, alternatives to Android, warnings about Apple iOS (it is insecure), recommended Operating Systems, Live CDs and Virtual Machine images, XMPP Servers (for secure encrypted IM, OTR messaging, video-conferencing, gaming etc.), and SIP Servers (for secure encrypted video-conferencing and voice calls).

For example, instead of using Microsoft Internet Explorer, Google Chrome or Apple Safari, it recommends Firefox (which I use personally), GnuZilla IceCat and Tor Browser Bundle (the latter is encrypted).

And instead of using Microsoft Windows, Google Chrome OS, or Apple OS X, use one of the recommended Linux or BSD Operating Systems on your computer - Mint, Fedora, Debian and especially Trisquel are recommended by PRISM Break.

The PRISM Break site is a highly recommended read for anyone concerned about their privacy.

There are caveats however, for example PRISM Break warns that Mozilla Firefox and Mozilla Thunderbird recommend non-free add-ons, what to watch out for when using Tor (performance-related and complexity of setup), that there is no truly viable free and open-source search alternative although YaCy is promising. It is thus highly recommended to look at the Notes section for each entry in the PRISM Break website.

What you can also do to protect your privacy

In summary, you can do the following to protect your privacy:

• Avoid social networking sites if you can, except for those recommended on PRISM break. However, it is possible that some of those social networking sites not connected to PRISM, particularly the proprietary sites, could be in the future (such as Twitter)
• Surf using HTTPS - either using the HTTPS Everywhere plugin for Firefox, the Tor plugin for Firefox, or by using the Tor browser (which uses HTTPS everywhere as standard)
• Create an alternate identity, then surf using a Proxy/VPN - Using an alternate identity for all digital communications, and using a Proxy or VPN to obscure your physical location
• Encrypt your phone calls, or use a burner phone - You can either use burner phone services with disposable phone numbers or encrypted phone calls, but some of the services could be nullified by NSA backdoor access, and voice analysis could be used to trace the calls back to your identity.

Recommendations if you still intend to use the services involved in PRISM

If you still intend to use Facebook, Google, Microsoft, Youtube, PalTalk, AOL, Skype, Yahoo, Apple or DropBox services, it is best to treat these services as though you are in public (even if the said services are secure), so it is best not to divulge personal information at all on these services, especially in terms of content. And of course common sense applies, make sure you are within the law and never do anything illegal and immoral. Even though Twitter is not mentioned on the PRISM slides, the same advice applies.

How was this possible

A prior surveillance program implemented after the 11th September 2001 (authorised under the USA Patriot Act 2001, which authorised the "collection of business records" among other things) was criticised and regarded as illegal due to not including warrants issued by the secret Foreign Intelligence Surveillance Court (a court established as long ago as 1978, when the original Foreign Intelligence Surveillance Act was passed).

PRISM was enabled by the said court, enabled under President Bush under the Protect America Act 2007 and the FISA Amendments Act 2008. Congress under President Obama renewed this act for five more years.

It is worth noting that FISA Amendments Act 2008 enables intelligence agencies to monitor phone, email and other communications of US citizens for a week without a warrant when one of the parties is merely suspected of being outside the US. This enables US citizens to be spied on without a warrant, and US phone and internet companies are required to hand over data to the NSA or law enforcement agencies, and are forbidden from disclosing their involvement in surveillance.

In summary, human rights have been eroded in the US (and also the UK and other countries) in the name of "security" and "fighting the war on terror", among other things. Obviously they have not been eroded overnight, but gradually. The pattern is the same, first there is some event which arouses fear and hysteria, then the government either takes away some rights or declares a "state of emergency" or war.

What else is going on

Documents leaked by Edward Snowden have revealed that the US, with the aid of PRISM, has been spying on the EU mission in New York and its embassy in Washington. One document lists that 38 embassies have been bugged by the US, including those of France, Italy, Greece, India, Mexico and South Korea. The US has also been bugging the EU building in Brussels during the EU-US Free Trade talks. There was considerable anger aroused throughout the world, including in EU countries. The German Justice Minister Sabine Leutheusser-Schnarrenberger said that "If the media reports are accurate, then this recalls the methods used by enemies during the Cold War".

US Government and mainstream US media reaction to the leaks

The US government does not like leaks, has vowed revenge and is attempting to get the whistleblower Edward Snowden extradited. Snowden, who is attempting to gain political asylum, is currently in Moscow and his passport has been cancelled by his government. This is not the first time the US government has vowed revenge, remembering the leak of the US diplomatic cables through WikiLeaks - the government and opposition reaction in the US was vindictive to say the least. As a result, Julian Assange (who is believed to have risked facing extradition to the US if he was handed over to Swedish authorities on unrelated charges first) has been seeking asylum in the Ecuadorean embassy in the UK, while Bradley Manning is on trial and has already faced solitary confinement, both after leaking the US diplomatic cables.

Regarding the NSA spying scandal, it is also worth noting that the mainstream US media chose to focus on Edward Snowden and Glenn Greenwald rather than what has been leaked.

Who else was involved in PRISM

The UK's GCHQ has also allegedly been involved in using PRISM to bypass procedures (although recently cleared by an initial inquiry which was labelled as a whitewash by civil liberties groups), as well as maintaining its own spying program called TEMPORA, allegedly with even less regulatory oversight than of the FSA the United States. It is also claimed that both countries, along with Canada, Australia and New Zealand are alleged to have been involved in intelligence sharing with the US, as members of the Five Eyes alliance.

The need to protect the Internet from corporations and governments

In order to guarantee free speech and privacy, the Internet needs to be protected, especially against government and corporate interference. The government, often in the name of "national security", or corporations or their representatives and lobbyists (or both considering the merger of state and corporate power in the United States and other countries) in the name of fighting "piracy". While fighting piracy and serious crime is legitimate and should be done, these should not be used as an excuse to curtail freedoms and basic human rights.

Privacy is a human right, everyone has the right to privacy. The same applies for free speech and alternative ideas, points of view and thoughts. It is really not worth giving up any rights or liberties in the name of temporary security. And the price of liberty is indeed eternal vigilance, we need to be watchful against attempts to curtail freedoms, and not be distracted. At the same time, we need more freedom, not less.

Sources and further reading

• PRISM Break - A comprehensive guide to free and open source alternative software and services which avoid NSA spying
• Extreme Tech - How NSA's PRISM affects you and how to protect yourself from being spied on
• The Guardian - NSA Prism program taps in to user data of Apple, Google, and others
• The Guardian - NSA's Prism surveillance program: how it works and what it can do
• The Guardian - UK gathering secret intelligence via covert NSA operation
• The Guardian - Inquiry into snooping laws as committee clears GCHQ
• ZDNet.com - The real story in the NSA scandal is the collapse of journalism
• ZDNet.com - Verizon records vacuumed up by NSA under top secret Patriot Act order
• The Guardian - New NSA leaks show how US is bugging European allies
• Guardian - Edward Snowden hailed as hero, accused of treason - as it happened
• The Guardian - US Embassy cables leak sparks a global diplomatic crisis
• Euronews - Bradley Manning trial begins
• The Guardian - Bradley Manning defence rests after just calling 10 witnesses
• The Guardian - Julian Assange will not leave Ecuadorean embassy even if Sweden drops extradition bid
• Reactions to the US diplomatic cables leak (Wikipedia)