Achieving comprehensive personal privacy is a complicated goal involving a lot of complex, discrete steps. On this blog I (and on the podcast we) spend a lot of time focusing on the highly specific, individual steps. Often we fail to provide a lot of context for why we’re doing them, or how they fit into the bigger picture. This was called to my attention recently when an old friend contacted me. He has a legitimate safety reason to wish to be more private, and asked me for advice. Unfortunately, I don’t have a single blog post or podcast episode I could offer him that effectively introduces the basic steps of protecting your home address. Continue reading “Five Steps to Protecting Your Home Address”
An intrusion detection system (IDS) system should be an integral part of your home security plan. IDSs are detective security measures that also have a great deal of deterring value. Alarms are far more complicated than most people realize, however. To provide the maximum intended effectiveness, alarms must be carefully installed, tested, and used. These alarm system best practices will help you assess your own system or provide some guidance if having a new one installed.
- Sensors. Sensors are obviously an important part of an alarm system. Sensors detect a change in state (open/closed, motion/no motion, etc.). There are two basic categories of sensors: point and volumetric. Point sensors are those sensors that monitor a specific point like a single door or window. Best practices for point sensors are simple: each door and window should be equipped with a point sensor, even on the second floor. A point sensor on a door should not allow it to open more than its own width without violating the sensor. Windows should not be able to be opened more than four inches without violating their sensors.
Volumetric sensors monitor an area rather than a single point. The passive infrared (PIR) motion sensors used in most residential applications fall into this category. So do sonic glass-break sensors. Best practices for volumetric sensors are: cover all large spaces (including attached garages), areas with multiple entry points, and any access to stairs. Volumetric motion sensors should be equipped with masking detection (the sensor alarms if something is placed in front of it to blocks its field of “view”). Volumetric sensors should also have anti-tamper switches that alarm when the cover of the sensor is removed, or the sensor itself is removed from the wall. Finally, the LEDs on volumetric sensors should be turned OFF. Though these LEDs give you confidence that your system is on and working, they also allow anyone with access to “walk test” your sensors and locate any dead areas in the coverage.
Sensors may be hardwired into your system (actual wires running between the sensor and control unit) or they may be wireless. While I generally prefer hardwired sensors to wireless ones, wireless sensors are much easier and more inexpensive to install post-construction. Wireless sensors have the disadvantage of being battery powered, and their signals may be detected and interered with. If I were building a new home I would hardwire all of my sensors, but practicality usually dictates a few wireless sensors when upgrading an existing system.
- Keypad. Control of the alarm panel keypad is, unsurprisingly, very important. Your alarm panel should be in a location that does not allow visual access from outside the home. This can allow an intruder to tell whether your alarm is armed or not (a bad situation if the alarm is unarmed). It also allows someone to see the make and model of alarm panel you have, potentially allowing them to research vulnerabilities such as default codes for the panel. Finally, though unlikely an intruder could potentially observe you inputting your code. If your alarm panel has a covered keypad, the cover should always remain closed. Otherwise it may be possible to observe wear patterns or dirt on the keys that could indicate which numbers are in the code, significantly narrowing down the possibilities.
- Codes: Your alarm system should allow at least two types of code: a standard use code (the code you use every day to arm and disarm your system) and a duress code. Duress codes are one of the most commonly overlooked alarm system best practices. A duress code is a code that you can use under duress, i.e. if an intruder forces you to disarm your system. The duress code should alert the alarm monitoring station that you are under in an in-extremis situation. The monitoring agency should immediately dispatch law enforcement without even a phone call to you; everything should appear perfectly normal to the intruder.
Monitored alarm systems will also typically have a phone password that the operator will request when calling you after your system goes into alarm. Unlike a password this should be a pronounceable word that you can easily remember but it should not be something that is personally relatable to or easily researchable about you. Both of these codes and the phone password should be well known to all of your family members. They should be treated as secret and protected exactly like other PINs, passwords, and codes. They should also be changed immediately if you experience a change in situation, such as a roommate or romantic partner moving out; otherwise they should be changed every year or so.
- Arming and Disarming. If you have an alarm system you should use it, even when you are home (it is surprising how many people pay for an alarm system and arm it only rarely). There are two basic modes that most alarm systems can be set to: stay and away. When the alarm is in Stay mode all of the point sensors will generally be active but interior motion sensors will be inactive. In this mode the system should be set to go into alarm instantly violation of a sensor; otherwise an attacker has 30-60 seconds to force you to disarm the system before it goes into alarm (in which case you should use your duress code). Away mode activates both the point sensors and all volumetric sensors. The away mode should be armed each time you leave the home. If you have large pets you should test your system to ensure you pets will not violate the volumetric sensors.
- Communication Pathways and Monitoring: Communication pathways are methods used by the panel to communicate with the monitoring station. There are several types of communication pathways including standard and digital telephone lines, cellular, and TCP/IP (Internet). The best practice is to have redundant communication pathways. In most residential applications this would be a physical telephone line and a cellular connection. Each has its advantages, and if you can only have one I recommend a cellular communicator as physical lines are fairly easy to find and cut. To ensure your alarm is working and communicating properly you should test it monthly. Be sure to call the alarm company before initiating a test so they can verify receipt of the alarm signal without dispatching emergency personnel.
