Wish Chelsea Manning a Happy 28th Birthday!

Send Chelsea Manning a birthday card!

Wikileaks whistleblower Chelsea Manning is spending her 28th birthday in a military prison. She’s been incarcerated since she was 22 for helping expose some of the U.S. government’s worst abuses.

chelsea-logo

It’s so important that we show heroic whistleblowers like Chelsea that they will not be forgotten, so we want to make sure she gets lots of birthday love! Just fill out this page, and we’ll mail your customized birthday card to Chelsea to remind her that she’s not alone—Happy Birthday, Chelsea Manning!

Learn more from Fight For The Future!

Read Chelsea’s statement from this year’s Aaron Swartz Day.

Kevin Poulsen at Aaron Swartz Day 2014 – Details On Poulsen v. DHS

Kevin - 2

Download a Hi-res (.mov) file of Kevin’s Talk
CC0

Kevin Poulsen filed a lawsuit over access to the Federal law enforcement documents about Aaron Swartz.  MIT intervened in the case as an interested third party – and was awarded the privilege of further redacting the documents before they were made public.

Bottom Line: MIT’s intervention has caused these documents to be released at a much slower rate, so they could redact information about their involvement with the government against Aaron.

The files are all here now at swartzfiles.com.

Here is a complete transcription of last year’s presentation by Kevin Poulsen on this topic. (Let’s band together to put pressure on the U.S. Government to release these files now. :-)

(In case you are just learning about this, I am also including a complete list of references on this topic at the bottom of this post.)

Complete transcription:

My name’s Kevin Poulsen. I’m a contributing editor at Wired magazine, and I’m the one that recruited Aaron to do the project that is now “SecureDrop.” While my presentation is getting set up I’ll say that what the Freedom of the Press Foundation and everybody who’s contributed to that project at the hackathons has made of that greatly exceeds I think, any expectations that Aaron had for that when he was working on it. It’s an astonishing, astonishing achievement, and one that’s become far more important than it was even when we started.

I’ve been asked to talk about my Freedom of Information Act lawsuit against the Department of Homeland Security, and where we stand with the files.

For those just tuning in: After Aaron passed, I, as well as a lot of other journalists and bloggers and independent investigators, very quickly filed Freedom of Information Act requests with the Secret Service, and we all received the same letter (page 3), where the agency summarily denied the request on the grounds that it pertained to an ongoing law enforcement investigation, which was ludicrous under the circumstances.

I filed an appeal. (page 1) The department ignored the appeal, and then, I, with the help of David Sobel, and attorney with EFF and one of the greatest FOIA litigators in the country, we sued DHS and, very quickly, got a court order obliging them to start producing document. (Applause.)

At that point, MIT and JSTOR moved to intervene in the case. They were concerned that, despite the government’s great skill at redacting documents, that some information might slip through that would identify MIT or JSTOR personnel who contributed to the investigation, and they might face some sort of retaliation. Probably from Anonymous.

We reached an agreement with them, where they’re allowed to preview each collection of documents before it’s released to me and suggest redactions of their own. There was some concern at the time that they would abuse that to redact more than just identifying information. So far, it looks like the redactions have just been a word here or there, and email addresses and that sort of thing.

What we’ve gotten so far is 2,889 pages, 177 photos and 11 videos, including the video of Aaron being booked at the Cambridge Police Department.

In the last batch. This will be of interest to maybe two or three of you, that really closely follow this. In the last batch, we actually got the Python script that Aaron wrote to extract the documents from JSTOR. This is actually the thing that I’m asked about the most is “when is keepgrabbing.py going to be released?”

Aaron Swartz' Keepgrabbing.py script
Aaron Swartz’ Keepgrabbing.py script

Script Transcribed on GitHub

In the last two batches, we’ve seen for the first time some large blocks of material being redacted, and they’re being redacted under FOIA Exemption B5, “Pre-decision Deliberative Processes.” So, if the government is working on something, and they haven’t made a decision, and they’re exchanging memos and back and forth discussing what to do, that’s when that would apply. Or a draft of a treaty. That sort of thing.

And for the first time we’re seeing a notation indicating that an outside agency, not the Secret Service, and not DHS, has made those redactions, and it’s the Executive Office of the U.S. Attorney. And all of these redactions appear to be emails either from or two Stephen Heymann, the prosecutor on the case. So, it’s hard to tell what’s being redacted by definition. It’s not there. But, as it turns out, MIT and JSTOR also released documents, in the wake of the controversy over all of this, and some of them were messages that were redacted from the government’s release. So, we actually can see what’s underneath them. And it’s nothing that you would call a smoking gun. It’s more like, very puzzling why they would want to redact this. So this, message to MIT, from Steve Heymann, or (correction) to JSTOR, from the prosecutor, is asking about the naming of the PDF files that were downloaded. It baffles me as to why they would consider this sensitive.

This one, huge block of redacted text, here, is the reply from JSTOR. You’d imagine this is going to be the Pentagon Papers or something. And no, it’s a detailed examination of the numbering system that JSTOR uses for numbering their documents. Keep in mind this was released by JSTOR voluntarily and redacted by the U.S. Government for reasons of their own. And then this one, again, an entire block. It turns out to be the stuff that the prosecutor is asking MIT to bring to an interview. So this, I think, bears some further scrutiny. I just discovered the unredacted versions of these in the JSTOR documents yesterday, so I haven’t had a chance to talk to David Sobel about it yet. But to me, it looks a little questionable.

If you want to see the documents for yourself. This week, I’ve compiled them all into a single place: swartzfiles.com. You’ll also find the FBI and US Marshall’s files on Aaron there, and a compilation of all the files that have been released by MIT and JSTOR to date, as well as all the videos and the photographs that I just described.

