Snoop be gone: How to protect your data from spooks, spies, and misfits

The stark reality of living in a connected world is that there is no 100% secure method of communicating.

However, there are a lot of things that you can do to protect both your own company and personal data.

This article is aimed at personal use of cloud and is also skewed to a New Zealand perspective, for two reasons. The first is that New Zealand happens to be where I'm based and the second is that New Zealand is a safe haven for data. We have good legal constructs without the extreme monitoring that other parts of the world suffer from while we have strong relationships with most Western countries. Storing your data in New Zealand is a smart idea.

Google is your friend. I haven’t explained how to do this in any great detail just what you need to do. Google will find the explicit instructions on what to do.

Start at the beginning
Any device that you have that attaches to the Internet needs a password. Its that simple. Phones, tablets, personal computers, laptops, your wireless router at home, cable modems, AppleTV, your XBOX, and so on.

One of the things that amazed me recently was after getting a new broadband connection I happened to want to change some settings on the wireless router. The username and password was admin and admin. I kinda kicked myself, I should have expected that, but it goes to show that people don’t always take the responsibility to secure their stuff.

Encrypt the end device
Where you can, Google is your friend, encrypt your end device. This means phones, tablets, personal computers, laptops, and so on. Not all devices will allow this, but most (good ones) will.

For example, if you are running later versions of Windows then you want to turn BitLocker on. It will ask you for a passphrase (password), make sure it is strong (long and with numbers), and it will effectively scramble every last piece of data you have using the passphrase as the key to unlock it.

That means that if someone steals your stuff, then they can’t read it. Obviously, you need to keep that key in your head, because anyone who finds it is going to be able to get at your data.

While there are tools out there that claim to be able to crack encryption, they rely on finding the passphrase. Most encryption these days is at least 256bit, the last time someone broke 64 bit encryption (significantly less than 256), it took four years (2002) and an army of machines.

Keep your devices up to date with patches
Again, use Google to find out how to ensure that you are getting either automatic updates or regular notifications of when updates are available. Every device will do this. It ensures that any holes that are discovered are regularly patched.

Use firewalls, virus checkers, and the like for all devices
Make sure that you have turned on the standard firewall settings for all your devices along with antivirus. Including your phones, particularly if you use Android (non Apple).

Encrypt your connection
Here is where it gets a little more complicated and you might need to drag out the family geek to get this setup as well as your wallet.

The traffic that flows to and from your devices is not encrypted and it is stored by pretty much everyone. You have a unique address on the internet that associates you to that data. This means that as you traverse the web companies, spy agencies, and anyone who your data passes through can collect it.

And that means everything. Email, your web history, files that you send, photos, videos, your skype conversations, messaging, and well … everything.

However, you can encrypt your connection the same as your local drive including the ability to stealth your address so that nothing can be associated to you.

There are a variety of ways to do this and a search on Google for “secure VPN” (virtual private network) is a good place to start. For those of you who are down here in New Zealand check out Astrill, it is generally accepted as the best VPN in this part of the world.

Astrill allows you to install the software on any device, including your phone, or your home wireless router. Like I said, you’ll need the family geek to sort it out for you.

A VPN, encrypted connection, should be mandatory every time you use someone else’s network, especially open and “free” wifi.

What a VPN does is encrypt all traffic as it leaves your devices and then it gets tricky. Rather than sending it straight to the internet it is routed through the VPN company where it pops out of the internet through their own firewall and protection devices with their address, not yours.

As an aside, if you want to watch overseas content that is blocked in your country, say British TV, then a VPN will allow you to do it.

The traffic is then returned back via the same route to your device.

If you simply want to encrypt aspects of your connection, then there are point tools available to do that as well. For example, Silent Phone provides an encrypted VoIP service for a monthly fee.

If someone is collecting your traffic data then all they are getting is an unreadable bunch of encrypted gibberish.

Social Media
Everything you put on here is for sale. It’s really simple. Treat these as completely insecure.

Online file storage
The golden rule here again, is to choose online file storage that is encrypted, where only you hold the password.

The only you hold the password is important if you want to be completely secure, because if both you and the online file store hold it, then the online store can use it to access your stuff, or give away your key to someone else.

One of my personal favourites is Home Drive. Based in New Zealand it is relatively cheap compared to overseas offerings, it encrypts your data, you hold the key, it’s backed up, it does file revision, and it has a very cool “self destruct” capability.

If someone steals your stuff, makes it past your laptop password and encrypted drive password, and gains access to Home Drive, you can tell it to shred your files remotely.

Another emerging technology is distributed online storage. This is in its infancy but is worth its own section.

Distribute your stuff everywhere, in small pieces

This is sheer genius. This means that as long as you never tell anyone what your unique key is, the chance of anyone getting at your data are about the same as, well, its possible there is no chance.

It works like this. You encrypt the files with only the key that you have and then rather than it sending it to a single location, like Google Drive, or SkyDrive, or similar, it chops the encrypted data into tiny pieces and then stores the pieces all over the world on other people’s laptops and PC’s.

At your end, it remembers where the pieces are, so that it can bring that data back to you when you want it, and, it makes multiple copies so that if someone drops off the grid, or their PC crashes, you’re still safe.

Now, there are a couple that you can try and they come in slightly different flavours, Infinite (in Alpha) and Symform are relatively new, but a lot better, and just about to go general availability, is Space Monkey.

Space Monkey gives you a Terabyte of space, that’s 1,000GB, for $10 US a month. For that you get a device that sits on your network which you create a password for. It appears like any other drive on your computer and you copy the files you want into the Space Monkey. You can also share that with other people.

It then manages all the encryption and breakup of the files in the background, your computer doesn’t need to be on. It looks for other Space Monkey’s, chops all your encrypted files into small pieces, and then sends them to other devices out there on the internet. This means that you don’t need your computer on all the time and you can access your files from any other device attached to the internet.

If you Space Monkey gets stolen, they send you a new one, which then just plugs itself into the grid and reproduces all your data.

The idea behind the distributed method is simple; data is not stored in a single location in an entire file. It’s all over the place and utterly unreadable to anyone who doesn’t have the key.

A word on your small to medium business
All of the sections listed in this blog are identical for your small business. It takes a geek, and a little more setup time, and money, but you can get all of these security features for your team. If you are interested in this approach, there are a couple of really good local Cloud Brokers who can help you out, use our contact form and I’ll send you their details.

Summary
It’s an annoying fact of life that you need to spend time, money, and energy, to secure your stuff. However, with the armada of listening devices, agencies, companies, ISP’s, and criminals that spend trillions copying your stuff, its worthwhile.

Not surprisingly, they hate the fact. In the US lawmakers are trying to pass legislation that demands that any cloud provider must keep a copy of your keys. In other words, so they can get in if they want too. New Zealand is a long way behind in this kind of legislation, we’re still proposing just letting the government get at our Telcos.

And yes, criminals could use this information to be criminals, and guess what, they do. There is nothing here that is not immediately findable on the web and at the end of the day, if the man comes to your door one day with a warrant, you’ll need to give up your keys. Or go to jail. In New Zealand at least.

Ian Apperley is an independent cloud computing consultant. He posts at whatisitwellington.com.