The Register: 4 Ways the Guardian Could Have Protected Snowden

Frosty Piss writes with this excerpt from The Register: "The Guardian's editor-in-chief Alan Rusbridger fears journalists – and, by extension, everyone – will be reduced to using pen and paper to avoid prying American and British spooks online. And his reporters must fly around the world to hold face-to-face meetings with sources ('Not good for the environment, but increasingly the only way to operate') because they believe all their internet and phone chatter will be eavesdropped on by the NSA and GCHQ. 'It would be highly unadvisable for any journalist to regard any electronic means of communication as safe,' he wrote. El Reg would like to save The Guardian a few bob, and reduce the jet-setting lefty paper's carbon footprint, by suggesting some handy tips – most of them based on the NSA's own guidance."

Internal storage?

[jasno]

Johnny Mnemonic anyone?

Wait -- *their* guidance?

"most of them based on the NSA's own guidance"

Should you take guidance from people who have been proven to lie?

Re:Wait -- *their* guidance?

[Mr.+Slippery]

Should you take guidance from people who have been proven to lie?

The NSA is a deeply schizophrenic organization. On one side you have people seeking to defend and secure Americans' computer systems and networks against crackers, foreign spies, and the like. They'll propose BS like key escrow, but they're actually fairly honest: they know if there is a backdoor they can use, their adversaries can use it too.

On the other hand you have people seeking to break into computer systems and networks, including those of Americans. They oughta be first against the wall when the revolution comes.

Re:Wait -- *their* guidance?

[thoth]

The NSA is a deeply schizophrenic organization.

Not schizophrenic - they just have 2 conflicting missions. That would be signals intelligence (gather and decrypt) and information assurance (protect and defend).

It could be that a split and reorg would be good - say move the information assurance folks and merge them with DISA. Then clamp down on any out of control signals intelligence programs.

spoiler alert

[noh8rz10]

here are the four things, pulled from the article:

1. Encryption: It's not hard
* Keep your private key secret, encrypted and in one place (eg, not a police interrogation room)
* Meet the Advanced Encryption Standard

2. Use clean machines

3. How to shift the data securely

4. Using hidden services

Re: spoiler alert

[Frosty+Piss]

Ahhhhhhhhhh. Yesssssss.

I enjoyed the "submission".

Re:spoiler alert

[Dare+nMc]

1)Snowden was way short on resources to hide from the NSA, and until he proved he had something of real value, who with resources would help him?
2) It was a ton of data, the NSA certainly detects the leak before it gets fully transferred to anyone, and shutdown before full transfer.
3)In Snowden's case many of the original archives themselves had digital fingerprints in them indicating who could have downloaded them to begin with. If you break it up enough to disrupt the fingerprints, then it loses credibility (Very unlikely Snowden knew how to defeat the fingerprint.)
So the idea (IMO) would be you encrypt it and send it to a news source (or Wiki Leaks, EFF, etc) with established credibility, they use the full document to verify your credibility enough to throw their weight behind supporting you. The news source could then be generic enough in releases to disrupt the document fingerprint to the NSA. They could also in turn throw resources at securing the leaker.
In the case of this data mule, they didn't want to really help the terrorists, and en-danger relatively innocent sources in the documents in hand. They want to process, redact, and cross-reference with people the trust to do the work. If the NSA can see who has looked at what, they have a better chance of silencing them.

What if...

[MRe_nl]

When secret police come with secret orders based on secret laws signed by a secret court we secretly dispose of their bodies?

Simple solution

[cold+fjord]

Employ Mentats. Problem solved.

Dump data into a darknet

[Adult+film+producer]

The Freenet network is still alive and is very useful for this kind of thing.

https://freenetproject.org/

I don't feel quite safe either.

I might be part of the few people in the world who are able to implement attacks on cryptography or busting advanced malware in random hardware firmwares in a breeze.
Still there might always be someone who knows some trick I'm not aware of, who is cleverer and more prepared, thus i don't feel safe.

The Guardian's staff is in my opinion well aware of how to use Tor and such countermeasures. They just don't want to try their luck, because if they happen to fail this is ultimate failure.

The Guardian is right and The Register is a usual a bundle of same sized wooden sticks.