More Articles and Resources about Kevin’s FOIA case and MIT’s intervening:

1. Swartzfiles.com    http://swartzfiles.com/

2. WIRED’s Kevin Poulsen on managing investigations, Aaron Swartz and why leaks are the new FOIA – Muckrock.com, by George LeVines – August 2, 2013
https://www.muckrock.com/news/archives/2013/aug/02/wired-kevin-poulsen-foia-aaron-swartz-leaks/

3. First 100 Pages of Aaron Swartz’s Secret Service File Released
Kevin Poulsen    Security Date of Publication: 08.12.13.
08.12.13 http://www.wired.com/2013/08/swartz-foia-release/

4.  Secret Service Report Noted Aaron Swartz’s ‘Depression Problems’, Kevin Poulsen, Wired, 11.07.13 http://www.wired.com/2013/11/swartz-foia-november/

5.  MIT blocking release of Aaron Swartz’s Secret Service files BoingBoing, Cory Doctorow, Jul 18, 2013 http://boingboing.net/2013/07/18/mit-blocking-release-of-aaron.html

6. Judge orders Secret Service to release Aaron Swartz’s files
Boing Boing, Cory Doctorow  Jul 9, 2013  http://boingboing.net/2013/07/09/judge-orders-secret-service-to.html

7. MIT asks to intervene in Swartz FOIA suit
July 19, 2013 by Ed Felten https://freedom-to-tinker.com/blog/felten/mit-asks-to-intervene-in-swartz-foia-suit/

8. Aaron Swartz FOIA video playlist

9.  MIT intervenes in FOIA release of Aaron Swartz documents, seeks ‘pre-release review’  By Nathan Ingraham, The Verge, July 18, 2013 http://www.theverge.com/2013/7/18/4536566/mit-intervenes-in-foia-release-of-aaron-swartz-documents

10.  The MIT surveillance video used against Aaron Swartz is now public By Dell Cameron, Dec 4, 2013 http://www.dailydot.com/news/aaron-swartz-mit-surveilance-video-released/

 

Kevin - 3

Jacob Appelbaum at Aaron Swartz Day 2015

Download mp4       Hi-res files of entire event
CC0

Update December 2017 – In the course of Lisa’s research for “From DeadDrop to SecureDrop,” (since this post originally went up), she could not find any evidence whatsoever that Aaron ever assisted Wikileaks.

So it would appear that, although the transcript reads that “Wikileaks disclosed three facts” – we don’t in fact know that these are facts.

Here is the original December 5, 2015 post:

Jacob Appelbaum read a powerful statement at this year’s Aaron Swartz Day Celebration.

Here are some highlights. A complete transcription follows.

Quotes From Jacob’s Talk:

Shortly after Aaron was found, WikiLeaks disclosed three facts:

  • Aaron assisted WikiLeaks.
  • Aaron communicated with Julian and others during 2010 and 2011.
  • And Aaron may have even been a source.

I do not believe that these issues are unrelated to Aaron’s persecution, and it is clear that the heavy-handed U.S. prosecution pushed Aaron to take his own life. How sad that he was abandoned by so many in his time of need. Is it really the case that there was no link? Is it really the case that the U.S. prosecutors went after Aaron so harshly because of a couple of Python scripts and some PDFs? No, clearly not…

When we learned more details about the U.S. prosecutors, we learned that they considered Aaron a dangerous radical for unspecified reasons. One of the primary reasons is probably the Guerilla Open Access Manifesto. This is a good document, and, as many others, I respect it and I admire it. The Guerilla Open Access Manifesto is not as radical as the U.S. prosecutors might consider it. But their fear is telling, so let us say it out loud: We should honor it and we should extend it.

Let’s not only liberate the documents of the world, let us act in solidarity to liberate all of humanity. Let us create infrastructure that resists mass surveillance. Let us enable people to leak documents. And let us also work to infiltrate those organizations that betrayed us. There is a division of labor, and we all bring different skills to the table. Let us all use them in service of a better world, in service of justice.

We must have total transparency about the investigation into Aaron. Why was the Department of Justice grinding their axe with Aaron? Was it really because of JSTOR and the past anger about PACER? That is absurd and unbelievable. It is disproportionate and it is unjust.

One concrete thing that needs to happen is for the FOIA case to be properly resolved. We must find a way to speed up the processing about FOIAs regarding Aaron. Rather than hundreds of documents at a time, we should have all 85,000 at once, and not mediated by MIT, who is partially responsible for the outcome we have today.

And we must not drop the pressure. If you are invited to MIT, I encourage you to decline and to explain that you do so because of MIT’s treatment of Aaron Swartz. But not just Aaron, but those like Star Simpson and Bunnie, who MIT would’ve left to be like Aaron, if the cards had played a little differently…

And there is a legal lesson that we actually must learn in a very hard way, as many communities have learned it already, and it is one where the lawyers in the audience who represent me are already cringing from what I’ve said, but they’ll cringe harder next. We must resist grand juries. We must not bow down. We must band together. And together we can refuse to be isolated. We must resist it every step of the way, never giving them anything, ever, at all, when they wish to persecute us for our political beliefs. And if you feel there is no other choice, drag it out and make it public…

Part of what Aaron carried was an understanding that it wasn’t just that something needed to be done. He carried with him the idea that very specific things needed to happen, and for very good reasons, to benefit all of those alive and all of those yet to live. He cared deeply about free software, and he cared deeply about the free culture movement. He worked to advance many other issues. Let us carry on that work, whatever the cost, wherever they may take us.

***Complete Transcription Below***

Lisa: Ladies and Gentlemen, Jacob Appelbaum.

Jacob: First of all, thank you so very much for having me tonight. It’s actually really difficult that I can’t be there in person, and I wish that I could be. And, when Lisa asked me to speak tonight, I actually didn’t feel that I had something to say until I sat down and wrote a text. So, I’m just going to read you a text, and as a result I’m going to cover my camera because there’s nothing worse than watching someone read. So, as you can see there, it’s just a bright white light, and now I’m going to read you this text, and I hope that you can still hear me.

[Crowd chanting “We want Jake!”]

Jacob: (Laughing)

Lisa Rein: Jacob, come back on camera, please. Don’t do it, Jake.

Jacob: I’m sorry. It has to be this way. That’s how it has to be, I’m sorry, but here we go.

Lisa: It’s okay. No, no, no!

Jacob: You can’t fucking be serious. [laughing] Terrible.

Lisa: Jacob, please. Thank you. (Jesus Christ.)

