Who gathers your data and what you can do about it?

The revelations of the surveillance program of the US National Security Agency (NSA) has shown that no one is protected from being spied upon. Diplomats, political activists, as well as journalists around the world, are becoming increasingly vulnerable to online surveillance. Anne Roth is a researcher for the NGO Tactical Technology Collective that trains rights advocates how to use information and communications technologies.

DW Akademie’s Natalia Karbasova spoke to Roth about the biggest risks journalists face online, and about the parties interested in gathering all relevant and irrelevant information: from local authorities to national secret services.

Is it possible for journalists to completely protect their online privacy?

Complete protection is not really possible. It will not be possible in the future either, since we need to supply our data to an internet provider to go online in the first place. The question is rather: what do you want to be secure from? If you want to be sure you are not being tracked by the advertising industry, you can use an adblocker as a browser plugin and configure it manually. If you want to shop online and at the same time protect your identity, you can use secure online payment services like Paysafecard or UKash. If you want to use internet services without disclosing your IP address, you should use the software Tor. Still, this personal anonymity is only guaranteed if you don’t use your personal log-in data while browsing the web.

What are the biggest security vulnerabilities online?

There’s no general answer to this question. It depends on whether you are a big company, a journalist or just a normal user. Access to data which are being transferred unencrypted through email or other internet services pose a big problem. If data transfer isn’t SSL-encrypted (you can see this encryption in your browser address bar which says “https://” instead of “http://”), it can be easily intercepted in an open WiFi network.

It is especially Windows users who face security problems. There’re numerous viruses and malware for Windows out there since this operating system is wide spread. They use unknown security weaknesses of Windows or install standard software and browser plug-ins to get daily access to the computer. That’s why is it is extremely important that you install the latest updates and the latest software.

You should also be really careful and limit yourself to the software, plug-ins and add-ons you really need. You can also protect yourself by installing a personal firewall and a virus scanner.

How do I know I’m being spied upon?

Normally you won’t discover if you’re being kept under surveillance by the authorities. In Germany, you have the right to request this information from the German Federal Intelligence Service and other services. The question is, if you get the answer. Foreign secret services like the NSA don’t provide any information to non-US citizens.

Who is interested in gathering my private information in the first place?

On the one hand, we talk about authorities, on the other hand, about companies. Their motives and methods differ of course. Secret services gather information on internet usage and on users not only to protect their country against terror attacks, but also to exchange this information with foreign secret services which are not necessarily able to track the global internet traffic on their own. The approach of the secret services can be described as “full take”: you take so much information as you can. Edward Snowden and other whistleblowers have shown that secret services often use special interfaces, which global companies have provided them with. Secret services also use intercontinental internet lines.

You have to be extremely cautious when it comes to using free services on the web. Remember that you still pay for it, but in a different manner, that is, not with money but with your data. That’s when you stop being a client and become a product.

What do companies do with the data they collect?

The data are collected through third-party cookies – little text files – users accept by browsing the web. Most users are not aware that they interact with other, third, parties when reading a news or any other website. These sites get paid to let the third parties have access to their users’ data. The more information is known about a user, the more valuable and up-to-date is his or her profile.

The advertising industry uses profiles for individual ads. Financial and insurance industries use your profile data to give predictions and to calculate how expensive their services should be for the end customers. By the way, the German registry office also sells your data, which many of us don’t know.

What’s so bad about it?

The problem of such data pools is, data collectors want more and more data. The intended use is often expanded later without updating those affected. That’s why I would recommend to be very careful with requests to share your address, you date of birth or the data of your children.

There’s an ongoing discussion in Germany following the data retention directive of the European Union. It regards retention of communication meta data. It is basically the same as gathering of metadata which is being intensely debated in the light of Prism. You can easily generate motion profiles and networks with the help of these data, which show who knows whom, who makes calls with whom and how long these calls last. The initial purpose of the initiative was counter-terrorism, but it’s obvious that even here others are interested to extend access options.