- Power. An alarm system requires power to operate and a power interruption not disable your system. A good alarm will be equipped a backup battery; the best practice for the battery is to ensure that it will power your alarm for a minimum of 24 hours. Seventy-two would be even better, ensuring you would be covered in the event of all but the longest outages.
- Account Management. You must manage your alarm’s account (pay your bill) and most companies offer the standard options, mail and/or an online account. Management of you alarm’s account is very important. An attacker with access to your bill can learn important information about your system or potentially even cancel your monitoring service. If you receive your statements by mail I highly recommend sending them to your P.O. Box. I have written before about the privacy and security benefits of a P.O. Box; in this instance it makes it much more difficult for the attacker to access your statement. If you choose to set up online account management you can opt out of paper statements (totally eliminating that vulnerability). However, you must ensure that you protect the account with a good, strong password and any other steps you can take to harden the account.
It is important to understand what an alarm can and cannot do for your security, even when you employ alarm system best practices. An alarm can be a deterrent to attackers in Level I and give pause to attackers in Levels II and II (assuming they don’t know the arm/disarm code). Just as importantly, and alarm is a detective control that will let you (and others) know if an entry is attempted against your home. It will also alert responders, limiting the time the attacker may spend there. It is important to understand, however, that an alarm is a reactive control and does not make your home any more difficult to enter if the attacker isn’t concerned about alerting others. Even so an alarm is one more very solid layer in a layered defense, provided you use these alarm system best practices.
The adage that I’ve used several other times on this blog, my books, and one that is nearly a personal credo: convenience is inversely proportional to security. This seems to apply equally well to personal privacy. Said another way, the more convenient something is, the more personal privacy and control of your identity you are probably sacrificing. Credit and debit cards are one such convenience. Though it is certainly more convenient to swipe a credit card for purchases that in is to use cash it also creates a tangible record of each transaction. With cash you have to make time to visit an ATM, carry bills, manage change, etc. Making matters worse, all of these inconvenience factors are compounded if you make multiple small purchases throughout the day.
Despite its inconveniences, making multiple small purchases throughout the day is precisely the reason you should use cash. Your purchases record a wealth of data about you, including your location and movement, purchases, interests, hobbies, and a plethora of other information about us. I didn’t fully realize the extent to which my personal pattern of life was spelled out in black in white until I bought my first home. One of the requirements for the loan application was to submit three months of statements for all bank and credit accounts. I was very, very disheartened when I had to submit statements for several accounts that looked something like this:
|07/01/15||Debit – Local Grocery Store #1||$17.35|
|07/01/15||Debit – Local Grocery Store#2||$31.53|
|07/02/15||Debit – National Coffee Chain near Work||$4.88|
|07/02/15||Debit – Convenience Store near Work||$2.37|
|07/02/15||Debit – Lunch Restaurant near Work||$12.72|
|07/02/15||Debit – Gas Station||$43.68|
|07/02/15||Debit – Local Grocery Store #2||$8.19|
|07/04/15||Debit – National Coffee Chain near Work||$4.88|
|07/04/15||Debit – Big-Box Department Store||$81.41|
|07/04/15||Debit – Local Dinner Place near Home||$27.12|
|07/04/15||Debit – Large National Bookstore||$27.19|
|07/05/15||Debit – Fast Food Place near Work||$6.01|
|And on, and on, and on….|
Unfortunately, years prior I had subscribed to the philosophy that plastic is easier to use and somehow inherently better than paper. What I did not realize was that I was sharing a ton of personal details about my life with others. The packet I handed over to the loan officer painted a very thorough picture of my pattern of life for the three months prior to my loan application (which could be extrapolated to the last few years). Though there was nothing “shady” on my cards, it was a little embarrassing to share such granular level of detail about my life with strangers. The sickening realization that I had been sharing all of this information with my bank and creditors for years sank in that day, too.
Purchasing with cash offers much more anonymity. Unless you are purchasing something that requires you provide your real name, firearms and cars being obvious exceptions that come easily to mind, purchases with cash are about as close to anonymous as you can get. There is no paper trail, no bank statement, and no overarching record of your life and activities. If I had it to do over again (and I do going forward) I would have made some changes in my personal habits. My account statements would have reflected the same period of time a bit more succinctly, like this:
You will notice that because I used cash, this brief statement covers a period over four times as long as the above example, while still being eight lines shorter. Not only is this statement more compact, it also reveals very little about me. It does not reveal where I buy my groceries or how often, or the location my favorite coffee, lunch, and dinner restaurants, or my culinary preferences. It does not associate my name to any of my purchases.
I attempt to use cash as much as possible but I realize I will never be able to fully eliminate credit cards from my life. Air travel, rental cars, and hotels require credit cards. I still find myself in locations where I don’t want to pay exorbitant ATM fees, and end up using my card. But I use it a lot less, which is what I am truly advocating: using more cash and less plastic. This reduces the amount of information about yourself that you give over to your bank, your lenders, anyone curious enough to swipe a statement out of your mailbox (assuming you don’t use a P.O. Box), and yes, maybe even the NSA.
Using cash isn’t bulletproof, and it won’t make you totally anonymous. But it will lower your signature, offer you a lot more anonymity, and make an attacker’s job a bit harder. Every little bit helps.