Jacob: Look, I want to see all of you, too, but we don’t get what we want so I’m going to read you this text now.

The first time that I heard Aaron Swartz speak in person was at the Creative Commons release party in San Francisco.

Lisa: Jacob, we’re going to turn it [the podium laptop] around.

Jacob: I was working the door as a security guard, if you can believe that. I think it was in December of 2002. Meeting people in that seemingly weird world mutated life in a good way. Over the years, we crossed paths many times, be it discussions relating to CodeCon, to age limits, or free software, or the Creative Commons, or about crypto, or any other topic. Aaron was an insightful, hilarious, and awesome person.

Aaron and I worked on a few different overlapping projects and I very much respected him. Some of the topics that came up were light, but some were very heavy and very serious. The topic of WikiLeaks was important to both of us. In November of 2009, long before I was public about my work with WikiLeaks, I introduced Aaron to someone at WikiLeaks who shall remain unnamed. If we had a secure and easy way to communicate, if some sort of communication system had existed that had reduced or eliminated metadata, I probably could’ve done so without a trace. But we didn’t. You’re not the first to know, the FBI and the NSA already know.

Less than a year later, Aaron sent me an email that made it clear how he felt. That email in its entirety was straightforward and its lack of encryption was intentional. On July 10, 2010, he wrote, “Just FYI, let me know if there’s anything, ever, I can do to help WikiLeaks.” Did that email cast Aaron as an enemy of the state? Did Aaron worry?

2010 was an extremely rough year. The US government against everyone. The investigation of everyone associated with WikiLeaks stepped up. So many people in Boston were targeted that it was effectively impossible to find a lawyer without a conflict. Everyone was scared. A cold wave passed over everything, and it was followed by hardened hearts from many.

In February of 2011, a few of us were at a party in Boston hosted by danah boyd. Aaron and I walked a third person home. A third person who still wishes to remain unknown. The sense of paranoia was overwhelming, but prudent. The overbearing feeling of coming oppression was crushing for all three of us. All of us said that our days were numbered in some sense. Grand juries, looming indictments, threats, political blacklisting. None of us felt free to speak to one another about anything. One of those people, as I said, still wishes to remain unnamed. We walked through the city without crossing certain areas, because Aaron was worried about being near the properties that MIT owned.

When Aaron took his life, I remember being told by someone in San Francisco, and I didn’t understand. I literally did not understand who they meant or who it could be. It seemed impossible for me to connect the words that were coming out of their mouth with my memories.

Shortly after Aaron was found, WikiLeaks disclosed three facts:

  • Aaron assisted WikiLeaks.
  • Aaron communicated with Julian and others during 2010 and 2011.
  • And Aaron may have even been a source.

I do not believe that these issues are unrelated to Aaron’s persecution, and it is clear that the heavy-handed U.S. prosecution pushed Aaron to take his own life. How sad that he was abandoned by so many in his time of need. Is it really the case that there was no link? Is it really the case that the U.S. prosecutors went after Aaron so harshly because of a couple of Python scripts and some PDFs? No, clearly not.

I wish that Aaron had lived, as we all do. This was the year that brought us the summer of Snowden, and yet it felt like ten years of grief in a single one. It was the last time I spent any time in the U.S., and even now it feels like a distant memory, mostly bad memories. Especially the memory of learning about Aaron.

Only a few months later, in 2013, there was a New Year’s Eve toast with many of us who were being investigated, harassed, and targeted for our work, our associations with WikiLeaks, and for our political beliefs. It was me that stupidly, stupidly said, “We made it.” But I know it was Roger, and I remember it well, when he said, “Not all of us.” And he wasn’t speaking only about Aaron, but him too. And it was heartbreaking to remember, and it was telling of how to cope. How some try to forget, and we do forget, and that it is important to remember. Especially right then and especially right there. Just as it is here, and just as it is right now.

When we learned more details about the U.S. prosecutors, we learned that they considered Aaron a dangerous radical for unspecified reasons. One of the primary reasons is probably the Guerilla Open Access Manifesto. This is a good document, and, as many others, I respect it and I admire it. The Guerilla Open Access Manifesto is not as radical as the U.S. prosecutors might consider it. But their fear is telling, so let us say it out loud: We should honor it and we should extend it.

Let’s not only liberate the documents of the world, let us act in solidarity to liberate all of humanity. Let us create infrastructure that resists mass surveillance. Let us enable people to leak documents. And let us also work to infiltrate those organizations that betrayed us. There is a division of labor, and we all bring different skills to the table. Let us all use them in service of a better world, in service of justice.

We must have total transparency about the investigation into Aaron. Why was the Department of Justice grinding their axe with Aaron? Was it really because of JSTOR and the past anger about PACER? That is absurd and unbelievable. It is disproportionate and it is unjust.

One concrete thing that needs to happen is for the FOIA case to be properly resolved. We must find a way to speed up the processing about FOIAs regarding Aaron. Rather than hundreds of documents at a time, we should have all 85,000 at once, and not mediated by MIT, who is partially responsible for the outcome we have today.

And we must not drop the pressure. If you are invited to MIT, I encourage you to decline and to explain that you do so because of MIT’s treatment of Aaron Swartz. But not just Aaron, but those like Star Simpson and Bunnie, who MIT would’ve left to be like Aaron, if the cards had played a little differently.

Here are some things you can do to support the legacy and spirit of Aaron. We can support the development of some of Aaron’s projects like SecureDrop. Kevin, Garrett, Micah, and others are carrying that torch. We can work with them. They’re still with us today. You can come and work with many people at the Tor Project on Tor Browser and Tor Messenger, and other software to be of use to disseminate and to push out information, important information to people that might have otherwise not happened without that software. And you can come and help us make free software for freedom, just as Aaron did.

And there are other projects that need assistance. OnionShare, Let’s Encrypt, GlobalLeaks, Pawn[?], Subgraph, Signal, the Transparency Toolkit, and many more.

But it isn’t just software. There are so many things that can be done. You can write to prisoners of conscience of Aaron’s generation, of my generation, of your generation. Do Jeremy Hammond, Barret Brown, and Chelsea Manning have to die before we work to correct the injustices that they face daily? We can and we should free them.

