The Register: 4 Ways the Guardian Could Have Protected Snowden

Frosty Piss writes with this excerpt from The Register: "The Guardian's editor-in-chief Alan Rusbridger fears journalists – and, by extension, everyone – will be reduced to using pen and paper to avoid prying American and British spooks online. And his reporters must fly around the world to hold face-to-face meetings with sources ('Not good for the environment, but increasingly the only way to operate') because they believe all their internet and phone chatter will be eavesdropped on by the NSA and GCHQ. 'It would be highly unadvisable for any journalist to regard any electronic means of communication as safe,' he wrote. El Reg would like to save The Guardian a few bob, and reduce the jet-setting lefty paper's carbon footprint, by suggesting some handy tips – most of them based on the NSA's own guidance."

The NSA would like to thank you very much

[hyades1]

From TFA:

"El Reg would like to save The Guardian a few bob, and reduce the jet-setting lefty paper's carbon footprint, by suggesting some handy tips â" most of them based on the NSA's own guidance".

Since the NSA gets a lot more information from metadata than from the message itself, I imagine they'd be delighted to have journalists encrypting everything important (lazy buggers that they are, they probably wouldn't bother with anything that wasn't).

By jumping through all the hoops in the NSA guidelines, you just sorted yourself into a tiny minority that has something to hide. You can guarantee you'll have spooks from every spy agency in the free world tracking where you go, who you talk to, who THEY talk to and what all of you do all day, where you keep your money, where you spend it, and who makes your morning coffee when the wife's out of town.

And laughing. You just KNOW they'll be laughing.

Re:Not sure what author of article is going for

[Dunbal]

You are assuming that when you tell your computer to turn off the WiFi, the WiFi stays off. Now if cell phones that are "off" can record the conversations of mobsters without them knowing it, what makes you trust your computer all of a sudden? It would have to be an "air gap" somewhere in the countryside away from any wifi signal...

Re:MacOS secure!!!!

[Dunbal]

No, even then you can't guarantee it. There was an article by Dennis Ritchie (yes, one of the co-authors of the C language) that pretty much proved how there could already be back doors in compilers which are slipping in back doors to executable files without anyone knowing it. You can't stop with reading the source code. You would actually have to go through the machine code, line by line.

5. First Amendment

[globaljustin]

TFA (& everyone else it seems) misses a key option: release anonymously using US First Amendment protection.

The US has **the most journalistic freedom in the world**

Accept it...in fact, the Guardian is working with NY Times to release future Snowden info *precisely* because the US has the 1st Amendment. From The Guardian's editor:

Journalists in America are protected by the first amendment which guarantees free speech and in practice prevents the state seeking pre-publication injunctions or "prior restraint"

Not only that, in the US, journalists may use **anonymous sources**...they risk their reputation and job, and it has to be cleared by their editors, but it is done routinely (ex: Deep Throat).

If journalists release secret info, they can be subpoenaed to reveal their source. IF THEY REFUSE...the journalist can be jailed ONLY a short period of time, never more than 6-9 months as a 'coercive tactic'...but the gov't HAS TO LET THEM GO if they still don't talk!!!

This process is something every college journalism major learns.

Glenn Greenwald is using Snowden to further his career...the way he's shopping Snowden interviews around proves it.

The Guardian could have done this **completely differently** and Snowden would still have his job, and Greenwald would have a book deal and a ton of street cred...

Re:Encryption IS unfortuately too hard

[Immerman]

But there's no reason it has to be. The newspaper could easily create/bundle a basic application that runs of a flash drive to handle all the encryption/decryption, tor tunneling, etc. The stripped down version:

The informant-to-be downloads and launches the "Guardmail Program" for the first time
- Personal public and private keys are generated silently and stored in a data file alongside the program
- User writes an email and adds attachments as per normal
- User provides destination address and public encryption key + CRC code available on The Guardian's contact page
- CRC code is checked to ensure that there are no typos in the encryption key (is this normal? It should be if not)
- email, attachments, and P.S.ed personal public encryption key are encrypted
- Resulting data-file is then sent to the destination via whatever origin-obscuring pathways they decide to integrate.

- Later the program is run again and told to "check mail" - it goes to whatever anonymized dropbox is being used, via whatever hidden pathway, and looks for messages directed to the User
- Any messages are downloaded and decrypted. Attachments can be decrypted and saved just as you would from a webmail site

From the users perspective all they did was fire up a special "magic" email program that lets them send things much more secretly, from an interface that looks essentially like any webmail frontend, but the data never sits anywhere unencrypted unless attachments are "saved" (exported) from Guardmail. Does such a program truly not already exist? If so, the why the $#@! not? Sure it's a bit limited and inflexible, but it would put reasonably secure communication in the hands of anyone who had a need for it, no technological knowledge required.