With all the privacy laws currently in force in Australia, most people would assume that their most personal details would be safe from intrusion, however this is one of the great myths propagated by various agencies, especially the Australian Government and the Australian Taxation Office. In reality, the public are literally lambs being led to the slaughter - legally.
Some years ago, the Australian Government tried to introduce a universal identity card but this was emphatically rejected by the electorate. This card would have turned each person into a number that could be used to cross-link databases, thus rendering available any information that Big Brother needed to monitor the doings of everybody. Tax records would be linked to medical, legal, consumer and other personal data to produce a detailed profile of anybody in the community.
Not succeeding with the Australia Card, the government decided to implement the Big Brother system by stealth. Legislation was passed that allowed Medicare, tax records and other government databases to be linked to correlate the same data that would have been available under the Australia Card. Along with this, the government legislated to force financial and other institutions to provide the Australian Tax Office and other agencies access to their databases. Thus the government could monitor all bank transactions and tie them in with any other activity of any person or business. With the advent of the GST with its requirement for very detailed financial reporting, nobody is safe from government intrusion. But it gets worse.
Not surprising, the most recent move by the government to erode privacy is legislation that allows certain agencies to surreptitiously hack into people's computers and examine any data found on them. So not only do citizens have to suffer their private details to be freely accessed by any government flunky in the right position, but now Big Brother is permitted to hack into their private computers and pillage their most intimate data, even if it has nothing to do with any relevant investigation.
There are many ways for people to fight back. The following methods can really stymie anybody who is trying to find out too much about you and I firmly believe that my methods are perfectly legal:
It was revealed that in many nations, customs officers and border protection authorities routinely search the luggage of incoming passengers before that luggage is made available for pickup by those passengers. For instance in Britain, under little-known powers designed to stop drugs, weapons and other contraband entering the country, customs staff can search bags at ports and airports without informing the owner. But border staff have been discovered carrying out the searches without proper authorisation. Some officials admitted that they would read confidential legal and medical documents if they found them in luggage, despite it being against the law.
Officials can require passengers to open their luggage if they are stopped while walking through the customs channel. These searches take place in front of the passenger, who can see when items are being opened. But covert luggage searches are carried out on inbound flights after items are taken off planes but before they are placed on the carousel for passengers to collect. So how do people prevent these covert searches?
There are a few fairly good and failsafe methods. One is to have luggage wrapped in plastic sheeting, with the owner's signature written with a marker pen in strategic locations. If anybody tries to remove the sheeting before the luggage is retrieved by the passenger, it will be apparent that somebody has tampered with it. Another way is to tie the luggage up with a non-stretch strap that is secured by a top-class combination lock, not one of those cheap little locks with four dials that can be picked open in a few seconds. A really good combination lock made by companies such as Sargeant and Greenleaf, Assa Abloy, Master and a few others will be suitable.
Given enough time, most key locks can be picked. Combination locks are much harder to pick, especially high-quality models. But the essential issue at airports is time. Border protection and other officials do not have a lot of time to try and crack open an item of luggage, rummage through it, then get it to the luggage retrieval area while the passenger is going through immigration and then proceeding to go and retrieve his bags. So if these officials cannot covertly open luggage within a few minutes because it is secured with an unpickable lock, plastic sheeting or any other good method, they will have to allow the luggage to proceed to the pickup area intact. Then if Customs wants to inspect the contents, at least this will be done in front of the passenger, who can object to items such as confidential documents being read.
Of course the idea is to never have anything sensitive in luggage when travelling to any place where somebody has the right to inspect the contents. These days, sensitive documents can be encrypted with very robust uncrackable algorithms and stored on flash RAM cards. Even if authorities find those cards, the decryption key can be withheld and they will have no hope of deciphering the contents. The same goes for sensitive material on notebook computers and smartphones. This data should always be encrypted and stored on flash RAM cards that can be hidden or destroyed before they are found.
