This is an interview with Laura Poitras regarding her early contacts with Edward Snowden. Excellent background and a peak into Poitras’ thought process.
Back in June, ProPublica published an article advising methods for communicating over the Internet while maintaining privacy. Edward Snowden’s revelations have now caused ProPublica to issue a big red flag on its article. Encryption might no longer be effective.
How did we get to this point where it is obviously illegal for the government to break into my house and rummage through my drawers without probable cause, but they rummage through my data with the help of and coercion of corporate communications companies? They do it because they CAN do it. These revelations also point out that in the political world explanations are streams of sounds (or scribbles) that would lack any punch except that they are created by entities that can threaten violence. In the case of the NSA, it is the violence of the police state. It is a violence so pronounced that it has ruined the possibility of investigative journalism which, until recent times, was the People’s best chance to keep their government in check.
Glenn Greenwald recently answered questions on Reddit, including the following:
Reddit comment: “Thanks for doing this. At the university I work at, we are putting together a workshop for Media Professionals, including journalists regarding IT security. We plan on covering: PGP, truecrypt, TOR, OTR, and strongbox. What tools, concepts, or techniques should we be teaching aspiring journalists?”
Glenn Greenwald: “That’s so great to hear. One of the most gratifying things I’ve seen since this all started is how many journalists now communicate using PGP, Pidgen, OTR, TOR and similar instruments of encryption.
Just as was true for me, so many national security journalists – including some of the most accomplished ones at large media outlets, the ones who work on the most sensitive materials – had no idea about any of that and used none of it. Now they do. In this age of a War on Whistleblowers and sources and ubiquitous surveillance, it’s absolutely vital that journalists learn advanced encryption methods and use it.”
It’s a shame that modern day journalists need to spend so much time learning about and using encryption technology to protect their sources from spying by the United States and other governments. What would the founding fathers have said about this more than 200 years ago, that the federal government is spying on its own citizens without probable cause and even spying on journalists?
David Meyer “thanks” the NSA for making us all insecure. His analysis is spot on, and it should outrage everyone who has tried to password protect anything on the Internet:
What is so jaw-droppingly idiotic about your actions is that you have not only subverted key elements of modern cryptography, but you have also appointed yourself as the guardian of the knowledge that the resulting vulnerabilities exist. And if your own security systems were up to the task, then those secrets wouldn’t be sitting in the offices of the New York Times and ProPublica.
One must possess a Panglossian view on things to assume that Edward Snowden was the first person out of the many thousands in his position to make away with such material. He brought it to the public, and without that move there’s a good chance you wouldn’t have even known he took it. So who else has it? Bet you have no idea. So well done; you’ve probably put your own citizens at risk.
At the U.K Guardian, Bruce Schneier offers five pieces strategies for staying off the NSA radar. Excellent article with real advice, including caveats Here are a few excerpts:
1) Hide in the network.
2) Encrypt your communications. Use TLS. Use IPsec.
3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn’t. If you have something really important, use an air gap.
4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well.
5) Try to use public-domain encryption that has to be compatible with other implementations.
What if you were a reasonably smart and good-hearted person who was willing to run for national political office? You most likely wouldn’t because of numerous financial, social and institutional hurdles, some of which I’ve described here. If you were undeterred by those hurdles, you would be somewhat likely to be a psychopath, and you shouldn’t be allowed to serve in a position of public trust.
But let’s say you were one of those rare people who was ready to persevere through all of these hurdles. Well, there would be one more hurdle for you, one that was described by Glenn Greenwald back in November 2012, well before the Edward Snowden Story broke. The situation was the affair of General Petraeus, particularly the vast invasion and public outing of his emails to and from Paula Broadwell. All of this occurred, courtesy of the security state in a situation where no crime had been alleged.
