How to Protect Your Online Privacy Post CISA - Cybersecurity Information Sharing Act of 2015

02/05/2016 - 20:52

Kayla Matthews | @KaylaEMatthews


CISA — or the Cybersecurity Information Sharing Act of 2015 (PDF) — was originally introduced to the senate in July 2014, but it did not pass. The goal of the bill was to allow companies to share information with the government and related agencies that would otherwise remain protected and private.

Many advocates of the bill touted its importance for the future of cyber security. Those who oppose it believe it’s too vague and will allow the government to legally acquire personal information from those with no terrorist or unscrupulous ties. More specifically, the bill would allow select parties to gather personal and private data including internet browsing habits, web search history, regular activity and much more without a warrant.

Without delving too far into the particulars, everyone should know that CISA was — and still is — extremely concerning as it relates to personal privacy, anonymity and security on the internet. After failing to pass more than once, CISA was reintroduced as a rider to an existing bill, one that was more likely to pass. In other words, through political finagling, the senate passed the bill despite naysayers and opposition.

Now that it is active, your internet service provider (ISP) may share personal information and data with any government, intelligence or law enforcement agencies that request it. Worse yet, they do not need a warrant to gain access. This is the equivalent of them entering your home to search your personal belongings without acquiring a warrant.

What Information May Be at Risk?

Anything such as your name, address, online contacts, chats and emails, browsing history, download history and much more is at risk. Anything you do, type or discuss on the internet may now be legally tracked and reported to the authorized parties that request it without your knowledge or consent. The good news is that there are some steps you can take to protect yourself and your data.

How to Protect Your Personal Security and Privacy

As you may know, any time you connect to the internet you are accessing the web via a unique IP address, such as 156.33.241.5. An IP address is a unique identifier that can be used to find your current location (region, city and town) and in some instances, your identity.

Everyone on a network — meaning you, your spouse, your kids or your roommates — browse from behind one external IP address, while internally you each have a unique IP address for your network. Anything done on your network is linked to your single IP. If your kids or roommates engage in illegal activity online (e.g., downloading movies), you could be held responsible as the service subscriber. Nonetheless, a federal judge last year ruled that an IP address is not enough proof for conviction.

Below you'll find some easy to implement examples to further ensure your online privacy.

Create a VPN or Virtual Private Network

A VPN assigns you a remote IP address that is generally located far away from your actual location. Many times you’ll find that the assigned IP is registered to a different state or even country. Should someone resourceful look up your IP, they will see the remote VPN address and not your actual IP. Doing a bit of research about the best VPN services, including paid and free, will help you obtain the privacy level you need. Pay close attention to which VPN providers take anonymity and privacy seriously. CyberGhost is an excellent free provider, but there are plenty of others like:

Buffered
Private Internet Access
TorGuard VPN
NordVPN
HotSpot Shield Elite

If you want to utilize a VPN service correctly, you must setup the appropriate applications on all of your devices that you’ll use to browse the internet, such as tablets, laptops, desktops and smartphones.

Secure Email Clients

To protect your emails, switch to a more secure email client. HushMail or Mailvelope is great if you like using a service like Gmail in your browser. It can be combined with desktop apps — like Thunderbird — so that you can access your accounts more securely, without a browser. When possible, enable encryption to ensure your emails are protected behind a secure encryption key. One of the elements of CISA allows the government to order select services to decrypt emails and turn over other relevant information, which is exactly why using a secure email client is essential too.

Change Your Search Engine

Bing and Google spend a lot of time tracking browsing history, habits and building a personal profile on their users to better serve them ads. In the wrong hands, this information can certainly be dangerous and harmful. That’s why, sadly, it’s better to use a more secure and private search engine when doing casual browsing. Some great examples include:

StartPage
DuckDuckGo
PrivateSearch.io

None of the above collect data about users, so searches and browsing are private and anonymous.

File Sharing

When legally sharing files that you created or have the right to share, you should compress the content with encryption support, like WinRar. You package a bunch of files neatly into an encrypted RAR, which may only be unpacked using the appropriate program and password. When sharing a file, or transferring it to another device, it’s best to use an application like BitDrop or BitTorrent Sync.

Read Up on Security and Privacy

While the tips listed above are some of the more common things you can do to protect your personal security and privacy on the internet, there are a lot of other options available, especially if you’re tech-savvy. Here's a great guide on encryption from Freedom of the Press Foundation.

We recommend taking the time to research CISA further and also learning how to better protect your privacy and anonymity.