An even better way to transport sensitive material across borders is to simply not do it physically. if this material is stored on a Network-Addressed Storage (NAS) system with Internet Cloud facility. The data on the NAS can be accessed by a form of encrypted Virtual Private Network from any place with Internet access. So for instance, the traveller can get on an aircraft from Sydney to London with absolutely no sensitive data, go through British Customs and any other security without any compromising material, then access the sensitive data via his encrypted link to his NAS in Sydney and either read it on-line or download it to his notebook computer. There are many way to stymie intrusions and searches completely and everybody should always take these precautions. It's not a matter of having something to hide. It is a matter of principle that people have a right to privacy and it should not be covertly violated by anybody.
Governments keep amazingly comprehensive databases on all Australians, linking taxation records to transactions, medical information and other data. Obviously people who wish to avoid being caught up in this regime of surveillance need to eliminate or at least minimise any activities that will leave a digital fingerprint of their activities.
Do not hand out any details such as Medicare number, credit card number, driver licence number, tax file number or any other items that can be entered into a database to anybody who does not need them. Any company that holds your personal data may be forced to legally disclose it to Big Brother at some time.
Do not invest with banks, credit unions, building societies, stockbrokers or any places where the government can access your records or data. Before dealing with any institutions, always ask whether they are required to report your transactions and whether their databases are able to be accessed by other agencies. If so, avoid dealing with them. Often the best and most profitable investments are portable goods such as artworks, stamps, coins, jewellery, collectables and anything that can be bought and sold for cash, leaving no paper trail whatsoever.
Financial institutions are forced to report any transaction over $10,000 to the government, so always make your transactions in sums less than this. Although there is a most peculiar law in force that makes it an offence to make financial transactions below $10,000 for the purpose of avoiding the reporting regime, it is hard to believe that people could be convicted for doing nothing more than moving their own legitimately acquired money around as they see fit. However this has already occurred, so it is wise to be very cautious when dealing with money transfers.
There are many offshore havens where authorities literally cannot access any information. The most secure place at the moment is Liechtenstein, where the business and banking privacy laws are probably the most draconian and secretive in the world. It is absolutely forbidden under any circumstances for banks there to allow any access whatsoever to client data. Companies can be formed in Liechtenstein where their registered offices are nothing more than plaques in a lawyer's wall and the names of proprietors and all business conducted by them is kept totally secret and absolutely unavailable to any government or other agency.
As for other havens, the Cayman Islands are a fairly safe bet, as the USA Government has found out to its chagrin when unsuccessfully attempting to access banking records. Closer to home, Vanuatu has also become a very comfortable banking location for Australians who value their privacy. Switzerland is not such a good secrecy haven these days, with various nations being allowed to access data if allegations of criminal activity are presented to the Swiss authorities.
With the advent of the Internet, stock and other financial transactions can be made using companies based in secrecy havens where authorities cannot access any data. Although the Australian Government requires people to report offshore accounts and transactions, there is little that can be done without hard evidence. If such reports are not made and hard evidence cannot be acquired from those offshore havens, without an actual confession prosecution is literally impossible without solid substantiation of any misdeeds or crimes.
A good policy is to insist that you be paid in cash. Most people do not realise it but under Australian law, the only legal tender is good old-fashioned cash. A cheque is nothing more than a promissory note that can be dishonoured and does not constitute legal tender. If payers request to make direct bank transfers, they can be told that there is no account available, therefore only cash can be accepted. It is surprising to see the response of institutions when they are told that they are required to pay their debts in "coin of the realm" only, as it is the only form of legal currency. When they are faced with this legal requirement, they generally comply with requests for cash payment without problem, otherwise the threat of legal action often brings speedy results.
On the other hand, make as few payments as possible that could be traced back to you, such as using credit cards or writing cheques. The best way to avoid leaving a paper trail is to deal in cash only, and there is absolutely no law against that. Some institutions, including the Australian Tax Office, will not accept some payments in cash. An interesting exercise is to force the issue and demand that creditors accept cash. If a creditor refuses payment in legal tender, then that debt is legally forgiven and no longer exists. Once you tell creditors that if they refuse payment in cash that the debt will be cancelled, they generally accept cash with alacrity.