Not sure what author of article is going for

[VinylRecords]

1.) Encryption: It's not hard

Shouldn't really be a factor now that Snowden is known publicly. When Snowden was trying to escape the U.S. it was necessary for him to be paranoid and secretive. Now he's already given a full copy of all of his information to Greenwald in person. Snowden was protected well by his news contacts. They had him reveal himself to the world on his own time and not have his name leak before he wanted it to leak. He was safe when it mattered. The Guardian did an acceptable job getting Snowden to safety.

2.) Use clean machines

Extremely difficult. The US has deals with phone companies, operating system creators, and hardware manufacturers, to put backdoor systems into so many devices. They monitor so many email and phone companies. How can you be fully sure you didn't buy a machine that has a secret backdoor entry that the FBI or CIA can get into easily? How can you know that your PC isn't already set up for intercepts on all of your activity? You'd need to be an expert on computer software, hardware, intercept technology, and so many other things just to detect that you were being actively monitored. And being passively monitored like how the NSA just copies everything sent anywhere.

3.) How to shift the data securely

The governments of the world can potentially intercept ANYTHING. Phone calls, emails, text messages, picture messages, faxes, voices through a hidden microphone, credit card transactions, smoke signals, bank statements, parabolic intercepts. Nothing is truly secure in this day and age. A reporter can use a courier by land or plane and that person can be held in a cell for nine hours while being interrogated. But an in-person intercept is known to both parties. A phone intercept is tough to fully know about unless you have an inside source telling you "your personal phones and prepaid phones are all tracked". Thanks to Snowden I now assume that EVERYTHING is tracked by the government.

4.) Using hidden services

The government is cracking down on those. Lavabit could not stop the government. Why would any other black site or anonymous exchange be able to stop the government? The government can stop billion dollar companies from operating overnight. Like a small email or messaging company can withstand the onslaught of a multi-national cyber-military operation?

Re:Not sure what author of article is going for

[dgatwood]

2.) Use clean machines

Extremely difficult. The US has deals with phone companies, operating system creators, and hardware manufacturers, to put backdoor systems into so many devices. They monitor so many email and phone companies. How can you be fully sure you didn't buy a machine that has a secret backdoor entry that the FBI or CIA can get into easily? How can you know that your PC isn't already set up for intercepts on all of your activity? You'd need to be an expert on computer software, hardware, intercept technology, and so many other things just to detect that you were being actively monitored. And being passively monitored like how the NSA just copies everything sent anywhere.

Not difficult at all. It's called an air gap. You buy a laptop specifically for the purpose of decrypting the messages. You set it up without connecting it to the Internet. You generate your private-public key pair on this machine and use a flash drive to manually copy the public key to a different machine so that you can provide it to whoever needs it. When you receive a message, you copy that to a flash drive, then copy it to the other machine, then extract it.

Ideally, the private key should also be stored on a (different) USB key that you carry with you, to reduce the risk of physical theft by (hopefully) ensuring that the key and the encrypted data are never in the same place except when you are decrypting that data. If you are really paranoid, you can split the key into pieces so that multiple key dongles held by separate people must be stolen or confiscated before encryption is compromised.

This is how high-security data handling works everywhere. If intercepting it could mean the end of (the|your) world, you build an air gap, and you ensure that the computers on the inside of that gap are never connected to the public Internet in any way, shape or form. And when you're done with the machine, you destroy its hard drive in accordance with DoD manual 5200.01.

Of course, this ignores TEMPEST/Van Eck phreaking; chances are, you aren't that important, but if you are, you should also take precautions to physically secure your air gap room against any EM emissions from the computer in question.

And as always, Keep Calm and Carry a Towel.

Re:Not sure what author of article is going for

[Dan+East]

2.) Use clean machines

Extremely difficult. The US has deals with phone companies, operating system creators, and hardware manufacturers, to put backdoor systems into so many devices. They monitor so many email and phone companies. How can you be fully sure you didn't buy a machine that has a secret backdoor entry that the FBI or CIA can get into easily? How can you know that your PC isn't already set up for intercepts on all of your activity? You'd need to be an expert on computer software, hardware, intercept technology, and so many other things just to detect that you were being actively monitored. And being passively monitored like how the NSA just copies everything sent anywhere.

I call BS on this one. "You'd need to be an expert on computer software, hardware, intercept technology, and so many other things just to detect that you were being actively monitored." No, you don't. It only takes ONE expert to find that Dell, HP, Microsoft, Apple, OSX, Windows, Linux, has all these supposed backdoors to blow the whistle. While we have cases where various cloud / online services have been forced to turn over information, none of what you're claiming has been reported with hardware and OS vendors.

