FBI Director James Comey gave a speech at Kenyon College in Ohio last week, making his case that “absolute privacy” has never existed in America – until now, when encryption by default creates spaces where law enforcement can not go, even with a court order.
Comey has made this kind of speech many times before, saying encryption in everyday products has tilted the balance between privacy and security too far in favor of privacy.
But during a question and answer session with students after his speech, Comey said something unexpected that caught the attention of privacy activists.
Comey commented that he puts a “piece of tape” over the webcam on his personal laptop.
That’s probably a good idea for someone as high-profile as Comey, as spies and hackers have made a habit of going after government officials and hacking their personal accounts.
Hackers can use malicious software called a remote access trojan (RAT) to take over your computer, record your conversations, or even turn on your webcam to spy on you.
RATs are perfect for surveillance, which is probably why the FBI has used similar malware to infect the computers of suspects in criminal investigations, court records have shown.
Comey’s admission about putting tape over his webcam got the immediate attention of a privacy activist who pointed out the irony of his statement.
Christopher Soghoian, a senior technologist and policy analyst with the ACLU, tweeted that Comey had created a “warrant-proof webcam,” and jabbed Comey with tweets saying “patriots don’t cover their webcams” and “anti lawful surveillance of webcam tech” (tape) is widely available.
Comey made his comment about taping over his webcam in response to a student’s question about panopticism – pervasive surveillance – and what effect it has when people become aware that “other people are listening.”
On balance, Comey said, public awareness of surveillance since the Snowden revelations is “a good thing,” because it should make people realize they have “a decision to make” about how the government balances security and privacy:
I don’t think it should freak you out. I think you should demand the details, demand to know how the government conducts surveillance, how they’re overseen, how they’re constrained, demand to know how these devices work, demand to know whether it is true.
I saw someone do this so I copied it … I put a piece of tape – I have a laptop, a personal laptop – I put a piece of tape over the camera because I saw somebody smarter than I am had a piece of tape over their camera.
And so I think you should channel it into a healthy awareness, a demand for information, and engagement – especially young people.
You can hear the question and answer in a Livestream video at around the 1:24 mark.
Comey’s comments on surveillance and privacy come just a few weeks after a stand-off between Apple and the FBI over a dead terrorist’s locked iPhone, when a court ordered Apple to create a backdoor to help the FBI get around the iPhone’s passcode and encryption.
These legal issues should be addressed by Congress and the courts, Comey says – although as technology changes, the laws will need to change to keep up.
The conversation about privacy, security and surveillance in our society needs to keep going, too.
What you can do to stop RATs
One high profile case that put the spotlight on RATs was that of Miss Teen USA Cassidy Wolf, who was blackmailed by a criminal who used the RAT known as “Blackshades” to take nude pictures of her through her webcam.
The FBI has a good description of what Blackshades in particular can do, which is a lot more than just taking control of your webcam:
[Blackshades RAT] allows criminals to steal passwords and banking credentials; hack into social media accounts; access documents, photos, and other computer files; record all keystrokes; activate webcams; hold a computer for ransom; and use the computer in distributed denial of service (DDoS) attacks.
Here are some simple tips you can use to defend against RATs and other malware that someone could use to spy on you:
- Cover your webcam when you’re not using it with something non-transparent like tape, or point it towards the wall. If your webcam is embedded in your laptop, close the lid when not using your laptop or cover the camera with a webcam cover (like these cool ones available in The Sophos Store!).
- Patch your OS (Windows, OS X) and applications (web browser, email and messaging client, etc.) as soon as security updates are available.
- Malware often arrives in emails, so be wary of links and attachments in emails or social media messages from strangers. Even messages that appear to come from people you know could be faked by crooked hackers.
- Keep your computer safe from RATs and other types of malware by installing security software and keeping it up to date.