The case of Australian Wikileaks founder Julian Assange being pursued by the Americans for exposing their dirty laundry shows how important it is to ensure that all links to sensitive information and communications be prevented from being accessed by authorities and courts. For instance, a person's Internet communications can easily be traced via email account information, IP addresses and other means.
Confidential data on social networking facilities such as Facebook and Twitter are subject to legal intrusion, as was seen in March 2011, when a US federal judge ruled that the US government may demand that associates of Julian Assange hand over Twitter account information in the investigation by the Americans into Wikileaks. Because Facebook and Twitter are physically located in the USA, they fall under US jurisdiction and confidential material can be obtained by court orders or warrants.
There is one major lesson to be learned from this. If you don't want authorities and courts tracking your communications and getting access to your Internet activities, then you have to cut the links that show what you have been doing and where you have been browsing. The best way to do this is to use an anonymous proxy server or a Virtual Private Network (VPN). Most people do not have access to a VPN, but anybody can access a myriad of anonymous proxy servers all over the world.
So let's say that you have sensitive information that you want to leak to newspapers or whistleblower websites such as Wikileaks. If you send this material via regular emails, this can easily be tracked. But if you log onto an anonymous proxy server that is physically located outside Australian jurisdiction, then transmit the confidential information to the recipient, the link from you to that recipient is completely broken by the anonymous proxy server.
There are many of these facilities right out of the clutches of the sort of nations that would demand your confidential data by court order, such as the USA, Britain and Australia, so the only evidence that they could find is that you visited an anonymous proxy server, but would have no way of discovering what you did via that facility. A partial list of anonymous proxy servers can be found on the Anonymous Proxy Servers page on this website.
Even better, if you can access an offshore anonymous proxy server from an anonymous computer to send that confidential data, the more secure you will be. There are a number of measures that you can take to cover your tracks completely.
Websites such as Wikileaks have shown the value of such whistleblowing websites and the conniving and illegal activities of governments, major corporations and individuals. They are doing us all a favour by exposing such travesties, but of course whistleblowers always face the real risk of persecution and even attempts to concoct false charges against them.
Of course if all tracks between whistleblowers and recipients such as Wikileaks are completely eradicated by sending encrypted data through anonymous proxy servers accessed from anonymous computers, then the risks of exposure to legal action by way of warrants and court orders are minimised or completely negated. Everybody has the right to privacy and protecting oneself from prosecution is paramount.
The easiest data for others to seize is printed material or CDs and DVDs containing correspondence, documents and bank statements, especially those from accounts that you wish to keep from prying eyes, or diaries and records of your activities. Obviously the best place for such items is nowhere near your premises, so if you need to retain original documents, CDs and DVDs, hide them well away from where you live and do not tell anybody else where they are. Do not put such material in bank safety deposit boxes or any other place linked to your name.
For documents that do not need to be retained as originals, store them as encrypted computer files. Scan and save those documents using at least 256 bit encryption and there is very little chance that anybody can crack them within the foreseeable future. As long as you remember the passwords, you can always view or print those items, but others cannot gain access to them. Ensure that you shred the originals completely and burn the shredded paper. CDs and DVDs can be destroyed by cutting them up and burning them. There is no way anybody can recover sensitive data after it is destroyed in such a comprehensive manner.
These days, the most obvious and vulnerable item that can be seized is your computer, complete with the hard disk drive that contains your data. Logically then, if you have sensitive data, do not ever keep it on your computer's hard disk drive - it's that simple. There are many ways of accessing data without it actually being on your computer, such as removable media, storing it on remote webservers and many other methods.
If you use removable media such as an external hard disk drive for storing sensitive data, it is obvious that others should not be able to gain access to it. The problem with physically large external hard disk drives is that they are easily found and they are not able to be quickly destroyed if necessary. The trick is to always keep physically large data storage devices right off your premises and only use them for periodic backup, not for day-to-day access to sensitive data.