You're missing one important thing in your paranoia. Existing networks still have to be utilized to transfer this data. If every home PC had such a backdoor, then they still would have to use the internet connection to transmit that data. And yes, there are experts that do watch for this kind of thing, and keep an eye on what their machines are connecting to and why. Unless you're also positing the conspiracy theory that every machine has some totally secret wireless communication built in that talks to some government ghost network that no one has discovered either.

Yes, the NSA is reaching way too far, but even so you've got your tin foil hat way too tight.

Re:Not sure what author of article is going for

[Dunbal]

You are assuming that when you tell your computer to turn off the WiFi, the WiFi stays off. Now if cell phones that are "off" can record the conversations of mobsters without them knowing it, what makes you trust your computer all of a sudden? It would have to be an "air gap" somewhere in the countryside away from any wifi signal...

Re:Not sure what author of article is going for

[MaskedSlacker]

Open up the laptop and remove the wifi antenna (at least in mine you could remove it with a pair of scissors, but other models may require mucking with board).

Re:Not sure what author of article is going for

[Obfuscant]

Open up the laptop and remove the wifi antenna

On most of the Dell systems I've dealt with over the last few years, the WiFi is on a small add-in board.

Or you can just operate in a Faraday cage and avoid Tempest and WiFi and Bluetooth and all kinds of issues at the same time.

Re:Not sure what author of article is going for

[Darinbob]

It is amazingly unlikely that you buy a brand new machine at Best Buy and it is already set up to monitor all the communications you send from the moment it's turned on. Sure it might happen, but that would mean that everyone everywhere is being spied on every minute of the day, in which case the NSA will never be able to find the needle in the haystack. Instead a clean machine means that you use that brand new machine machine only for that task; you don't re-use an old machine, you don't install extra software, don't go browsing the web on it, don't stick it on the internet, and when you get your data you wipe the machine clean again (and you're doing all this in a VM on the clean machine).

There's always the sci-fi possibility that your'e being followed all the time and the follower goes into the store, demands to be told the serial number of the machine that was sold to you, and from that number a back door is activated. Which is one reason why you don't stick that PC on the internet.

If things are so bad that you're being followed everywhere all the time, with a full time team of people assigned to your case, then you're no good as a reporter in this area already. You only get one big scoop of the century in this area, after it's done you will be a high value target to the NSA instead of a petty part-time annoyance, and will never again be safe communicating with confidential sources.

Lavabit was flawed in its set up. It had the ability to decrypt and divulge email if forced to which made it vulnerable. Security and convenience do not mix together well, and allowing a third party like Lavabit to act as a middle man with keys is convenient but not secure.

Re:Not sure what author of article is going for

[AmiMoJo]

It isn't hard to physically remove the wifi card from most laptops. Typically it is located just under a hatch or the entire base of the laptop can be removed.

Also, even if the wifi were turned on with you knowing, unless there is an unsecured network or the government and a backdoor into a nearby AP what use would it be?

Re:Not sure what author of article is going for

[Kiwikwi]

I'll eat my hat(*) if bog standard Linux or FreeBSD installations try to execute anything on a USB stick unless it's rebooted with that stick as boot medium

They won't do that intentionally. But bog standard Linux machines can certainly be infected just by inserting a compromised USB stick.

First of all, the stick will be mounted. Typically, this happens automatically, but if not, the user will still have to do it manually. The USB filesystem can be modified to contain just the right corrupt data structures to trigger a kernel bug, leading to a compromise of the machine. If you think this is far out, think again. This was 2006, but don't worry, the NSA has zero-days on file if they need them. It is well-known that kernel "oopses" (such as this bug in ext4 from 2013) can often be converted into full exploits by a sufficiently determined adversary.

Assuming your Linux distro has a graphical desktop, you may next try opening the stick in a file browser, such as Nautilus. (Or it may even autolaunch when you insert the stick.) This too can cause your computer to be compromised, if e.g. the stick contains a PDF, which has been modified to contain just the right corrupt data structures to trigger a userspace bug in the program that generates the PDF thumbnail. By the time you think, "Wait, I never put any PDF on this stick", you're already compromised. If you think this is far out, think again. This was 2011.

If you're really paranoid, you'll forgo filesystems and desktop environments entirely and just dd plain ASCII files directly to the USB block device. But if your networked computer has been infected, you can never be sure that it's only doing that...

