How Laura Poitras and Glenn Greenwald broke the NSA story
This is an interview with Laura Poitras regarding her early contacts with Edward Snowden. Excellent background and a peak into Poitras' thought process.
Sign of the times regarding government surveillance
Back in June, ProPublica published an article advising methods for communicating over the Internet while maintaining privacy. Edward Snowden's revelations have now caused ProPublica to issue a big red flag on its article. Encryption might no longer be effective. How did we get to this point where it is obviously illegal for the government to break into my house and rummage through my drawers without probable cause, but they rummage through my data with the help of and coercion of corporate communications companies? They do it because they CAN do it. These revelations also point out that in the political world explanations are streams of sounds (or scribbles) that would lack any punch except that they are created by entities that can threaten violence. In the case of the NSA, it is the violence of the police state. It is a violence so pronounced that it has ruined the possibility of investigative journalism which, until recent times, was the People's best chance to keep their government in check.
Encryption tools for journalists
Glenn Greenwald recently answered questions on Reddit, including the following: Reddit comment: "Thanks for doing this. At the university I work at, we are putting together a workshop for Media Professionals, including journalists regarding IT security. We plan on covering: PGP, truecrypt, TOR, OTR, and strongbox. What tools, concepts, or techniques should we be teaching aspiring journalists?" Glenn Greenwald: "That's so great to hear. One of the most gratifying things I've seen since this all started is how many journalists now communicate using PGP, Pidgen, OTR, TOR and similar instruments of encryption. Just as was true for me, so many national security journalists - including some of the most accomplished ones at large media outlets, the ones who work on the most sensitive materials - had no idea about any of that and used none of it. Now they do. In this age of a War on Whistleblowers and sources and ubiquitous surveillance, it's absolutely vital that journalists learn advanced encryption methods and use it." It's a shame that modern day journalists need to spend so much time learning about and using encryption technology to protect their sources from spying by the United States and other governments. What would the founding fathers have said about this more than 200 years ago, that the federal government is spying on its own citizens without probable cause and even spying on journalists?
Thank you, NSA
David Meyer "thanks" the NSA for making us all insecure. His analysis is spot on, and it should outrage everyone who has tried to password protect anything on the Internet:
What is so jaw-droppingly idiotic about your actions is that you have not only subverted key elements of modern cryptography, but you have also appointed yourself as the guardian of the knowledge that the resulting vulnerabilities exist. And if your own security systems were up to the task, then those secrets wouldn’t be sitting in the offices of the New York Times and ProPublica. One must possess a Panglossian view on things to assume that Edward Snowden was the first person out of the many thousands in his position to make away with such material. He brought it to the public, and without that move there’s a good chance you wouldn’t have even known he took it. So who else has it? Bet you have no idea. So well done; you’ve probably put your own citizens at risk.
Staying off NSA radar
At the U.K Guardian, Bruce Schneier offers five pieces strategies for staying off the NSA radar. Excellent article with real advice, including caveats Here are a few excerpts:
1) Hide in the network. 2) Encrypt your communications. Use TLS. Use IPsec. 3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn't. If you have something really important, use an air gap. 4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. 5) Try to use public-domain encryption that has to be compatible with other implementations.