Here are some things to support each other during the hard times, those with us now and those sure to come in the future. We should support WikiLeaks, an organization under attack for publishing information in the public interest. We should support the EFF. They support people who are at the edge. We should support the ACLU. When others called Edward Snowden a traitor, the ACLU gave him legal support. We should support the Courage Foundation. They are the ones that helped Edward Snowden to seek and to receive asylum and do the same with others that are directly under threat today and those under threat tomorrow. And we should support the Library Freedom Project. They work to educate, to deploy, and to resist, by deploying alternatives in public spaces for everyone today. And together, we are already building, deploying, supporting, and using infrastructure which is not merely a matter of protest, but is an act of resistance in itself, by being a practical alternative.

And there is a legal lesson that we actually must learn in a very hard way, as many communities have learned it already, and it is one where the lawyers in the audience who represent me are already cringing from what I’ve said, but they’ll cringe harder next. We must resist grand juries. We must not bow down. We must band together. And together we can refuse to be isolated. We must resist it every step of the way, never giving them anything, ever, at all, when they wish to persecute us for our political beliefs. And if you feel there is no other choice, drag it out and make it public.

Consider that the core of Aaron’s legacy is not simply about information or about writing software. It is about justice, about fairness, through transparency, through accountability, through consideration. So then let us consider our empire and most of all we must consider our complicity. It is up to us to act and to change things, to fight for the user, but also to consider the world in which he lives. To think as technologists, but to think far beyond only the technology and into our common humanity.

How is this lesson applied to gender and racial inequality? Aaron wasn’t a bigot; he was thoughtful. He was not a homophobic person; he was accepting. He wasn’t a racist; he was unprejudiced. Aaron was kind and compassionate. He fought for free speech. He worked and he supported your anonymity directly with actions, and he worked to free our culture’s knowledge. We must be forward-thinking, not just about winning one or two battles. Not just about one or two legal cases. Rather in a broader sense, towards a movement of movements. The Internet is a terrain of struggle and it will help shape all of the other terrains of struggles to come, and Aaron, Aaron helped to shape that terrain for us, so that we could shape it for others.

Part of what Aaron carried was an understanding that it wasn’t just that something needed to be done. He carried with him the idea that very specific things needed to happen, and for very good reasons, to benefit all of those alive and all of those yet to live. He cared deeply about free software, and he cared deeply about the free culture movement. He worked to advance many other issues. Let us carry on that work, whatever the cost, wherever they may take us.

Aaron was headstrong and hilarious. He was young. Today, he would’ve been 29. Use your time wisely. May you have more time than him, and may you use it as wisely as he did.

Good night.

Snowden Explains “Opsec” – Operational Security for Everybody

Micah Lee and Edward Snowden, in Moscow, Russia. Photo: Sue GardnerMicah Lee and Edward Snowden, in Moscow, Russia. Photo: Sue Gardner

A few weeks ago, Micah Lee, Technologist for The Intercept and   Co-Founder and Board Member of the Freedom of the Press Foundation, went to Moscow to meet Edward Snowden (who is on the Freedom of the Press Foundation’s Board).

They had been in close contact online, since January of 2013, albeit anonymously, on Ed’s end, for the first six months.

Snowden took the opportunity to explain some technical details about what he has come to refer to as “Opsec,” or “Operational Security,” a collection of a few simple best practices for security that folks can use to protect the privacy of their day to day communications.

Engaging in Opsec helps protect one’s privacy, not only against the threat of what is, to some, the merely abstract notion of “government surveillance,” but also against much scarier threats that are not so abstract. For instance, abusive relationship victims, stalking victims, or children who are at risk of being monitored by pedophiles. There are many scary scenarios, all made possible by the current lack of basic encryption on most people’s emails and text messages. In these cases, being a victim of online surveillance often translates into physical harassment or abuse in the “real world.”

Using Opsec to “reclaim your privacy” may seem confusing at first, especially to those who have not realized that their privacy is already compromised daily. But as Micah explains, “This doesn’t need to be an extraordinary lifestyle change. It doesn’t have to be something that is disruptive. It should be invisible, it should be atmospheric, it should be something that happens painlessly, effortlessly.”

In the article, Snowden outlines some Opsec basics, including:

  • Using “Signal” (“Text Secure” on Android), by Open Whisper Systems, to encrypt your text messages and phone calls. It’s very easy to install and use, instantly, on your Android or iPhone device.
  • Encrypting your laptop hard drive, so if your computer is stolen, the thief won’t also have access to all of your private data. (Micah has already written a guide for this.)
  • Using a password manager (here’s Bruce Schneier’s favorite) that helps you generate unique passwords for all of your different services and stores them for you, so you don’t have to remember them.
  • Using two-factor authentication to provide an additional level of security on your accounts.
  • Using browser plugins like HTTPS Everywhere by the EFF, to try to enforce secure encrypted communications so your data is not being passed while “electronically naked,” in transit.
  • Using adblocking software, such as Privacy Badger, by the EFF.
  • Using Tor and TorBrowser to anonymize your browsing.

A few relevant quotes from the article:

On Tor:

Lee: What do you think about Tor? Do you think that everyone should be familiar with it, or do you think that it’s only a use-it-if-you-need-it thing?

Snowden: I think Tor is the most important privacy-enhancing technology project being used today. I use Tor personally all the time. We know it works from at least one anecdotal case that’s fairly familiar to most people at this point. That’s not to say that Tor is bulletproof. What Tor does is it provides a measure of security and allows you to disassociate your physical location…

But the basic idea, the concept of Tor that is so valuable, is that it’s run by volunteers. Anyone can create a new node on the network, whether it’s an entry node, a middle router, or an exit point, on the basis of their willingness to accept some risk. The voluntary nature of this network means that it is survivable, it’s resistant, it’s flexible.

Micah: [Tor Browser is a great way to selectively use Tor to look something up and not leave a trace that you did it. It can also help bypass censorship when you’re on a network where certain sites are blocked. If you want to get more involved, you can volunteer to run your own Tor node, as I do, and support the diversity of the Tor network.]…

On Whistleblowing:

Snowden: What we do need to protect are the facts of our activities, our beliefs, and our lives that could be used against us in manners that are contrary to our interests. So when we think about this for whistleblowers, for example, if you witnessed some kind of wrongdoing and you need to reveal this information, and you believe there are people that want to interfere with that, you need to think about how to compartmentalize that.