Re:Not sure what author of article is going for

[Teun]

Lots of people told me Linux sucks for WIFI support :)

Re:Not sure what author of article is going for

[Dekker3D]

Raspberry Pi?

If your hardware is compromised, you've got a problem anyway. And it's more likely for commonly used computer systems to be compromised, like desktop PCs and laptops, than something as geeky as a Raspberry. Other than that, those things are far easier to carry wherever, and have no wifi built in as far as I know. Most/all of the storage is removable, and you could probably set said storage to be read-only.

If you're going to build an air-gapped encryption/decryption device, you might as well go for a Raspberry Pi.

MacOS secure!!!!

[stanlyb]

You wannt to use a compromised OS to generate secret keys!!! For.Real.?
What about this:
1.Use some old machine, very old machine, like CPU-486 Pentium, or even better, some chip on computer (Raspberry Pi) to install some minimal linux.
2.Use some proven package to generate the private keys.
3.Store them, write them down, on some piece of paper, and hide it somewhere secret. Even better, generate a set of PK, for every conceivable case.
4.During all this steps, never, i repeat NEVER TURN ON THE ETHERNET ADAPTER.
5.Once you have done with the PK generation, burn the damn computer, literally.
6.Now you have a set of PK that are really secret.
7.From now on, never forget, once you run Windows/Mac/Ubuntu, you are exposed. So try to use only some community build, with minimal set of features Linux, and also without any fancy GUI interface. And keep close track of all the services that you run n your computer. And log all the network traffic going to, or out of your little linux box.

Re:MacOS secure!!!!

[Dunbal]

No, even then you can't guarantee it. There was an article by Dennis Ritchie (yes, one of the co-authors of the C language) that pretty much proved how there could already be back doors in compilers which are slipping in back doors to executable files without anyone knowing it. You can't stop with reading the source code. You would actually have to go through the machine code, line by line.

Re:MacOS secure!!!!

[cybersquid]

I was about to post this!
Here's a link to the article: The Ken Thompson Hack

Snowden didn't want protection

Snowden and the reporters he communicated with did use encryption and other means to preserve secrecy while he was initially doing the leaks. But once it became front-page news, he wanted the publicity, and he told them to go public.

Encryption IS unfortuately too hard

[sjbe]

Encryption: It's not hard

Yes it is. It fails the mom test badly. More properly it is key management that is too difficult. The actual key generation can be automated mostly. Distribution and use of keys is inherently difficult with no obviously easy solution.

Re:Encryption IS unfortuately too hard

[Immerman]

But there's no reason it has to be. The newspaper could easily create/bundle a basic application that runs of a flash drive to handle all the encryption/decryption, tor tunneling, etc. The stripped down version:

The informant-to-be downloads and launches the "Guardmail Program" for the first time
- Personal public and private keys are generated silently and stored in a data file alongside the program
- User writes an email and adds attachments as per normal
- User provides destination address and public encryption key + CRC code available on The Guardian's contact page
- CRC code is checked to ensure that there are no typos in the encryption key (is this normal? It should be if not)
- email, attachments, and P.S.ed personal public encryption key are encrypted
- Resulting data-file is then sent to the destination via whatever origin-obscuring pathways they decide to integrate.

- Later the program is run again and told to "check mail" - it goes to whatever anonymized dropbox is being used, via whatever hidden pathway, and looks for messages directed to the User
- Any messages are downloaded and decrypted. Attachments can be decrypted and saved just as you would from a webmail site

From the users perspective all they did was fire up a special "magic" email program that lets them send things much more secretly, from an interface that looks essentially like any webmail frontend, but the data never sits anywhere unencrypted unless attachments are "saved" (exported) from Guardmail. Does such a program truly not already exist? If so, the why the $#@! not? Sure it's a bit limited and inflexible, but it would put reasonably secure communication in the hands of anyone who had a need for it, no technological knowledge required.

Re:Encryption IS unfortuately too hard

[newbie_fantod]

It fails the mom test badly.

Yes, but any moms who are editors of respected international journalistic institutions are probably smart enough to understand and use encryption.

Re:Encryption IS unfortuately too hard

[Immerman]

I'm not a cryptography geek, but I doubt a trusted third party requirement can be conveniently overcome when "the opposition" has the sort of resources the NSA can bring to bear.

Onion routing has a similar problem in that it only really provides security-through-obscurity. They come right out and warn you that if the entrance and exit nodes are monitored then it's trivial to trace your communication - and considering the pervasiveness of admitted NSA monitoring it seems naive to not asume that every known tor node is on their watch list.

