How to Beat the NSA Using the Deep Web

The internet is becoming a control mechanism for nation states. You only need to reference leaked information from Wikileaks, Edward Snowden and Chelsea/Bradley Manning to see it for yourself.

Of recent note are the leaks about the NSA’s international and domestic cyber surveillance from Edward Snowden. Some of the leaked documents are titled, ‘Tor Stinks’, ‘XKEYSCORE’ and ‘PRISM’.

But nonetheless this recent enlightenment of government spying leads to a simple question.

What does all this cyber espionage mean for the future of the internet?

On one hand there’s the internet you know and use on a daily basis. You can go about your business on different websites and pretty much do what you like.

But you still find restrictions on what you can do at every corner. From pay-walls and firewalls to blocked content and perceived fear, you can barely go a day without some kind of block.

What you might notice on your day-to-day internet browse is how the internet is now predicting your every move. Ads pop up showing things that are of interest to you. Emails appear in your inbox tailored to you from your favourite sites. In fact your browser predicts where you want to go before you even do.

Funny how that works isn’t it? Because on your typical web page there are hundreds of lines of code that log and track a whole range of information about you.

Here’s a list of things that are recorded when you visit a typical website:

  • Your IP address and how long you spend on that site.
  • Keystrokes from a form you began to fill in.
  • Your email address, date of birth, name, location, gender, and income if you sign in with Facebook

All this information paints a picture of you, what you like and what might be of interest to you.

Now as you’re well aware, you don’t get a say in the matter, let alone any reward for it. I know I can’t remember the last time I saw a credit to my bank for the personal information unwillingly taken from me. Companies collect and on-sell your information and governments collect and keep it. But do you get anything out of it aside from some online ads? No, you don’t. How’s that fair?

Some people say they don’t care who has their information, and that’s OK, it’s their choice. And in the right circumstance sharing of data can be beneficial. It can benefit public health and safety, monitor spread of disease and enhance social interactions.

I’m happy to share some of my information, but of course anonymously. If anyone wants my personal data, I want to have a choice to give it. Should I chose to give my information out I would expect to be rewarded for it also.

Unfortunately that’s not the trend right now. The trend is for companies, organisations, and particularly the government to just take your personal information at will.

However, there is an alternative to the internet. And it’s something you should be familiar with, as it’s going to form the backbone of the internet we mainly use in the future.

Lavabit vs the FBI

First things first, there’s one more example of government control that you might not have heard of but that is important to know about.

To keep your emails private and secure you can encrypt them. For your intended recipient to read the message they need a private Secure Sockets Layer (SSL) Key to decrypt the information.

In short an SSL key is a cryptographic protocol which allows users to securely share information over the internet. This is one of the best ways to keep information locked down, secure, and out of the way of prying eyes.

However, not even encryption can get in the way of an angry government.

Let me tell you a story about Lavabit. Lavabit is an encrypted emailing service. It allowed users to securely and safely transmit emails between one another completely encrypted from the powers that be. Should someone be able to record the data anyway it’d be useless without the private SSL key.

Ladar Levison is the founder and operator of Lavabit. Since 2004 Lavabit has grown to over 400,000 members using their encrypted mail service. It just so happens one of Lavabit’s members is none other than Edward Snowden.

The FBI got wind of Snowden’s Lavabit account and went to Lavabit for some friendly assistance. But they didn’t get the reception they expected.

The FBI ‘came-a-knockin’ at Lavabit HQ in Texas on the afternoon of 28 June. As part of their arsenal were plans to install a pen/trap device on Lavabit’s servers then and there in order to record a bunch of information about Snowden’s email account.

Lavabit didn’t want a bar of it and refused the FBI’s request. Lavabit said they couldn’t provide the information as the user (Snowden) had enabled Lavabit’s encryption services. Lavabit also said they could decrypt the information but they didn’t want to ‘defeat their own system’.

Therefore the FBI got the courts to issue an ‘Order Compelling Compliance Forthwith’ against Lavabit. This would let the FBI install the pen/trap device and record the information they were after. They also expected Lavabit to cough up the SSL keys and decrypt it for them. The following is an excerpt from that order.


Click to enlarge

You’ll also notice scribbled on the end, ‘including the possibility of criminal contempt of Court.’ Meaning Levison and Lavabit would be on criminal charges if they failed to comply. In the tech world, that’s basically a dare. And Lavabit dug their heels in.

In one corner you’ve got the FBI trying to get access to an encrypted email account that uses Lavabit’s email encryption service. And in the other corner there’s Ladar Levison and Lavabit refusing to comply with the FBI’s orders.

Not only did the FBI issue orders against Levison and Lavabit but they also issued a subpoena to Levison to testify in front of a grand jury. And they also issued a search and seizure warrant for the premises of Lavabit to take the SSL key regardless.