Many computer users seem to completely disregard the threat of intrusions when connected to the Internet. For instance, very few people outside the IT business realise that on a single Internet connection, there are over 65,000 ports, most of which can be entered by hackers if they are not protected. So it is vital that any connections to a computer are made so they cannot be penetrated. The method to secure Internet connections from hacking is called a firewall. These can be hardware of software based.
Surveys have found that very few computers in Australia used a firewall of any description. Of course not having a firewall on a computer connected to the Internet is just begging for it to be compromised by malware, viruses or Trojan Horse software that turns the computer into a zombie machine controlled by criminals, who will use it as part of a bot-net to attack websites or to launch millions of spam emails or to steal passwords and bank details.
Most versions of Windows operating system comes with a free software firewall and there are many free or very cheap commercial firewalls available, so there is absolutely no excuse for anybody not to have a firewall installed on every computer they own. If people are so stupid or ignorant as to not secure their computers from very well-publicised risks, then they really deserve to suffer the consequences. The following steps will generally offer protection against being hacked.
One of the most effective ways to keep your Internet connection secure is to use either a hardware firewall or a router. If you connect to the Internet using just a modem, the only protection your computer has against hackers is a software firewall and some of those are not very secure. Not only that, software firewalls can be disabled or erased by malware that is inadvertently loaded by the user. It is always important to have a software firewall operating, however the cheapest and most effective hardware-based hacker prevention these days is a router, because most good routers have features that make them act as hardware firewalls. Routers cannot easily be compromised by software on the computers that they service.
Ensure that you only use a router with built-in Dynamic Host Configuration Protocol (DHCP) servers, Network Address (NAT) and Stateful Packet Inspection (SPI) if possible. All these functions act as a hardware firewall and most good modern routers have these features. However, this is just the beginning of the measures to be taken to secure your system. Configuring the router settings away from their defaults is critically vital. Also it is most advisable to use a software firewall, such as ZoneAlarm or Windows Firewall - it adds yet another layer of security.
It is vital to change the default settings of your router, because criminals who manage to hack into it by using the well-known default usernames and passwords can change settings that can cause disasters. This can happen simply because routers are programmed via a browser, using an Internet Protocol (IP) address that is allocated from a block reserved for this purpose. In most cases, both the default username and password are "admin" and most domestic users never bother to change them. This leaves their routers wide open for criminals to exploit. For instance, a hacker who gets into your router settings menu can change the Domain Name Services (DNS) table and seamlessly redirect you from a legitimate banking website to a bogus phishing site that will steal your banking username and password, even when you enter the legitimate banking website's URL into your browser address line manually.
Securing a router is quite simple. Follow these steps:
Once the new router is secure, then you can enter your ISP's connection settings, plug in the phone line or cable from a modem and connect to the Internet. Always be very careful of which programs you allow to operate through the firewall and check that they are legitimate and not malware. Never be complacent about security, because every day, hackers find new tricks that can compromise your computer and data.
On average, a whopping 25% of computers in the USA are infected by malware. It is estimated that 59 million users in the USA have spyware or other types of malware on their computers, Cyber criminals can control those computers and use them to send out millions of spam emails and also to blackmail companies into paying ransoms so that the criminals do not launch Distributed Denial Of Service (DDOS) attacks to bombard their websites and make them crash, thus affecting their trading.
Even worse, criminals who control those computers can install keylogging software that secretly harvests usernames and passwords of people who make bank and business transactions on the Internet and clean out their accounts. Once a computer is compromised by malware, anything could happen.
Always ensure that no spyware is loaded onto your computer. Install a good antivirus program and make sure it is always active whenever you are connected to the Internet. Install a spyware checker and scan your hard disk for malware at least every few days. But the best precaution against malware is to not install any software that is suspicious or that is obtained via links in emails. In fact, clicking on email links is a nice piece of social engineering used to full advantage by cyber criminals, who know that most people are tempted to click on interesting sounding links.
One of the best ways to prevent sensitive computer data from being hacked or read by others is to encrypt it. There are many encryption programs available and some of the better ones cannot be broken even by the world's most powerful supercomputers. Use encryption software that has a 256 bit algorithm and if it does not have a backdoor built in, it will be next to impossible to break, even by the most sophisticated and powerful computers.
