Editors note: This is an excerpt from the book, “COMSEC: Off-the-Grid Communications Strategies for Privacy Enthusiasts, Journalists, Politicians, Crooks, and the Average Joe.”

CHAPTER 1 (CONTINUED): THE INSECURITY OF SMS AND STANDARD VOICE CALLING

Cellular telephone calls and SMS messages are both insecure and non-private. Your calls are accessible to the CSP. The content of all your SMS text messages is fully saved and recorded by your CSP. In addition to the content, all of the metadata about these transactions is recorded and stored, as well. This creates a privacy nightmare that is just waiting to happen.

All it takes to verify this is a quick look at your cellular phone bill. The bill will show a long list of incoming and outgoing calls, incoming or outgoing SMS messages, and in some cases even the city where your phone was located at the time of the event. All of this metadata about your calls and texts, and the content of your texts, is stored for a minimum of five years. This information is consistently abused by CSPs who monetize it.

Verizon: On the counts of collecting and monetizing metadata and failing to provide meaningful protection to calls and messages, Verizon Wireless is perhaps the worst offender of the top-tier CSPs. Verizon sells your location data. While encrypting your calls is standard industry practice, Verizon fails to do so. We don’t mean to imply that any of the major cellular providers are much better; we only mean to point out that Verizon is particularly notorious in this regard.