Ed Snowden taught me to smuggle secrets past incredible danger. Now I teach you.
(Micah Lee, Oct 2014)
– Explains how Poitras and Snowden set up a secure communication channel using anonymous e-mail, Tor Browser, GPG, and tweeting the figerprint.
– Explains how he got Greenwald to encrypt his computer. (Greenwald didn’t know how to nor how to use GPG, and got neither of them working)
– Talks about his involvement in the set-up of communications between Snowden, Greenwald and Poitras prior to the revelations.
I think it’s helpful to show how privacy technologists can work with sources and journalists to make it possible for leaks to happen in a secure way. Securing those types of interactions is part of my job now that I work with Greenwald and Poitras at The Intercept, but there are common techniques and general principles from my interactions with Snowden that could serve as lessons to people outside this organization.
but in his first email to me, Snowden had forgotten to attach his key, which meant I could not encrypt my response. I had to send him an unencrypted email asking for his key first. His oversight was of no security consequence—it didn’t compromise his identity in any way—but it goes to show how an encryption system that requires users to take specific and frequent actions almost guarantees mistakes will be made, even by the best users.
after creating a customized version of Tails for Greenwald, I hopped on my bike and pedaled to the FedEx office on Shattuck Avenue in Berkeley, where I slipped the Tails thumb drive into a shipping package, filled out a customs form that asked about the contents (“Flash Drive Gift,” I wrote), and sent it to Greenwald in Brazil.
The (comprehensive) 30-page tutorial Micah wrote about using open source tools to communicate securely:
Encryption Works: How to Protect Your Privacy (And Your Sources) in the Age of NSA Surveillance
The whitepaper covers:
– A brief primer on cryptography, and why it can be trustworthy
– The security problems with software, and which software you can trust
– How Tor can be used to anonymize your location, and the problems Tor has when facing global adversaries
– How the Off-the-Record (OTR) instant message encryption protocol works and how to use it
– How PGP email encryption works and best practices
– How the Tails live GNU/Linux distribution can be used to ensure high endpoint security
HTML version: ▻https://web.archive.org/web/20130727195447/https://pressfreedomfoundation.org/encryption-works
#Tails #GPG #PGP