It is vitally important to use passwords that are very unusual and that would be hard to crack. Even though heavily encrypted files are virtually impossible to crack, password-cracking software that uses brute force methods of running through every possible letter and number combination in the alphabet can eventually guess a password only used by these characters.
To make it nearly impossible for anybody to succeed in cracking your password, use characters that are not available by normal keystrokes. Most people do not realise that a vast range of computer characters, such as foreign language letters and strange graphic and mathematical symbols can be typed using American Standard Code for Information Interchange (ASCII) codes. These can be generated on any keyboard by holding down the "Alt" key and typing in the particular ASCII number for the characters you wish to use. You can download an ASCII table with the characters and keystrokes from many websites on the Internet. Here are just a few extended ASCII characters:
If you invent passwords using such unusual characters and symbols, it will make it immeasurably harder for even sophisticated software to guess your passwords, even by brute force. The odds of software-cracking passwords having to try such a massive number of character combinations is monumental, compared with the comparatively easy task of trying to crack passwords composed of standard alphanumeric characters.
The stuff of science fiction, quantum encryption, has now arrived. Quantum cryptography, or quantum key distribution (QKD), uses quantum mechanics to guarantee secure communication. It enables two parties to produce a shared random bit string known only to them, which can be used as a key to encrypt and decrypt messages.
An important and unique property of quantum cryptography is the ability of the two communicating users to detect the presence of any third party trying to gain knowledge of the key. This results from a fundamental part of quantum mechanics - the process of measuring a quantum system in general disturbs the system. A third party trying to eavesdrop on the key must in some way measure it, thus introducing detectable anomalies. By using quantum superpositions or quantum entanglement and transmitting information in quantum states, a communication system can be implemented that detects eavesdropping. If the level of eavesdropping is below a certain threshold a key can be produced which is guaranteed as secure, otherwise no secure key is possible and communication is aborted.
The security of quantum cryptography relies on the foundations of quantum mechanics, in contrast to traditional public key cryptography, which relies on the computational difficulty of certain mathematical functions and cannot provide any indication of eavesdropping or guarantee of key security. Quantum cryptography is only used to produce and distribute a key, not to transmit any message data. This key can then be used with any chosen encryption algorithm to encrypt and decrypt a message, which can then be transmitted over a standard communication channel. The algorithm most commonly associated with QKD is the one-time pad, as it is provably secure when used with a secret random key.
Funded by the European Union to counter espionage by the American Echelon espionage system, the first network protected by quantum encryption went live on 10 October 2008. When commercial or public domain versions of such unbreakable quantum encryption technology become available, every person or organisation that has sensitive data or communications should immediately employ it.
If you decide to use an external hard disk drive for data backup, hide it away from your premises if it contains data that you want to keep secret. One quick way to erase data is to install a batch file that will irreparably trash your hard disk with a quick click or keystroke if you get the dreaded knock on the door. Also defragment the hard disk regularly and make sure that it also permanently erases all unused disk space and any unused clusters containing data. These steps are simple and virtually do not cost anything, but will prevent most entities wishing to intrude upon your privacy getting their hands on your secret data. However, this is the least secure way to delete files and will not stop determined people with computer knowledge from recovering erased data.
Do not ever labour under the delusion that if you erase data from a hard disk drive, that it cannot be recovered. Always be aware that there are very sophisticated devices that can recover data from hard disks that have been overwritten and reformatted many times. Deleting files normally does not remove them from your hard disk - you have to use special software to completely remove them. But even when special security software is used to delete files to make them unrecoverable, some parts of them can be reconstituted by using a device called a Spinstand Tester that can read magnetic data that has leaked onto media between the hard disk tracks that have been completely erased. If you have very sensitive data and you really want to make sure that it has been completely destroyed, remove the hard disk drive from your PC, open up its case, pass a powerful magnet over the disk platters and then physically hack the platters beyond recognition.
