April 7, 2015

The convoluted art of making private and anonymous phone calls

Tips

Photographer Curtis Wallen’s latest exhibit, “Proposition For An On Demand Clandestine Communication Network,” opened in a Brooklyn art-house Sunday. The work explored what it would take for a normal person to make a completely private and anonymous phone call in the age of ubiquitous Internet surveillance.

How To Make Private and Anonymous Phone Calls

Ultimately, Wallen’s exhibit is an incredibly convoluted set of instructions that, theoretically speaking, can be followed in order to make a single phone call outside the scope of government surveillance. While Wallen is not a security expert by trade, he did buy a fake driver’s license, Social Security number, insurance card, and cable bill on Tor with Bitcoin in order to create a working fake identity, Aaron Brown, back in 2013.

In other words, he has relevant experience in the world of privacy and anonymity. Of course, his techniques are subject to technical analysis and their efficacy is debatable, but, in this case, art is about the journey and this journey is an absurd one. Fast Company first reported on Wallen’s project late last month.

So, how did Wallen go about making a clandestine phone call?

First, he purchased a Faraday Cage-style evidence bag. These bags protect their contents against electronic manipulation with a mesh-work of conductive metals. In theory, outside signals cannot penetrate a Faraday Cage and, therefore, cannot communicate with a mobile phone placed inside of a Faraday Cage.

Once he had his bag, Wallen went to a Rite Aid and purchased a pre-paid, contract-less cell phone, perhaps better known as a “burner” phone. Presumably he purchased the burner with cash rather than a traceable credit or debit card. He then placed the burner phone inside the evidence bag.

Behaviorally speaking, Wallen told Fast Company that he analyzed his daily movements before the experiment looking for anchor points and other times when his phone would not change locations, which he calls dormant periods. It’s well established that accurately identifying a subject is trivial when you have access to that person’s daily location information.

Anecdotally speaking, nearly all of us have a fairly standard procedure of daily movements. We wake up, we go to work, we sit at work all day and we go home. Generally speaking, no other person travels from our exact home to our exact place of work. These are our anchor points.

When it was time to activate his burner, Wallen left his actual, daily-use phone at an anchor point during a dormant period. He himself then departed from his anchor point with his burner phone in his Faraday bag. While it’s not totally clear, he could have increased his chances of remaining anonymous by travelling by foot or by public transport out of sight of surveillance cameras to avoid systems that track license plates.

He then connected to the Internet on a public Wi-Fi access point and used a computer with a clean operating system (think Tails operating system or maybe a properly configured Chromebook in ephemeral mode) to go through the actual activation procedure.

In this way, the phone is not attached to anyone’s name or billing information and there is, in theory, no way of connecting its registration to someone’s personal computer. In addition, the service provider for his real cell phone has no record of his traveling to the place where the phone was activated. Once it was set up, Wallen left the phone in a non-anchor point inside the Faraday Bag.

Central to good privacy, is eliminating or reducing anomalies that would pop up on surveillance radars, like robust encryption

Once the phone is activated, there is the problem of coordinating the actual phone call. Wallen used a cryptological system called One-Time Pad to encrypt a message containing the burner phone’s number and a time for the caller to call the burner phone.

It’s important that the call be made during a dormant time so it appears that Wallen is at home or work with his actual, daily use cell phone. It seems that he leaves his real phone behind to throw off his location.

Only the message’s intended recipient would have the key to decrypt the One-Time Pad encrypted message. Wallen then signed into the Tor anonymity network, signed into an anonymous Twitter account and posted the encrypted message. The person who would call the burner then decrypted the message and called the number posted at the given time.

“Central to good privacy, is eliminating or reducing anomalies that would pop up on surveillance radars, like robust encryption,” Wallen told Fast Company. “So, I’ve prearranged an account where I’m going to post an encrypted message, and that message comes in the form of a ‘random’ filename, someone can see that image posted to a public Twitter account, and write down the filename — to decrypt by hand — without ever actually loading the image.”

Wallen would travel back to where he left the burner phone at the appointed time and answer the incoming call. Once that call ended, Wallen wiped (presumably for fingerprints and data) and destroyed the burner phone.

That, apparently, is how you make a clandestine phone call.

Wallen consulted a famous security researcher, best known by his handle “The grugq,” who described the process as technically “secure, but probably fragile in practice” and “possibly too complex and too fragile for real world use.” In other words, Wallen’s system could work, technically speaking, but it’s a ridiculous work-around.

In case you’re wondering the kinds of surveillance we are talking about avoiding, John Oliver dropped an excellent explanation of how NSA surveillance works on this week’s episode of Last Week Tonight. Enjoy.