The Register: 4 Ways the Guardian Could Have Protected Snowden 233
Frosty Piss writes with this excerpt from The Register: "The Guardian's editor-in-chief Alan Rusbridger fears journalists – and, by extension, everyone – will be reduced to using pen and paper to avoid prying American and British spooks online. And his reporters must fly around the world to hold face-to-face meetings with sources ('Not good for the environment, but increasingly the only way to operate') because they believe all their internet and phone chatter will be eavesdropped on by the NSA and GCHQ. 'It would be highly unadvisable for any journalist to regard any electronic means of communication as safe,' he wrote. El Reg would like to save The Guardian a few bob, and reduce the jet-setting lefty paper's carbon footprint, by suggesting some handy tips – most of them based on the NSA's own guidance."
What if... (Score:4, Interesting)
When secret police come with secret orders based on secret laws signed by a secret court we secretly dispose of their bodies?
Dump data into a darknet (Score:4, Interesting)
https://freenetproject.org/ [freenetproject.org]
I don't feel quite safe either. (Score:2, Interesting)
I might be part of the few people in the world who are able to implement attacks on cryptography or busting advanced malware in random hardware firmwares in a breeze.
Still there might always be someone who knows some trick I'm not aware of, who is cleverer and more prepared, thus i don't feel safe.
The Guardian's staff is in my opinion well aware of how to use Tor and such countermeasures. They just don't want to try their luck, because if they happen to fail this is ultimate failure.
The Guardian is right and The Register is a usual a bundle of same sized wooden sticks.
The NSA would like to thank you very much (Score:5, Interesting)
From TFA:
"El Reg would like to save The Guardian a few bob, and reduce the jet-setting lefty paper's carbon footprint, by suggesting some handy tips â" most of them based on the NSA's own guidance".
Since the NSA gets a lot more information from metadata than from the message itself, I imagine they'd be delighted to have journalists encrypting everything important (lazy buggers that they are, they probably wouldn't bother with anything that wasn't).
By jumping through all the hoops in the NSA guidelines, you just sorted yourself into a tiny minority that has something to hide. You can guarantee you'll have spooks from every spy agency in the free world tracking where you go, who you talk to, who THEY talk to and what all of you do all day, where you keep your money, where you spend it, and who makes your morning coffee when the wife's out of town.
And laughing. You just KNOW they'll be laughing.
Re:Not sure what author of article is going for (Score:5, Interesting)
Re:MacOS secure!!!! (Score:5, Interesting)
5. First Amendment (Score:5, Interesting)
TFA (& everyone else it seems) misses a key option: release anonymously using US First Amendment protection.
The US has **the most journalistic freedom in the world**
Accept it...in fact, the Guardian is working with NY Times to release future Snowden info [huffingtonpost.com] *precisely* because the US has the 1st Amendment. From The Guardian's editor:
Not only that, in the US, journalists may use **anonymous sources**...they risk their reputation and job, and it has to be cleared by their editors, but it is done routinely (ex: Deep Throat).
If journalists release secret info, they can be subpoenaed to reveal their source. IF THEY REFUSE...the journalist can be jailed ONLY a short period of time, never more than 6-9 months as a 'coercive tactic'...but the gov't HAS TO LET THEM GO if they still don't talk!!!
This process is something every college journalism major learns.
Glenn Greenwald is using Snowden to further his career...the way he's shopping Snowden interviews around proves it.
The Guardian could have done this **completely differently** and Snowden would still have his job, and Greenwald would have a book deal and a ton of street cred...
Re:Encryption IS unfortuately too hard (Score:5, Interesting)
But there's no reason it has to be. The newspaper could easily create/bundle a basic application that runs of a flash drive to handle all the encryption/decryption, tor tunneling, etc. The stripped down version:
The informant-to-be downloads and launches the "Guardmail Program" for the first time
- Personal public and private keys are generated silently and stored in a data file alongside the program
- User writes an email and adds attachments as per normal
- User provides destination address and public encryption key + CRC code available on The Guardian's contact page
- CRC code is checked to ensure that there are no typos in the encryption key (is this normal? It should be if not)
- email, attachments, and P.S.ed personal public encryption key are encrypted
- Resulting data-file is then sent to the destination via whatever origin-obscuring pathways they decide to integrate.
- Later the program is run again and told to "check mail" - it goes to whatever anonymized dropbox is being used, via whatever hidden pathway, and looks for messages directed to the User
- Any messages are downloaded and decrypted. Attachments can be decrypted and saved just as you would from a webmail site
From the users perspective all they did was fire up a special "magic" email program that lets them send things much more secretly, from an interface that looks essentially like any webmail frontend, but the data never sits anywhere unencrypted unless attachments are "saved" (exported) from Guardmail. Does such a program truly not already exist? If so, the why the $#@! not? Sure it's a bit limited and inflexible, but it would put reasonably secure communication in the hands of anyone who had a need for it, no technological knowledge required.
You didn't RTFA (Score:4, Interesting)
But I can read it on your machine before you encrypt it, cos I'm the NSA and if Microsoft won't give me a back door (usually they do), I just lean on Nvidia, Hewlett Packard, or someone to write me a trojan into their drivers so I can get my back door. It's trivial.
This is one of the reasons that El Reg pointed us to the NSA's own recommendation to USE LINUX. Specifically, use a hardened Linux which is far more secure than any version of Windows, and rather less prone to insertion of back doors into drivers. Here's the relevant bit from El Reg:
"Buy new machines for cash from a shop and harden them against attack: why not (again) take the NSA's own advice and make sure you're using Security-Enhanced Linux, a series of patches for the open-source OS that are now part of Linus Torvalds' official mainline kernel."
Re:Don't Do The Crime... (Score:2, Interesting)
"Generally I think I'd rate as overly optimistic about the future but since 9/11 I think we've come to be so over policed and scrutinized that if you're going to go up against the system in a big way you're going to get caught and you're better off going in thinking you're likely to get caught."
I don't necessarily disagree with what you say... as long as you're only seeing it from that point of view. But try looking at it from a different (and probably more practical) point of view. That is to say, an engineering point of view, and Signal to Noise Ratio (s/n):
Someone just recently (and quite rationally) campaigned for EVERYONE to publicly start publishing lots of noise. By noise, I mean:
BOMBS. TERRORISM. DEATH TO INFIDELS. MAGNESIUM. RED PHOSPHORUS. WHITE PHOSPHORUS. SARIN. RICIN. MASS DESTRUCTION. AK-47. AR-15. M4. C4. 20mm. MINE.
FREEDOM
According to reports, that last word gets scored as highly as any of the others. A bit strange, that.
The answer is not to be a sheep, and say "I'd better not say it or I will be in trouble."
The answer is to look them in they eye, and if necessary spit in their eye, and SAY IT ANYWAY.
Anything else and YOU are the enemy. Believe it.
---