Tell no one who doesn’t need to know.

Micah: [Lindsay Mills, Snowden’s girlfriend of several years, didn’t know that he had been collecting documents to leak to journalists until she heard about it on the news, like everyone else.]

Snowden: When we talk about whistleblowers and what to do, you want to think about tools for protecting your identity, protecting the existence of the relationship from any type of conventional communication system. You want to use something like SecureDrop, over the Tor network, so there is no connection between the computer that you are using at the time — preferably with a non-persistent operating system like Tails, so you’ve left no forensic trace on the machine you’re using, which hopefully is a disposable machine that you can get rid of afterward, that can’t be found in a raid, that can’t be analyzed or anything like that — so that the only outcome of your operational activities are the stories reported by the journalists.

Micah: [SecureDrop is a whistleblower submission system. Here is a guide to using The Intercept’s SecureDrop server as safely as possible.]…

On Simple and Practical Threat Modeling:

Snowden: …You can drive yourself crazy thinking about bugs in the walls and cameras in the ceiling. Or you can think about what are the most realistic threats in your current situation? And on that basis take some activity to mitigate the most realistic threats.

In that case, for most people, that’s going to be very simple things. That’s going to be using a safe browser. That’s going to be disabling scripts and active content…And making sure that your regular day-to-day communications are being selectively shared through encrypted means…

On How Cell Phones Track Us By Default:

Micah: People use smartphones a lot. What do you think about using a smartphone for secure communications?

Snowden: Something that people forget about cellphones in general, of any type, is that you’re leaving a permanent record of all of your physical locations as you move around. … The problem with cellphones is they’re basically always talking about you, even when you’re not using them. That’s not to say that everyone should burn their cellphones … but you have to think about the context for your usage. Are you carrying a device that, by virtue of simply having it on your person, places you in a historic record in a place that you don’t want to be associated with, even if it’s something as simple as your place of worship?

 

 

Cindy Cohn at Aaron Swartz Day 2015

See Cindy Cohn at this year’s Evening Event: TICKETS HERE

(Discount code: “hackathoner” for 1/2 price :-)


Download mp4       Hi-res files of entire event
CC0

Note: I’m including a full transcription at the bottom of this post. (Thanks to OpenTranscripts.org for their transcriptions of these talks.)

Quotes from Cindy’s Talk:

The Internet is going to be the means by which we do all the rest of the change that we need to do so badly in this world. And that I think there’s enough people now that we really have a movement, and we need to start thinking of ourselves as a movement, and we have to figure out what our next steps are…

Sitting here and listening to all the presentations tonight, seeing the amazing activity out there, seeing the tentacles of what Aaron was a part of in the early days, and in some ways the heart of, in the early days, become a movement. You guys, you’re a movement and thank you so much for doing this. So let’s figure out what our next fights are together and our work is together…

I think if people who want to honor Aaron Swartz do one thing with regard to Congress and then go back to coding, the one thing you should do is say “That law goes no further. It doesn’t get any worse and it doesn’t take any lives.”…

There is some good news in the state of California. We just passed, and we got Governor Brown to sign, a law called CalECPA, which requires the cops, the California state cops, to get a warrant before they go after your information stored with service providers…

It’s time for the legislature and the FBI to get over it. Crypto is here to stay, and all of the tools that we’ve talked about here tonight depend on the ability for people to have strong unbreakable crypto, and we need to stand up for it again. Watch the EFF web site. We’re going to keep talking about this, and you’ll see some causes…

I think we need to send a strong message to the White House that President Obama needs to come out and take a strong stand on crypto, not just say “we’re not going to come after crypto right now, but we may do something later” but to say, “No. Hell no. Americans deserve to have locks on their doors that don’t have backdoor entries for law enforcement.”…

And while the folks in Washington DC like to just wave their hands and say, “You geeks sort it out. Find a way to have a backdoor that only good guys can go in and bad guys can’t,” those of us who know about technology, and more importantly those of us who know about math, know that this is impossible…

I’m so happy to see so many projects being celebrated here that were created or inspired or legally defended by EFF. We’re going to continue to be the support for this community. One of the things that John Perry Barlow taught me years ago is that your rights aren’t given to you, your rights have to be taken. And we’re here today to continue to take our rights.

*** Complete Transcription Below***

Thanks so much for inviting me. When I took over as Executive Director of the EFF in April [2015], many people asked me, “Well, what do you want to do? How do you want to be different than your predecessor, the amazing Shari Steele” who has her own little statue. She’s the only non-Archive person who has a statue in the Archive, and Brewster did that to honor her and the work that we’ve done together.

What I said was, you know I think that there are enough people who care about the Internet, who understand, as my friend Cory Doctorow said, that whatever other issue draws you, if the Internet isn’t free this is the place. The Internet is going to be the means by which we do all the rest of the change that we need to do so badly in this world. And that I think there’s enough people now that we really have a movement, and we need to start thinking of ourselves as a movement, and we have to figure out what our next steps are.

And I have to say, sitting here and listening to all the presentations tonight, seeing the amazing activity out there, seeing the tentacles of what Aaron was a part of in the early days, and in some ways the heart of, in the early days, become a movement. You guys, you’re a movement and thank you so much for doing this. So let’s figure out what our next fights are together and our work is together. But, this has just been very exciting to see, and to see the growth. And, ya know, we lost our dear friend as a result of some really horrible laws and some really horrible policies, but seeing the green shoots that’ve grown as a result of this just does my heart good.

Lisa wanted me to talk a little about CISA, the cybersecurity act. I think that at this point the best thing that this community can do about CISA is first of all continue to talk about how rotten it is, because it’s a really rotten idea. We have a terrible cybersecurity problem. This is the a cybersecurity act that was recently passed out of the Senate.

We have a terrible problem with security on the Internet, as Brewster pointed out, and Congress just passed a bill that doesn’t make anything better and makes several things significantly worse, in the fine tradition of our Congress.

