B3RN3D

Let your plans be dark and impenetrable as night, and when you move, fall like a thunderbolt.

Journalist OPSEC Gap: Lessons From the Snowden Stories

In Greenwald’s book on Edward Snowden, No Place To Hide, he brings to light some of the details about how Snowden originally contacted him. The truth is, Glenn Greenwald slowed down the process of disclosing Snowden’s secrets and it was only thanks to Laura Poitras that Snowden was considered as a legitimate source. This is an example of how old style journalism is falling behind the Wikileaks-generation of journalism. Alternatively, the two generations should be merging and learning from each other.

Greenwald’s Reluctant OPSEC

The first chapter is written in a self-deprecating way – the same way that an old man would talk about computers to a young person; “You kids and your computers.” In this case, it was more “You political dissidents and your cryptography.” Even after repeated attempts by Snowden to have Greenwald merely install GPG, he could not be convinced.

"Here am I," he thought, "ready to risk my liberty, perhaps even my life, to hand this guy thousands of Top Secret documents from the nation's most secretive agency -- a leak that will produce dozens if not hundreds of huge journalistic scoops. And he can't even be bothered to install an encryption program."

Greenwald admits that Snowden contacted him and repeatedly implored him to setup PGP for future communications and in response, Greenwald repeatedly procrastinated. Greenwald provided excuses that he was too busy and didn’t believe this was a legitimate source due to the fact that Snowden wouldn’t give him any more information. While the situation is understandable, it’s infuriating to think about how the source was deemed not viable due to the fact that he was unwilling to transmit sensitive information securely.

The book goes on to highlight other times when Greenwald is having insecure communications over the phone and storing clear text versions of printed material in his bag. It was more than ten weeks between the time that Snowden tries to get Greenwald to install PGP, and the time he meets up with Poitras in New York.

Laura

Laura Poitras understood the implications of Snowden’s information right away. In the first meeting with Greenwald about this subject, she told him to take the battery out of his phone (which he couldn’t - iPhone). They switched tables two times at the restaurant to make sure no one heard them. She had not yet learned anything about the Snowden documents besides the implications that they were related to spying in some way. Because of this, she protected herself. Cheers to you Laura.

Laura Poitras is a film maker that is used to being targeted by government intelligence groups. Throughout her career, she has been stopped in airports, had her laptop confiscated, papers and documents stolen – all because of the places she’s made films and people she has talked to. One example from Greenwald’s book was an interview she did with Osama Bin Laden’s driver.

Why does a filmmaker have better OPSEC than a journalist? It’s not baffling, but it reflects the sad state of journalist awareness to operational security.

Journalist OPSEC

While frustrating, Greenwald is not an one-off situation. In fact, most journalists have no clue how to use encryption programs, or think about any kind of operational security logistics. This is the reason that sites like Wikileaks have become popular – they are on the cutting edge of technology, understand the value of providing an anonymous communication medium, and while they can’t be regarded as having the same journalistic integrity as an institution like The Guardian, they are trusted (by some) to not accidentally or on purpose disclose their sources.

At this point we have some tools designed to protect ourselves. PGP has been around for a millennium in Internet years. Strongbox is an attempt at securing communications between two people that don’t know what they’re doing. What have is a cultural conflict between journalists that consider this type of software designed for “hackers” and tech savvy young people that are frustrated with the previous generation’s unwillingness to use technology. These “hackers” have spent collective years building tools and documents designed for these situations, and journalists aren’t willing to use them.

This technical knowledge gap will have to change and I believe that most journalists understand this fact. I don’t know if there are American Journalist schools that teach them how be the next Glenn Greenwald, but they need to add a curriculum that covers technical OPSEC; PGP, proper communications, protecting your sources. They should be trained in the same way that the CIA runs a source. They should have dead drops, code words for whether everything is going as planned, designated meeting places, and unattributable communications.