The NSA would like to thank you very much

[hyades1]

From TFA:

"El Reg would like to save The Guardian a few bob, and reduce the jet-setting lefty paper's carbon footprint, by suggesting some handy tips â" most of them based on the NSA's own guidance".

Since the NSA gets a lot more information from metadata than from the message itself, I imagine they'd be delighted to have journalists encrypting everything important (lazy buggers that they are, they probably wouldn't bother with anything that wasn't).

By jumping through all the hoops in the NSA guidelines, you just sorted yourself into a tiny minority that has something to hide. You can guarantee you'll have spooks from every spy agency in the free world tracking where you go, who you talk to, who THEY talk to and what all of you do all day, where you keep your money, where you spend it, and who makes your morning coffee when the wife's out of town.

And laughing. You just KNOW they'll be laughing.

Re:The NSA would like to thank you very much

[TapeCutter]

Personally I think El-Reg may be experiencing some professional jealousy. The patronising tone paints the Guardian reporters as political ideologues in trouble, but the fact is that investigative journalism is hard and expensive, and the Guardian are world leaders in the art.

Re:The NSA would like to thank you very much

Personally I think El-Reg may be experiencing some professional jealousy.

There's nothing professional about the way the "journalists" at El-Reg write. It's somewhere between a tabloid and a blog. It's not a newspaper like The Guardian, not even close. I've yet to read an article that wasn't dripping with personal bias and goofy sensationalism.

Pfff

[ikhider]

As much as the NSA/CIA/FBI whatever like to make you think they are God, they are in fact not. There are MANY ways to make a secure chat between two parties. No organization can be on top of all computers and all software all the time. If the parties involved have a chance to avoid physical surveillance, they are set. How will the spooks going to know which channel to listen in on? All of them? Fine. Needle in a haystack. Good luck.

Holy Crap. Get A Grip.

[Jane+Q.+Public]

It is ridiculously easy to agree on continuously changing keys for one-time-pad encryption. All you need is a bit of imagination.

If the media companies are really so afraid that they will spend millions to do face-to-face encounters, I would happily take half of those millions and give them a far easier, faster, at-least-as-secure alternative.

Seriously. This is utter madness based on ignorance.

5. First Amendment

[globaljustin]

TFA (& everyone else it seems) misses a key option: release anonymously using US First Amendment protection.

The US has **the most journalistic freedom in the world**

Accept it...in fact, the Guardian is working with NY Times to release future Snowden info *precisely* because the US has the 1st Amendment. From The Guardian's editor:

Journalists in America are protected by the first amendment which guarantees free speech and in practice prevents the state seeking pre-publication injunctions or "prior restraint"

Not only that, in the US, journalists may use **anonymous sources**...they risk their reputation and job, and it has to be cleared by their editors, but it is done routinely (ex: Deep Throat).

If journalists release secret info, they can be subpoenaed to reveal their source. IF THEY REFUSE...the journalist can be jailed ONLY a short period of time, never more than 6-9 months as a 'coercive tactic'...but the gov't HAS TO LET THEM GO if they still don't talk!!!

This process is something every college journalism major learns.

Glenn Greenwald is using Snowden to further his career...the way he's shopping Snowden interviews around proves it.

The Guardian could have done this **completely differently** and Snowden would still have his job, and Greenwald would have a book deal and a ton of street cred...

Re:5. First Amendment

[erikkemperman]

The US has **the most journalistic freedom in the world**

wrong, according the journos themselves at least; US doesn't even make it into the top 30.

hung him out to dry

[globaljustin]

it was probably intentional not to go out of their way to protect him

I agree...and I think you are being overly fair to the Guardian and Greenwald. They could have done this completely differently and Snowden would still have his job and hot 'girlfriend'...

Anonymous source.

IMHO, Greenwald and the Guardian led Snowden around like a sheep, taking advantage of his internal motivations for releasing the info.

The truth is, Snowden's info isn't actually revealing of any *new* info, only operational details of already-reported on programs...and seriously it's common knowledge that the Feds could spy on us via the Patriot Act.

Read it for yourself, from USA Today in 2006:

The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.

He broke the law technically, revealing info that was Top Secret, but it's not exactly "news"....unless you muckrake and take advantage of the fact that most journalists never understood what the Patriot Act allows.

It's all hype...we definitely could have had a "national conversation about privacy and surveillance" without all this flap!

