How not to be seen

It's never been easier to be a spy. Students of the spooky arts may think fondly of the first Elizabethan era, when fantastic figures like Sir Francis Walsingham ran rings of agents across Europe and decrypted messages hidden in barrels of beer, but back then it was diabolically easy to keep a secret. You picked your trusted confidant, walked out of earshot of anyone else and plotted away to your black heart's content. Then some blighter discovered electricity and everything changed.

For a while, things weren't too bad. You could have a microphone in your suspect's office and run wires to your listening post, or you could try and hide a radio transmitter nearby -- but the combination of huge valves and crude transmitter technology made such exercises easy to detect. Along came the transistor, which shrank bugs to the size of a broad bean, and the spies were very happy. But not as happy as when integrated circuits arrived -- not only could you make surveillance equipment as small as you liked, you could build in masking techniques that rendered them very hard to detect. A basic bug needs but two transistors: with modern chips packing upwards of a billion on each sliver of silicon, the only limit to surveillance technology is the imagination of the spies and their ability to physically place the devices.

Even those ideas are out of date. Looking around my desk, I can see five devices that have microphones built in and attached to complex electronic circuitry. Three of them also have radio transmitters -- a mobile phone, a cordless phone, and a Wi-Fi laptop -- while the desktop computer is linked to the Internet via a permanent broadband connection. Any of these could be compromised by the addition of a tiny amount of software and made to relay everything in earshot to anywhere in the world: I even take two of them with me wherever I go. And in fact, there's no need for MI5 to go to even that much bother: like most of us, nearly everything of interest that I do is reflected in some way by my phone calls, emails and online activities.

It's here that most espionage takes place, in our day-to-day use of IT equipment. The spies do have the use of tons of special space hardware with codenames like Lacrosse and Crystal, taking pictures and listening to every radio transmission they can, but unless you're using a walkie-talkie in the Hindu Kush, there are much easier ways for what you say and do to reach the eyes and ears of those who care.

If you've got something to hide, if you're paranoid or if you're just an old-fashioned stickler for privacy and the basic human right to go about your business unobserved by the unaccountable, there are various ways you can protect yourself and your conversations. For starters, don't rely on any commercial, closed system that may claim to be secure: there is a long and well-documented history of undocumented flaws and deliberate weaknesses in such things.

Take the humble mobile phone. The digital encryption in GSM phones was made deliberately weak to give the spooks a chance. It is good enough to stop casual scanners, but the amount of computational grunt needed to crack it has become steadily more affordable at the same time as the techniques available have got more sophisticated. It's not yet at the point where a hacker with a laptop can listen in -- but give it a couple of years. And the security services have always been able to get at mobile-phone conversations through a variety of means.

Make your communication tools as simple as possible. Even before my emails leave my computers, they've been through tens or hundreds of installed software components, none of which I fully understand, and spent time in a huge operating system whose details are a carefully guarded secret.

If I were keen for this not to happen, I'd use a stripped-down Linux installation on as old a laptop as could run the basic software required. If I was really keen, I'd pick up an old portable device like a Tandy Model 100 or a Z88, something with unchangeable software in ROM that was written decades ago. I'd write a simple encryption program of my own that used random data I'd previously entered to code my messages -- you can do this in ten lines of BASIC -- and hand-deliver a copy of everything to my recipient. It's slow, painful and limited -- but it's spookproof. Unless they get even keener and put video bugs in my front room.

In the end, the only safe way to keep a secret is to pick your pal carefully, walk out of earshot of anyone else and plot away. Just make sure you're not carrying anything more modern than Sir Francis might recognise, and you'll be fine -- remember American intelligence shamefacedly admitting that they didn't know much about what the Iraqis had been up to because "these people did most of their work under roofs". But if, like Kofi, you need to use the same telephones and email as the rest of us, assume they know everything -- and keep asking awkward questions. Political accountability is the final safeguard, as I very much hope is becoming painfully apparent to all.