I don’t know that there’s too much we can do in terms of public activism on the bill right now, realistically, because it’s in a conference committee time, which isn’t the time when there are very many members of Congress who are going to pay attention to it. There’s one thing, though, that we have to keep watching on and that you’ll hear EFF and others rally the troops on, and that is the effort to try to put some horrible changes to the Computer Fraud and Abuse Act into this bill. We expect it’s going to come up again, and when it does you’ll hear the rallying cry. And I think if people who want to honor Aaron Swartz do one thing with regard to Congress and then go back to coding, the one thing you should do is say “That law goes no further. It doesn’t get any worse and it doesn’t take any lives.”

We have a couple other policy opportunities that I thought I’d mention to you guys. We just got a really amazing ruling out of the European Court of Justice in the last couple weeks that really points out what a global problem the NSA’s overreach and the surveillance overreach is. It’s got some complicated stuff having to do with the safe harbors and how American companies get to process information related to people all around the world. But the important part for us is to keep a close eye on what happens next, because the old rules have been crossed out and the American companies and the European regulators and the American government are in an intense negotiation about what happens next.

So we’ve got an inflection point opportunity here and we ought to be talking about this European Court of Justice opinion and what it means, because what the European Court of Justice said is the NSA surveillance is not appropriate. For the legal geeks, this is surveillance under Section 702 of the FISA Act and Executive Order 12333. What that means is the American government’s view that it can spy on the rest of the world with impunity, that it can do mass spying of people around the world who are not suspected of any crimes, who aren’t targets, who aren’t foreign spies, is unacceptable under European law. It’s a really excellent decision. You guys should all thank Max Schrems, who brought that case.

And there’s a moment now, for the next few months, and I think to the extent that you guys are blogging, writing, tweeting, you should be paying attention to this because we’ve the American companies are really scared. They want to be able to continue to serve Europe, and we need to give them a backbone to say “enough with the surveillance. It’s hurting our business.” And if we could have that argument plus “it’s actually just plain wrong.” We might be able to get somewhere. So please, if you’re watching the policy debates, that’s something to watch.

There is some good news in the state of California. We just passed, and we got Governor Brown to sign, a law called CalECPA, which requires the cops, the California state cops, to get a warrant before they go after your information stored with service providers. This is completely consistent with the values— it’s California taking the lead in a place where frankly the U.S. Congress is unwilling to go, and we’re hoping to spread this across the country. So, for people who are not Californians this is a law to look at if you want to do something locally and try to match or even do one better than California did with that. So we’ve got some good news as well.

And of course one of the other things that we’re going to have to keep an eye on in the policy things is the cryptowars are back. Now, I had the honor of being deeply involved in getting crypto free from government regulation when we did it the first time in the 90s and frankly I’d like to do something else now. So it’s time for the legislature and the FBI to get over it. Crypto is here to stay, and all of the tools that we’ve talked about here tonight depend on the ability for people to have strong unbreakable crypto, and we need to stand up for it again. Watch the EFF web site. We’re going to keep talking about this, and you’ll see some causes.

We just got 100,000 people to sign our savecrypto.org petition, which is going to go to the President now, and the President has to respond to it. It’s not too late, though. If people want to still sign it, I think it’s still available to sign. I think we need to send a strong message to the White House that President Obama needs to come out and take a strong stand on crypto, not just say “we’re not going to come after crypto right now, but we may do something later” but to say, “No. Hell no. Americans deserve to have locks on their doors that don’t have backdoor entries for law enforcement.”

And while the folks in Washington DC like to just wave their hands and say, “You geeks sort it out. Find a way to have a backdoor that only good guys can go in and bad guys can’t,” those of us who know about technology, and more importantly those of us who know about math, know that this is impossible. So we need to make sure that that message starts here from the West Coast and makes it all the way to the East Coast. I hear they know about math out there, too, so it shouldn’t be that hard to explain it. But I think we’re going to have to continue to do some explaining.

So that’s just a quick update of what we’re doing at EFF. I’m so happy to see so many projects being celebrated here that were created or inspired or legally defended by EFF. We’re going to continue to be the support for this community. One of the things that John Perry Barlow taught me years ago is that your rights aren’t given to you, your rights have to be taken. And we’re here today to continue to take our rights.

Thanks.

The Securus Hack and SecureDrop Upload Explained: Interview with Alex Friedmann of Prison Legal News

The recent article by The Intercept, and Wired‘s coverage of The Intercept‘s announcement, told us that Securus, a prison phone company here in the U.S., had been hacked, and that the hacker then uploaded the data obtained to The Intercept via SecureDrop.

It really provided a perfect example of a whistleblower releasing information in order to help the common man. In this case, assisting inmates and their families by drawing attention to:

1) Their sensitive data not being stored properly.

2) Recordings of attorney-inmate “privileged” calls that should never have been recorded.

3) “Kickbacks” the government agencies awarding the phone contracts were getting that these families were funding with their overcharged calls.

This article provided me with a real world example for my movie, “From DeadDrop to SecureDrop,” which was pretty exciting, because I had originally given up hope on having a real world example, mainly because there are lots of different reasons why it often might not be in the whistleblower’s best interest to make any of the details surrounding any one particular leak public. (Mainly out of fear of releasing information that could potentially identify the whistleblower, especially if they were an insider.)

In this case though, although Securus is claiming that it was a leak from an insider, rather than a hack (see the bottom of The Intercept article), the folks at The Intercept make it pretty clear in their article that they believe it to be a hack, saying “an anonymous hacker who believes Securus is violating the constitutional rights of inmates” uploaded the data.

It appears that, of the 70 million records, at least 14,000 of these calls were made by detainees to their attorneys, and therefore should NOT have been recorded. However, although most legal experts agree that Securus has violated those inmates’ rights by recording those calls, it’s hard prove and calculate damages, should an inmate choose to challenge it. The burden is on the inmate to prove that such improperly recorded calls were also accessed by a prosecutor and then resulted directly in some kind of damage to the inmate (for instance, a longer sentence).