This is a disturbing example of how, at a push of a button, one’s emails are easily accessible, and that the surveillance state doesn’t give a crap about personal privacy. More recent revelations related to Edward Snowden’s disclosures indicate that the surveillance state grabs virtually all of our emails and stores them for later analysis, meaning that they are available to dissuade one from running for office whenever the surveillance state decides to promulgate the most private aspects of your life. Here’s is an excerpt from Greenwald’s description of this real life problem, illustrated by the affair of General Petraeus:
So all based on a handful of rather unremarkable emails sent to a woman fortunate enough to have a friend at the FBI, the FBI traced all of Broadwell’s physical locations, learned of all the accounts she uses, ended up reading all of her emails, investigated the identity of her anonymous lover (who turned out to be Petraeus), and then possibly read his emails as well. They dug around in all of this without any evidence of any real crime – at most, they had a case of “cyber-harassment” more benign than what regularly appears in my email inbox and that of countless of other people – and, in large part, without the need for any warrant from a court.
But that isn’t all the FBI learned. It was revealed this morning that they also discovered “alleged inappropriate communication” to Kelley from Gen. Allen, who is not only the top commander in Afghanistan but was also just nominated by President Obama to be the Commander of US European Command and Supreme Allied Commander Europe (a nomination now “on hold”). Here, according to Reuters, is what the snooping FBI agents obtained about that [emphasis added]:
“The U.S. official said the FBI uncovered between 20,000 and 30,000 pages of communications – mostly emails spanning from 2010 to 2012 – between Allen and Jill Kelley . . . .
“Asked whether there was concern about the disclosure of classified information, the official said, on condition of anonymity: ‘We are concerned about inappropriate communications. We are not going to speculate as to what is contained in these documents.’”
So not only did the FBI – again, all without any real evidence of a crime – trace the locations and identity of Broadwell and Petreaus, and read through Broadwell’s emails (and possibly Petraeus’), but they also got their hands on and read through 20,000-30,000 pages of emails between Gen. Allen and Kelley.
This is a surveillance state run amok. It also highlights how any remnants of internet anonymity have been all but obliterated by the union between the state and technology companies.
Therefore, no matter who you are, even if you are a decent and intelligent person, the system has all but guaranteed that you won’t run for prominent public office. After all, if you have lived a real life, a meaningful life, you likely have at least a few skeletons in your closet. If you doubt this, go ahead and run for high political office and we’ll see what falls out.
Lavabit, an encrypted email service believed to have been used by National Security Agency leaker Edward Snowden, has abruptly shut down. The move came amidst a legal fight that appeared to involve U.S. government attempts to win access to customer information. In a Democracy Now! broadcast exclusive, we are joined by Lavabit owner Ladar Levison and his lawyer, Jesse Binnall. “Unfortunately, I can’t talk about it. I would like to, believe me,” Levison says. “I think if the American public knew what our government was doing, they wouldn’t be allowed to do it anymore.” In a message to his customers last week, Levison said: “I have been forced to make a difficult decision: to become complicit in crimes against the American people, or walk away from nearly 10 years of hard work by shutting down Lavabit.” Levison said he was barred from discussing the events over the past six weeks that led to his decision. Soon after, another secure email provider called Silent Circle also announced it was shutting down.
Binyamin Appelbaum, an economics reporter for the New York Times, summed it up sharply on Twitter: “Obama is really mad at Edward Snowden for forcing us patriots to have this critically important conversation.”
Fascinating article at Slate makes the argument that the NSA is planting spyware in order to ship private information to one of its contractors. I wasn’t sold in the first few sentences, but then the article kept disclosing more and more evidence.
Intriguingly, the malware that had apparently been placed on some of the Freedom Hosting websites Sunday may have turned up evidence showing how the feds are attempting to infiltrate Tor networks in order to track down suspects. According to an analysis by security researcher Vlad Tsrklevic, the malware in question collects identifying information about the person visiting the page and sends it back to an IP address near Reston, Va. Because the malware does not infiltrate the computer like criminal malware and instead merely collects identifying information, according to Tsrklevich, “it’s very likely that this is being operated by a law enforcement agency.”