{"id":30608,"date":"2013-06-17T12:00:14","date_gmt":"2013-06-17T11:00:14","guid":{"rendered":"http:\/\/www.transcend.org\/tms\/?p=30608"},"modified":"2015-05-06T12:52:51","modified_gmt":"2015-05-06T11:52:51","slug":"the-whistleblowers-guide-to-the-orwellian-galaxy-how-to-leak-to-the-press","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2013\/06\/the-whistleblowers-guide-to-the-orwellian-galaxy-how-to-leak-to-the-press\/","title":{"rendered":"The Whistleblower\u2019s Guide to the Orwellian Galaxy: How to Leak to the Press"},"content":{"rendered":"

Editor\u2019s Note:<\/i><\/b> An earlier\u00a0version<\/a> of this article ran in Wired Opinion last month (\u201cHear Ye, Future Deep Throats: This Is How to Leak to the Press\u201d). It has been updated given recent events\u00a0and reflects the author\u2019s <\/i>new findings about government recording of mail.\u00a0<\/i><\/p>\n

Daniel Ellsberg, Mark Felt, Jeffrey Wigand, Sherron Watkins, Bradley Manning, and now\u2026 Edward Snowden. (He\u2019s just\u00a0the\u00a0latest<\/a> informant caught in the web of government administrations that view George Orwell\u2019s\u00a01984<\/i>\u00a0as an operations manual.)<\/p>\n

But while the list<\/a> of government (and corporate) whistleblowers continues to grow, their options for leaking continue to shrink.\u00a0It is, as one commenter noted<\/a>, \u201ca dangerous time to be right when the government is wrong.\u201d\u00a0We now live in a world where public servants informing the public about government behavior or wrongdoing must practice the tradecraft of spies and drug dealers \u00e0 la The Wire<\/i>.\u00a0Even the head of the CIA\u00a0can\u2019t email<\/a>\u00a0his mistress without being identified by the FBI. And\u00a0privately collected data\u00a0isn\u2019t\u00a0immune, either; highly sensitive metadata is particularly vulnerable thanks to the\u00a0Third Party Doctrine<\/a>.<\/p>\n

So how can one safely leak information to the press, let alone coordinate a Deep Throat-style meetup? The obvious choices: email, phone, and mail \u2026 but you\u2019ve got to be really careful. Here\u2019s a guide.<\/p>\n

\"The<\/a>

The parking garage where Bob Woodward met Mark Felt (Deep Throat). photo: martin_kalfatovic \/ Flickr<\/p><\/div>\n

Leaking by Email<\/b><\/p>\n

The CIA supposedly already provided<\/a> a guide to secure email, which the Russian Federal Security Service (FSB) translated back to English \u2014 convenient, given the situation we now find ourselves in.<\/p>\n

Get a dedicated computer or tablet: the cheapest Windows laptop will do. And pay cash, as our normal laptops have a host of automatic synchronization and similar services. Our personal web browsers also contain all sorts of location-identifying cookies. Even if you\u2019re logged in to but don\u2019t actually visit Facebook\u2019s home page, a subpoena to Facebook can still reveal where you connect and what pages you visit \u2014 every \u201cLike\u201d button reports to Facebook that you are visiting that particular page, at a particular time, from a particular IP address.<\/p>\n

Leave your cellphone, your normal computer, and your metro card (like SmarTrip) at home: anything that speaks over a wireless link must stay behind. Then go to a coffee shop that has open Wi-Fi, and once there open a new Gmail account that you will only use to contact the press and only from the dedicated computer. When registering, use no personal information that can identify you or your new account: no phone numbers, no names.<\/p>\n

Don\u2019t forget: if you get anything at the cafe, or take public transit, pay cash<\/i>.\u00a0Be prepared to walk a bit, too; you can\u2019t stay close to home for this.<\/p>\n

Of course, the job still isn\u2019t finished. When you are done you must clear the browser\u2019s cookies and turn off the Wi-Fi before turning off the computer and removing the battery.\u00a0The dedicated computer should never be used on the network except when checking your press-contact account and only from open Wi-Fi connections away from home and work.<\/p>\n

Leaking Over the Phone<\/b><\/p>\n

Again, start by leaving all electronic devices at home. Go to a small liquor store in a low-income neighborhood, and buy a pre-paid cellphone (TracPhone or similar) with cash. Make sure it has enough airtime to not expire for a few months \u2014 T-mobile prepaid is particularly good since the pay-as-you-go plan doesn\u2019t expire for a full year if you buy $100 of airtime.<\/p>\n