To summarise the events;

  • The initial order compelled Lavabit to let the FBI install the pen/trap device. This would record all the information from Snowden’s email account. The court sealed the orders, and put a gag order on Levison.
  • Lavabit refused to install the device. The court threatened criminal contempt of court.
  • Levison raised a motion to unseal the documents. The court denied his motion.
  • He did however agree to let the FBI install the device and get the information they needed.
  • What Levison wouldn’t do was give up the SSL keys that would decrypt the information. This rendered the information the FBI gathered completely useless. The FBI didn’t like this.
  • The court gave Levison a chance to comply with all their orders and hand over the SSL key.
  • Levison responded that in doing so would breach the privacy of the 400,000-plus other users of Lavabit. If the FBI has the Masterkey to everyone’s Lavabit accounts they could do what they liked with everyone’s information. He argued this was in breach of the Fourth Amendment. Also, keeping him under a gag order breached his First Amendment rights.
  • The courts disagreed with him on both issues.
  • As such Levison was compelled to hand over the encryption keys. What happened next is hilarious…
  • Levison sent the FBI the encryption key…on a black and white print out. The SSL key was on 11 pages with nothing but alphanumeric characters, 2560 characters in total. The FBI claimed it was illegible. But they were just lazy, as they said to use the print out would be a ‘laborious process’.
  • This meant to decrypt the information the FBI would have to manually input the 2560 characters without a mistake.
  • Not impressed with Levison’s assistance, the FBI again demanded the encryption key in an electronic format to make it easier for them. To date Levison has refused to abide by this order.

Knowing good and well he’s in the midst of a losing battle Levison has made the ultimate sacrifice and shut down the Lavabit operations.

He’s closed the business to circumvent the FBI from accessing the encrypted information of all Lavabit users. The only way to protect the privacy of the users was to not have the business operation at all.

Should Levison’s appeal against the court orders fail, it’s more than likely Lavabit will resurface outside US borders.

That’s a trend you’ll start to see more of. Why? Because online and digital businesses are getting tired of being poked and prodded by the US. so they’ll shift operations outside of US borders to avoid the pervasive methods implemented by US government branches.

Whether you like it or not the internet is basically a breeding ground for tracking and sequestering of information against your free will. That doesn’t mean it doesn’t have a purpose anymore. But it does mean that everything you do on the internet you should do with caution.

The Deep Web

There is an alternative to the internet. It’s the Deep Web. The Deep Web is the anonymous internet. You access it through The Onion Routing Network (Tor Network) and no one, not even the National Security Agency, can see where you go or what you do.

One of the NSA PowerPoint presentations Snowden leaked, ‘Tor Stinks’, says in the document, ‘We will never be able to de-anonymize all Tor users all the time.’

Translated, that means the NSA doesn’t know what to do about the Deep Web.

The Deep Web is where hackers, whistleblowers, coders, programmers and hacktivists hang out and work. Those in the know realise by using the Deep Web they can make it harder for government to track them.

But for many people they don’t know what they don’t know, and the DEEP Web is a big unknown to many people. That’s why we’re here to introduce you to it.

The thing about the Deep Web is it’s just like the normal internet. It’s a bit more ‘bare bones’, but it allows you privacy and anonymity. You can visit the Tor Project Website to learn more. I also recommend the Tor Browser to surf the internet/Deep Web.

To make something clear, it’s 100% legal to use the Tor Network, so don’t be afraid of using it.

When you’re in the Deep Web be aware there are illegal websites and illegal operations. But there are also those kinds of sites on the internet too. Remember, if it looks like trouble it probably is.

What the Deep Web allows you to do, its real benefit, is you can do what you want where you want with anonymity. Be warned it’s not a 100% failsafe to hiding your identity. But it’s a very good start to making it harder for government to track your online movements and steal your information.

Use the Deep Web for what it’s designed to be, a protection of your privacy and data. Users are often advocates of freedom of speech, privacy and anti-censorship. All necessary values in preserving the integrity of our connected, digital world.

As more people come to realise the benefits of protecting their privacy online, more people will use the Deep Web. And the more people who use the Deep Web, the more effective it becomes.

What this all means is the future will spread across two types of internet. They will branch further apart and eventually separate.

One will consist of the internet you know today as it slowly evolves into a more controlled, surveyed government arm.

And the other will be the Deep Web which will grow and expand. It will allow people to carry on their digital lives, with the ability to choose when they want to part with private information.

The Deep Web is the best way to beat the NSA and it’s the best way for the non-tech savvy to protect their privacy and information. So go ahead, try it out and be a part of the future of the internet.

Sam Volkering
Technology Analyst

Ed note: Sam has just recorded a video exclusively for Revolutionary Tech Investor subscribers where he takes viewers on a tour of the Deep Web. To get a taste for some of the things he covers you can tune in to a video Skype call between Sam and Kris from last week. Check it out here

Written by Sam Volkering

Sam Volkering

Sam Volkering is the technology editor for Money Weekend’s FutureWatch. In this regular column he highlights the latest advances in technology, healthcare and energy. (To have Money Morning delivered straight to your inbox you can subscribe for free here.).

Sam is also the assistant editor and analyst for the new breakthrough technology investment service Revolutionary Tech Investor headed by The Pursuit of Happiness editor Kris Sayce.

In the meantime, if you want to follow Sam’s eye on technology more closely, then we recommend you join him on Google+. It’s where he shares technology insights, commentary and ideas that he can’t always fit into his regular Money Morning essays.

Share this post on...





Leave a Reply

Letters will be edited for clarity, punctuation, spelling and length. Abusive or off-topic comments will not be posted. We will not post all comments. If you would prefer to email the editor, you can do so by sending an email to letters@pursuitofhappiness.com.au