Most webmail services such as Hotmail or Google Gmail allow you to store files. Therefore if there are files that you don't want others to see, you should not keep them on your personal computer, but upload them to an offshore webmail account. But always remember that others can often gain access to offshore accounts, so this is not entirely secure unless you store your files on a webserver in a nation that has no treaties with Australia and that will rebuff any attempts by Australian entities to access your data on their servers. However, you must ensure that you thoroughly delete the original files from your computer, or better still, keep them on removable media while you are editing and uploading them. It is important to encrypt those sensitive files using encryption software that is known to be unbreakable and that has no backdoor built in so that somebody else can decrypt your data.
The police and other organisations such as ASIO have very sophisticated means of surveillance and amazing equipment that can clandestinely listen and record conversations and of course use the recordings in evidence against people. Obviously honest folk who have not committed crimes have nothing to fear from the authorities, but there are many instances where conversations need to be kept absolutely private. Taking measures to stop anybody eavesdropping on conversations is quite legal. The best way of ensuring secrecy is to not say anything sensitive, but write it on paper, show it to the recipient and immediately burn the paper and grind the ashes to dust.
Never assume that your house and car are safe from surveillance, as they can be easily bugged and many people have been shocked to hear their very private conversations played in court by police. Sometimes the old countermeasures are the best way. For instance just as seen in spy movies, playing loud music and softly whispering into somebody's ear will generally stymie the best audio bugging. Even conversations taking place in crowded public places can be recorded with the use of long range parabolic or shotgun type microphones, so always be aware of this and take appropriate steps to negate this.
Telephones are not secure and they can be tapped by a number of authorities. However, there are good ways where people can communicate with each other and be reasonably assured of not being overheard. One of the better methods is using a Voice over Internet Protocol (VoIP) service if it is highly encrypted. Most domestic VoIP services such as Engin and GoTalk will allow Australian police or taxation officers to tap communications. International VoIP company Skype used to be a very secure encrypted method of communications, but since US-based Microsoft purchased it, there is no guarantee that Microsoft has not provided backdoors for the US government and anybody else to tap into.
However, the WhatsApp application now has point-to-point encryption on the fly, just as Skype used to have and the WhatsApp developers have assured users that they have not allowed any backdoors into it. So it is probably safe to use this application for confidential untappable communications, provided that your computer or mobile phone does not have any spying malware on them that will allow authorities to intercept your messages or calls. Like Skype, WhatsApp is completely free.
If you wish to keep authorities from knowing what you say and where you are at any given time, avoid using a mobile phone. Although revolutionising personal and business communications, these devices are literally two-way radios that continuously communicate with base station cells within their proximity, pinpointing their location to that area. Many people who did not realise this have been convicted of crimes, because the signals sent by their mobile phones were logged by their telecommunications providers and used as evidence to show where they were.
In a very prominent case, Fairfield City councillor Phuong Ngo was convicted for the murder of rival politician John Newman in this way. Ngo claimed that he was many kilometres away at the time of the murder, but his mobile phone records showed that he was in very close proximity to the murder scene at the time and that he had gone to the Georges River to the spot where police eventually found the gun used to kill Newman, Obviously Ngo did not realise that the mobile phone in his pocket was transmitting his location to local cells every few seconds.
Of course the best way to prevent anybody tracking you is to not carry your mobile phone to any sensitive places. Leaving your switched-on mobile phone at one location while you go about your sensitive business elsewhere may be vital in convincing people who gain access to your mobile phone logs that you were actually where your mobile phone was for the whole time that you were somewhere else. There is nothing wrong with doing this, as nobody has the right to track you in such an intrusive manner. If you need to have your mobile phone with you for subsequent use, ensure that it is completely switched off for the entire time that you wish to keep private. Always remember that authorities have the power to tap mobile phone conversations, so never discuss anything sensitive or damaging on a mobile phone unless you are using a voice scrambler.
One of the best ways to keep phone conversations secure is to use a voice encryption device known as a scrambler. These can be legally purchased and the best ones have encryption algorithms that are literally impossible to break. Each person in the conversation needs to be equipped with such a scrambler. The one thing to be aware of is that while the phone conversation may be undecipherable to the people tapping it, the area where the conversation is taking place may be bugged by other means, such as hidden microphones, so people need to ensure that their environment is totally clean of all surveillance bugs.