By the way, I would personally look for a store with security cameras that look old \u2014 a continuous tape or similar setup \u2014 since once the FBI has the number, the next step is to contact the store that sold the phone.\u00a0Alternatively, you can get someone else to walk into the store and buy it for you.<\/p>\n

You now own your very own \u201cburner\u201d phone \u2014 remember The Wire<\/i>?\u00a0\u2013 and this phone must remain off with the battery removed at all times. Because\u00a0every active cellphone is effectively a continuous GPS, monitoring your location and feeding the information to the phone company which retains this information for weeks, months, even years.\u00a0Just a warrant-step away.<\/p>\n

Now, to use the phone \u2026 Once again, go to a different location without<\/i> carrying your normal devices, turn on the phone, check your voicemail, make your call, turn it off again, and pull out the battery.\u00a0Your phone calls are now (hopefully) anonymous so that when the FBI leak-hunt starts, there is no trail for them to follow.<\/p>\n

Of course, the burner laptop or phone could still identify you if it\u2019s ever found, as they both contain network identifiers built into the hardware. So if you ever need to abandon your device, first wipe the device back to its factory fresh configuration using any \u201csecure erase\u201d options available, then take a hammer and break the device.\u00a0Put it in some other piece of trash (like an empty McDonald\u2019s sack), go for another stroll, and drop in a public trashcan.<\/p>\n

But if the feds are already following you, you\u2019re caught anyway, so it doesn\u2019t matter if they catch you taking out the trash instead of finding something when they search your home.<\/p>\n

Leaking by Mail<\/b><\/p>\n

Investigative journalist Julia Angwin of the\u00a0Wall Street Journal<\/i>\u00a0pointed out<\/a>\u00a0that physical mail, dropped in a random post-box with a bogus return address, is perhaps the best way for anonymous one-way communication. Perhaps the best use of mail is simply to send the reporter a burner phone pre-programmed to only call\u00a0your<\/i>\u00a0burner.<\/p>\n

Believing that the U.S. Postal Service recorded specific mail address information only\u00a0when asked<\/a>\u00a0by law enforcement, I had previously argued that there\u2019s no history with mail \u2014 and even if there were, it could only be traced to the processing post office.<\/p>\n

However,\u00a0The Smoking Gun spotted<\/a> \u2014 buried in an affidavit! \u2014 that the U.S. Postal Service records the outside of mail. According to the full affidavit<\/a>\u00a0(also available on RECAP; see page 5) the machine used to automate mail operations, the Automated Facer Canceler System, contains a \u201cMail Isolation Control and Tracking\u201d program that\u00a0photographs every single piece of mail\u00a0<\/i>and\u00a0maintains this information for future access by law enforcement.<\/p>\n

Although there\u2019s no mention of optical character recognition to allow indexing by recipient rather than by postmark, leakers must now assume that the U.S. government is indeed recording the outside of everything we mail. A\u00a0leaker should therefore access a public postbox in the same way s\/he uses a burner phone: \u00a0Leave all devices behind, walk to a remote postbox, and follow all the other guidelines above. But be sure to include a note to the reporter telling him or her to trash the envelope immediately.<\/p>\n

***<\/p>\n

All of this may seem like a script for a fictional T.V. show. But such extreme measures are a modern necessity if you want to leak information.\u00a0Any future Deep Throat needs to follow these sorts of procedures if he or she wishes to talk to the press.<\/p>\n

Though just imagine if Mark Felt had to do all of the above when leaking to Woodward and Bernstein.\u00a0Snowden might have been willing to out himself<\/a>\u00a0\u2026 but not everyone is.<\/p>\n

_____________________<\/p>\n

Nicholas Weaver is a researcher at the\u00a0International Computer Science Institute in Berkeley\u00a0and U.C. San Diego (though this opinion is his own). He\u00a0focuses on network security as well as network intrusion detection, defenses for DNS resolvers, and tools for detecting ISP-introduced manipulations of a user\u2019s network connection. Weaver received his Ph.D. in Computer Science from U.C. Berkeley.<\/i><\/p>\n

Go to Original \u2013 wired.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Editor\u2019s Note: An earlier version of this article ran in Wired Opinion last month (\u201cHear Ye, Future Deep Throats: This Is How to Leak to the Press\u201d). It has been updated given recent events and reflects the author\u2019s new findings about government recording of mail.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45,59,62,60],"tags":[],"class_list":["post-30608","post","type-post","status-publish","format-standard","hentry","category-activism","category-nonviolence","category-media","category-whistleblowing-surveillance"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/30608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=30608"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/30608\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=30608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=30608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=30608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}