John McAfee Claims He Can Protect You From the NSA for $100
"It looks like this is definitely something that could be physically built, but whether anyone would want it is another question."
At a tech and music conference last weekend, John McAfee, controversial founder of the eponymous anti-virus software company, announced that he is inventing a device that will stop the NSA from spying on Americans. It's called D-Central, it will be out within the next six months, and it will only set you back around $100. But does it work?
McAfee—better known as a bath salts enthusiast (he says he was joking) who once dodged the police in Belize after his neighbor there was murdered (he maintains he didn't do it)—has been dropping hints about the device, but there are still big questions as to how it works and whether it will deter government snooping. Encryption experts say that the device McAfee describes is certainly possible—but if Americans want to be truly NSA-free, they'll have to say goodbye to everything that makes the internet fun, or better yet, get off the internet.
Here's what we know from McAfee's cagey description at the C2SV Technology Conference + Music Festival on Saturday (as reported by the San Jose Mercury News): The NSA-proof device acts like a wireless internet router that broadcasts small, private networks across a radius of about three blocks in the city and a little over a quarter mile in the country. By accessing these networks, users within range of the device can secretly swap files with each other or access a "public mode"— without jumping on the main internet backbone. "It will of course be used for nefarious purposes, just like the telephone is," McAfee said at the conference, agreeing that it could be described as a "dark web."
"It looks like this is definitely something that could be physically built, but whether anyone would want it is another question," says Matthew Green, an encryption expert at Johns Hopkins University. "You would still have to avoid Facebook, Google, Twitter—because these are centralized providers that have a relationship with the NSA."
So is McAfee the harbinger of a new wave of internet freedom? If so, he would be a surprising choice. He claims to have faked heart attacks while detained in Guatemala to avoid deportation to Belize. And last year, the New York Times reported that he "kept a pack of untethered dogs on his property who barked at and sometimes bit passers-by."
Eccentricities aside, there are several ways the device McAfee describes could work, based on current technology. The first, most likely, way is a mesh network in a box, which would carve out NSA-free space on the Web by creating little wifi villages. Instead of having big providers, such as Verizon, run a network, a single person controls his or her own little network, potentially renting out usage. Mesh networks are cheap and accessible and have traditionally been popular among Cape Town grandmothers. But they have a major downside: You can only communicate locally, and you don't get to participate on the regular internet. "You can do things like trade files, and chat and do voice and video calls, all locally," says Micah Lee, a staff technologist for the Electronic Frontier Foundation (EFF). But even if you have a secure chatroom with your college dorm, you can't use Facebook. And as soon as you leave campus, you can't use your private network anymore.
Expanding mesh networks globally is "super hard, but not impossible," as Mother Jones contributor Clive Thompson reported. But they still won't necessarily be NSA-proof. Lee says, "We've learned that NSA has put backdoors in commercial crypto products [so] if a user of McAfee's system is being targeted by NSA, and NSA has hacked their computer and planted a keylogger, their communications will be compromised even if they are avoiding the internet."
A second way that D-Central could work is by creating a peer-to-peer network wherein one computer is hooked up to the web and the rest of the computers then piggyback onto that computer, accessing web services without actually having to be on the web. "I don't think anyone has really tried that before," says Richard Bejtlich, the chief security officer at Mandiant, a company that offers cybersecurity services for Fortune 100 companies. "That would be a much tougher situation for the NSA to break into, but, if they wanted to, it would be a little bit like the hunt for Osama bin Laden. There's only one of his courier's interacting with the outside world, and you've got to find him, and then the next courier, and so on."
The third way is simply getting more Americans to use cryptography and encrypt their communications from end-to-end. This kind of network technically already exists—it's called Tor, and it's popular among hackers and journalists. "If I was going to build some kind of NSA-proof device, I would build everyone a box that just plugs you right into Tor," says Green. (Still, Tor isn't perfect—researchers say that its encryption could potentially be broken by the NSA.)
McAfee didn't comment for this piece, so for now, we'll have to wait the 173 days or so until the product launches to find out more. McAfee said at the conference that he'd been tossing around the idea of the device long before the Edward Snowden disclosures—and if the United States bans it, he'll market it to "England, Japan, the Third World," because "this is coming and cannot be stopped."
Lee, from EFF, is more skeptical. "It could possibly end up being a cool product," he says. "[But] if anyone claims that their product is NSA-proof, I would not recommend buying it."