There are many articles in the news regarding the interception of emails that have led to severe embarrassment and even criminal prosecution of the senders. Emails are easily intercepted by authorities, who can use the contents against the senders in many ways. The usual security rules should apply to emails as they do to other records - if you don't want anybody to read what you have written, don't write it down where it can be found.
All sides during the Cold War in the 1950s to the 1990s used various methods of communications with their spies. One of the most prevalent was called the Dead Drop. A spy would hide a message at a particular site, then inform his handler by way of a signal, such as a mark on a lamp post or an open window shade, that there was a message to be picked up. The handler would go to that spot and pick up the message. Unless the spy and the handler were under surveillance, nobody would be the wiser.
A similar method can be used with emails. If you transmit an email, it can be intercepted by others. But if you don't transmit something, there is nothing to intercept. So a person who needs to communicate securely with somebody else can use the electronic version of the old Dead Drop.
This is the way to communicate securely with another person using email facilities, which does not involve actually transmitting emails. This is what to do:
The beauty of this method is that nothing is sent, therefore there is nothing for anybody to intercept. Neither you nor your contact are saving any data on your personal computers, so if they are seized, nothing will be found. If you use this method, ensure that your browsing history is always deleted by setting the history cache to zero as the default and manually erasing any temporary Internet files.
Of course this method relies on both you and your contact maintaining complete secrecy and never divulging the URL, log-in details or encryption passwords to anybody. Hopefully both you and your contact will delete all messages immediately after reading them, so that even if authorities somehow manage to get into that dead drop email account, they will find nothing.
Possibly even better than the email dead drop account is the video call message technique. This is so simple that it is ludicrous, yet if you and your contact maintain security, you will never be caught or compromised. Here is the way to do it.
How simple is that? Unless the authorities actually intercept the actual video feed, nothing is sent or received and the paper that the messages are written on can be destroyed on the spot. Even if authorities install surveillance malware such as a keylogger, this method beats it completely, as the keyboard is not used to send any part of the messages.
All of these anti-interception methods are completely useless if you are under surveillance and somebody has planted something on your computer, such as a keylogger that will transmit your keystrokes back to the surveiller, thus exposing every single thing you enter on your keyboard. The most important thing is to ensure that your computer is completely free of any spyware that can compromise what you are doing.
So before you embark on any countermeasures such as Dead Drop emails, constantly check your computer for keyloggers and especially a nasty way that computers can be compromised, which is called a rootkit. This is software that hides itself in places where most virus checkers do not scan, such as the Master Boot Record. it is critical that computers that are used for surreptitious communications have to be completely bug-free, especially from keyloggers and rootkits. There are excellent free rootkit detectors that will quickly find such hidden spyware.
Computers are routinely seized by authorities, who examine the files on their hard disk drives and use anything compromising as hard evidence to convict their owners. The obvious answer is to not put any sensitive material onto computers, but these days, computers are vital in almost every aspect of life. So precautions have to be taken and certain techniques used to avoid sensitive material falling into the wrong hands.
There are methods of securing sensitive computer data on hard disk drives using powerful encryption, however it is hard to know which encryption programs are completely secure. Some can be cracked by authorities who have been given backdoor keys or even by brute force methods using password cracking software. But authorities who seize a computer will obviously not find anything compromising if it is not stored on the computer's hard disk drive in the first place, encrypted or not.
Sensitive files should never be written to the computer's hard disk drive, but stored on removable media. There are many choices for this, ranging from external hard disk drives and flash memory sticks to storing files in the "cloud" - on remote servers connected to the Internet. However, storing files in the cloud means that somebody else could get access to them, so this is not a good security solution. External hard disk drives are a fairly good method of sensitive file storage, but even the smallest external hard disk drives can be found quite easily by searchers.
However, there is one excellent data storage medium that is ideal, simply because it is so tiny and easily concealable. This is the microSD flash RAM card.