But as The Intercept article explains, prosecutors are not always forthcoming about accessing such calls. For example, in a lawsuit brought by the Austin Lawyers Guild, “four named attorneys, and a prisoner advocacy group … alleges that”:

“…despite official assurances to the contrary, privileged communications between lawyers and clients housed in the county jails have been taped, stored, “procured,” and listened to by prosecutors. The plaintiffs say that while some prosecutors have disclosed copies of recordings to defense attorneys as part of the regular evidential discovery process, other prosecutors have not, choosing instead to use their knowledge of what is in individual recordings to their “tactical advantage” in the courtroom “without admitting they obtained or listened to the recordings.”

Over the last few weeks we’ve all learned how Securus, GTL, CenturyLink, Telmate, NCIC and other companies overcharge prison inmates for calling their families. But to learn, via a Prison Legal News article from 2011, referenced in The Intercept article, that the overcharging was specifically to pay “kickbacks” to the prison executives that awarded the contracts, and that this had already been written about extensively for many years, kinda blew my mind.

So what’s Securus’ side of the story? A Securus Press Release from October 2014 seems like it was published in order for Securus to make it clear to its government agency clients that it tried to keep the commission system alive. Although it’s hard to believe the release made it out of the company’s PR department, with statements like:

“We have been a vocal advocate of maintaining commissions and have spent approximately $5 million in legal fees and other costs on behalf of our facility customers over the last decade to maintain commissions, but the FCC maintains that it is not good public policy to have the poorest in society help to fund government operations, even though the programs funded are worthwhile.”

The press release also has Securus’ CEO giving an explanation regarding where the money from the overcharges is going:

“Part of the heritage of our business is that we calculate, bill, and collect commissions and pay those to jails, prisons, and local, county, and state governments,” said Richard A. (“Rick”) Smith, Chief Executive Officer of Securus Technologies, Inc.  “Clearly these commission payments that have been used to fund critical inmate welfare programs and support facility operations and infrastructure have improved the lives of inmates, victims, witnesses and individuals working in the correctional environment, and helped to fund government operations.  And it appears, sadly, that regime may come to an end in the not too distant future,” said Smith.

This quote suggests that money from the overcharges benefits the prisoners, in the long run. But this raised even more questions in my mind. Why are prisoners’ families paying for their own “facility operations and infrastructure” costs? As addressed in the interview with Alex Friedmann, it turns out that the budgets these overcharges go into have little or no government oversight, be they at the Local (Municipal), State, or Federal level.

I contacted Alex Friedmann, Managing Editor of Prison Legal News, to get some answers. Prison Legal News has reported on criminal justice-related issues since 1990 and is a project of the Human Rights Defense Center.

Lisa: Let’s talk about the SecureDrop upload that was announced on November 12th. What were your first impressions, when you read about the upload?

Alex: It wasn’t terribly surprising. Nor was it surprising that they were apparently recording attorney-inmate calls. There are already some lawsuits in Texas and other places over these issues.  Although the volume of recorded calls was somewhat surprising.

Really, the most surprising thing was that somebody actually cared enough to release the records. That was rare, that someone decided this was an issue, and decided to do it, and did it.

Lisa: What do you feel is the takeaway on this?

Alex: The important thing about the SecureDrop dump was that it showed what data was being collected, and that it’s not being stored securely.

Storing such sensitive data insecurely is a privacy violation. Much in the same way that Target was responsible when all the private data of its customers was released, due to not being properly protected. For this reason, it doesn’t matter whether the leak came from inside or outside; the sensitive data was not being properly protected. Securus claiming it was an insider, and not a hack, doesn’t explain away this issue; their data was still insecure.

Lisa: Let’s talk about the attorney-client privilege issue. It looks like at least 14,000 of the phone calls recorded “shouldn’t have been.” So, walk me through this. A call is “improperly recorded,” lets say as a result of recording a call to a number on “the list” of attorney numbers (that should therefore not be recorded). Could you explain why you think that it would be hard for an inmate to show they were harmed by these calls being merely recorded?

Alex: Okay. So the onus is on the prisoner to prove that 1) the call was accessed by a prosecutor and 2) that the prosecutor acted on the information that was heard in those phone calls, and then used that information in some way harmful to the prisoner. To show damages, you’d have to show that the prosecutor listened to the call, and then took action based on that call, and that doing so resulted in a longer sentence, or something else adverse directly happening to the prisoner as a result.

Lisa: So, at that point, it would have interfered with the prisoner’s 6th Amendment “Right to Counsel?”

Alex: Yes. But they would have to show injury. Though there can be injury in the form of chilling their right of access to counsel, if they know that calls to their attorneys are being recorded.

Lisa: So, moving forward, post-upload. Now that the fact that these calls were being improperly recorded, there could be a chilling effect, but for calls that took place before the upload, the argument would be “how could their speech be chilled if they didn’t know they were being recorded?”

Alex: Correct. In effect, it’s like giving officials one free bite at the constitutional apple. They’re not supposed to record attorney-client phone calls, but if they do, it’s hard to hold them accountable.

Lisa: Let’s talk about the “kickbacks. These “kickbacks” have been reported on for years, without anyone doing anything about them?

Alex: Well, yes. Because it may be that no laws are actually being violated, due to general lack of accountability of these programs. There tends to be a lot of “wiggle room” in prison and jail budgets and very little oversight. The practice of prison phone service providers giving kickbacks to corrections agencies – up to 94% of gross revenue in some cases – is perfectly legal. And that’s the problem, that it’s legal.

Lisa: Is this happening primarily at the local (Municipal), State, or Federal level?

Alex: When we talk about prison and jail phone “commissions,” in general, we are talking about a multi-level, local (municipal), state, federal commission kickback model that exists at all three levels.

Lisa: Why is it so hard to follow the money?

Alex: Oh you can follow the money, it’s just that there is little actual oversight of the budgets themselves, and few regulations defining allowable expenditures in most cases.

Lisa: So no one’s checking that it’s spent properly, and no one defining what “properly” is?

Alex: Yes. Due to the way the money is mixed up in the funds. It’s all mixed up and hard to track. Once it gets to something like a county’s general fund or a state’s general fund, its impossible to track completely. Once the money finds its way to the general budget of an agency. For instance, the Sheriff’s office. They can often do whatever they want with it.