Re:hung him out to dry

[Obfuscant]

The truth is, Snowden's info isn't actually revealing of any *new* info, only operational details of already-reported on programs...

Our local senator is one of the ones who has been hinting to us that this is going on since early this year. He couldn't tell us what it was, but ...

He also didn't think it was enough of a problem to bother trying to stop it.

Just RTFA

[FatLittleMonkey]

I can read it on your machine before you encrypt it

The "clean machine" never connects to the 'net. It handles the encryption and is the only machine that sees the decrypted data. The machine that touches the net (somewhere remote to your home/office connection) only sees the encrypted file.

When you realize that I have the power to quickly mobilize any police force almost anywhere in the world to get what I want, you will realize by how much you are screwed.

"If you just want to "stay anonymous from the NSA", or whomever good luck with that. My advice? Pick different adversaries."

More

[Burz]

5. Protect against remote exploits with an OS like Qubes. Use its TorVM and DisposableVM features to isolate different communication domains from each other. (Certain late-model hardware configurations are best used with Qubes.)

6. Go one better than Tor and use I2P. It uses routing that is more decentralized than Tor, and since everyone shares routing bandwith by default there is bandwidth to handle virtually all kinds of traffic... even bulk transfers and bittorrent. Security is also enhanced by having more users route traffic, and by communicating only with other I2P users by default. I2P have so far been successfully testing a distributed email system (I2P-Bote) which is far less vulnerable to attack than what you find on Tor (e.g. TorMail).

Most importantly.

[FatLittleMonkey]

7. Start doing steps 1-6 NOW. Routinely. Across your entire media organisation. When you don't need it.

Don't wait until you're doing something you want to hide, then suddenly start using high-end crypto and data obfuscation and special networks to shout "LOOK AT ME, I HAVE SOMETHING TO HIDE".

Side effect

[DaveAtFraud]

One interesting side effect of this article and others like it is the spook job just got much harder. Lots of people will be looking into using encryption and some actually will becuase they simply don't want someone else reading their e-mail. Previously, the very use of encryption flagged an e-mail as being suspicious since the spooks could assume that peope with nothing to hide (e.g., no plots or plans for nefarious deeds) wouldn't bother with encrypting their data. Now lots of people with nothing to hide will encrypt their messages just becuase they don't like the idea that someone could read it.

Think about what happens if encrypted e-mail goes traffic from .1% to 1% of all e-mail (I have no idea how many people use something like GPG now).

Cheers,
Dave

Re:fly around the world to hold face-to-face meeti

[niftydude]

300+ gig is a lot of kitten pictures.

Considering 2TB USB 3 external disk drives are fairly cheap you can put six times that and still carry around it in your shirt pocket. In fact you will soon be able to get 512 GB and 1TB USB thumb drives although initially they will not be cheap.

The point I was (rather poorly) trying to make is that steganography gives pretty rubbish data ratios. Even assuming you can get as good as something like 1:10, the 300 GB of Snowden files is going to become 3 TB of kitten pictures when you use steganography.

You can't use the same kitten picture for each image because then it is pretty obvious to someone searching your HD that you are using steganography and you are busted, so you have to find about 2.7 TB worth of different kitten pictures.

So, I stand by my statement: that's a lot of kitten pictures.

You didn't RTFA

[AliasMarlowe]

But I can read it on your machine before you encrypt it, cos I'm the NSA and if Microsoft won't give me a back door (usually they do), I just lean on Nvidia, Hewlett Packard, or someone to write me a trojan into their drivers so I can get my back door. It's trivial.

This is one of the reasons that El Reg pointed us to the NSA's own recommendation to USE LINUX. Specifically, use a hardened Linux which is far more secure than any version of Windows, and rather less prone to insertion of back doors into drivers. Here's the relevant bit from El Reg:
"Buy new machines for cash from a shop and harden them against attack: why not (again) take the NSA's own advice and make sure you're using Security-Enhanced Linux, a series of patches for the open-source OS that are now part of Linus Torvalds' official mainline kernel."

Re:that was a questionaire

[erikkemperman]

No. I am arguing that one might give more weight to the results of polls among a large number of journalists around the planet, rather than the opinion of this single guy -- Guardian editor or not.

And even if he's right that NYTimes are better equipped for this kind of thing, that's still a far cry from saying that the US does therefore in its entirety have "the most journalistic freedom" in the world -- which was what you were arguing.