A microSD card is only 15mm x 11mm and fractionally under 1mm thick. Just to give you a size comparison, a microSD card is less than a quarter of the area of an average 35mm x 20mm Australian postage stamp. In fact a microSD card is smaller than the average man's thumbnail. With capacities up to a whopping 512GB at the moment, plenty of sensitive data can be stored and accessed on microSD cards and hidden so that nobody will ever find them.
For instance, on just one 512GB microSD card that is smaller than a man's thumbnail, around 250,000 2 MB video clips, or 1 million images of 500kb size can be stored. The amazing thing is that in 2018, the average solid state drive (SSD) in a notebook computer is 256GB and more upmarket machines have 512GB SSD. But here is a microSD card with the same storage capacity as some of the best notebook computers.
In case of an unexpected raid, a microSD card with sensitive information can be immediately crushed completely, thus destroying any hope of recovering data from it, In fact, a microSD card can be chewed and swallowed instantly. An encrypted backup of the data on the microSD card should also be kept on another microSD card concealed in a remote location.
A microSD card is used like an external hard disk drive. Plug it into a card reader or a USB adaptor and store all sensitive files on it and view them, edit them, do whatever is required with them, then remove the microSD card from the computer and there's nothing left there for anybody to see. Ensure that file caching is switched off for all external disks and media and thus no temporary files from the microSD card will be stored on the computer. As soon as power is removed from the computer, all sensitive data in its Random Access Memory (RAM) vanishes.
A microSD card is so small that it can be hidden anywhere and would be almost impossible to find if placed in unusual locations.There are already gadgets available to conceal microSD cards in the most unlikely places. For instance, a hollowed-out coin containing a microSD card can be thrown into a jar of foreign coins and even if a searcher examined the jar, he would not try and test every coin to see if it was indeed a fake coin containing the sensitive material.
Another terrific place to hide a microSD card is inside the barrel of a pen that is wide enough to accept it. Most fountain pens or marker pens have barrels wide enough for this. Who would think of searching for a data storage chip inside a pen that was lying in a drawer amongst a pile of other pens and pencils? Many modern car remote control fobs have enough space in them to stash a microSD card and like the pen, nobody would dream of cracking open a remote control fob in search of a data storage chip?
Another good way for travellers to conceal a microSD card is to literally stick it to the body under a Band-Aid plaster, put it inside the back of a watch, in the lining of a suit or even in the centre of a sandwich or cream biscuit in a lunchbox. The possibilities for secure concealment are endless because of the microSD card's tiny size.
But the idea is to not be caught at all with anything that is compromising. Sensitive files can be stored on secure offshore websites and accessed via the Internet, but people can be some place where they need to use those files but don't have Internet access, such as when travelling in remote areas. However, a microSD card can always be carried and used whenever required, but in a situation where there is no choice but to not be caught with sensitive data on a microSD card, it can be instantly destroyed, literally by chewing it up and there's nothing anybody can do to recover it or the data on it.
So let's say you are sitting at your PC looking at some sensitive files that are on the microSD card and you get the dreaded knock on the door. If somebody bursts in to search your premises, seize your computer and look for anything incriminating, you can just chew the microSD card up on the spot like a small wafer and swallow it. If you chew the tiny card up, nobody will ever recover anything from it. But you need to have a backup of your files, or you will lose them totally in such a scenario. This is what to do.
Using microSD cards is a great way to have easily accessible data files and other sensitive material that can be kept out of the hands of others or used against you. They are relatively inexpensive, but whatever it costs you is far cheaper than the consequences of being embarrassed or prosecuted for having material that you don't want to be caught with, or for anybody else to see. I am a firm believer that a person's privacy is sacrosanct and I protect my own privacy with a vengeance, even though I have nothing whatsoever to hide. It's a point of principle with me and I consider that everybody should learn how to protect themselves against invasions of privacy.
Australians need to fight back and not accept unwarranted intrusions into their privacy. George Orwell was quite right when he predicted Big Brother, however he was only out by a few years. Take the right steps and you can totally frustrate Big Brother's ever-increasing appetite for your most valuable secrets.