Lisa: Please explain how, once the money goes into something called the IWF (Inmate Welfare Fund), you can put in a “public records request,” and get a breakdown of what went in and out.

Alex: For a number of years we have submitted public records requests to corrections agencies nationwide, and obtained copies of prison phone contracts, rate data and commission data, which are posted on our data site, www.prisonphonejustice.org. In some cases we have also requested records related to how IWF funds are spent; for example, at one county jail we found that IWF funds were used to pay for prisoners’ meals, as well as a variety of other things, such as server upgrades, that either do not benefit prisoners or should be paid from the jail’s general fund, not the IWF.

Lisa: So, it’s the position of the Human Rights Defense Center that there should be no commissions, no matter what the money is used for?

Alex: Right. Let’s say that most of the money from the excessive phone charges does go back into prisoner programs. So what? The state is supposed to be paying for prisoner programs, not the families of prisoners. Hence, our stance is that there should be no commissions. It’s not a question of what they should be spent on.

Overcharging the families of prisoners in this way would be like charging taxes for schools only on households with children. These services should be funded by everyone, because they benefit everyone. Just like schools, roads, and other public services. Similarly, programs and services for prisoners need to be funded through the general tax base. Otherwise, it’s a tax solely on prisoners’ families, which is unfair.

Lisa: In the Intercept article, an example is given of a couple deciding between phone time and food. It struck me that no one should have to make those kinds of choices.

Alex: Right, prison phone rates shouldn’t be much higher than anyone else’s phone rates. And if it costs more to make such calls “secure,” that should hardly be an expense that the families are expected to cover, any more than prisoners’ families should have to pay for razor wire, security cameras or guards’ salaries at prisons and jails. Again, incarceration is a public service and those costs should be paid by all members of the public, not just prisoners’ families.

Take the county jail I mentioned, where one can actually access the actual expenditures for the IWF funds, which were used to pay for food and server upgrades, among other things. Why are prisoners’ families paying higher phone rates to cover such expenses?

Lisa: Arguably, how do “server upgrades” help the prisoners directly anyway?

Alex: They don’t, unless you really stretch the language for how IWF funds should be used. But even for expenditures that do directly benefit prisoners, so what? Why are the prisoners’ families paying for things that should be covered by the corrections agency? These are the most basic of necessities that should be paid for by the prison system itself, not by the families of those being incarcerated.

The simple fact remains that prisoners’ families are being exploited and have been for some time, and that the various agencies (Bureau of Prisons, state Departments of Corrections) allow it to happen. This amounts to an estimated $460 million in phone commission kickbacks each year, as it involves not just state or federal prisons, but also immigration facilities, county jails and other detention centers. Nor does this address the many other ways that prisoners and their families are price gouged.

Lisa: A report from the FCC explains (on page 12, paragraph 23) that, although these unfair price hikes only represent somewhere between 0.3% and 0.4% of the budgets the money collected from them go into, “What appears to be of limited relative importance to the combined budgets of correctional facilities has potentially life-altering impacts on prisoners and their families.”

Alex: It depends on the agency and its budget, but in general, prison and jail phone commissions are just a drop in the government’s bucket of taxpayer funds. Yet prisoners’ families face real hardships when they have to pay inflated phone rates to stay in touch – money spent on calls could otherwise be spent on rent, food, healthcare needs, and so on. But what mother doesn’t want to speak with her incarcerated son? Or what wife wouldn’t take a call from her imprisoned husband? Keep in mind that prison and jail phone contracts are monopoly contracts; families have no choice and can’t choose a less expensive option for accepting phone calls from their incarcerated loved ones.

One of the main problems with all of these scenarios in which prisoners and their families are exploited is they have no voice in our legal or political systems. It’s easy for those in charge to take advantage of these families who have no one looking out for them or protecting their interests. Both prisoners and their family members are easy targets for greedy prison telecommunications companies and their government partners. There are currently around 2.2 million people locked up in prisons and jails in the United States, which means 2.2 million families are affected by these exploitive prison and jail phone rates.

The FCC has recently taken action on this issue, after more than a decade of efforts by advocacy organizations, including Prison Legal News/Human Rights Defense Center, but more needs to be done. The two largest ICS providers, GTL and Securus, are owned by private equity firms, and as such are only interested in financial returns, not fair and equitable phone rates for families.

Lisa: Would you say this whole scenario of having private companies, whose bottom line is profit, rather than servicing the needs of their customers, is just another example of why privatizing the prison industry is a bad idea – especially with little or no government oversight, which seems to always be the case?

Alex: Removing for-profit incentives from our criminal justice system would certainly help shift the focus away from providing various correctional services – including operating prisons and jails – for the purpose of making money. We tend to monetize almost everything in the United States, but I submit our criminal justice shouldn’t be included. That being said, our public corrections agencies aren’t that great either; the entire system is in need of reform, from the top down.

Lisa: But you think prison and jail phone rates will be going down, for sure, next year?

Alex: The FCC order has already been issued. Once it’s published in the Federal Register, it will go into effect after 90 days. So that’s a done deal, though ICS providers will likely challenge it in court. Thus, there is no guarantee the rates will go down on a date certain, but eventually they will go down.

Lisa: So the big question is “what can prisoners and their families do to protect their privacy, now that they know calls are being recorded, and perhaps stored for months or years into the future? And insecurely?

Alex: They, through their elected lawmakers, need to demand accountability from the prison and jail officials who enter into contracts for phone services, to ensure their privacy interests are respected to the same extent as all other citizens.

There isn’t much families can do right now to make things better, particularly with respect to privacy. There is a combined class-action suit pending against GTL, but it doesn’t focus on privacy issues. They could complain to their state Public Utility Commission (or similar agency that regulates in-state phone services). In many states, the telecom industry has been deregulated, however. But really, how does anyone protect their privacy given that our own government spies on its citizens through the NSA?

References:

1. Not So Securus – Massive Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege
November 11, 2015. By Jordon Smith and Micah Lee for The Intercept. https://theintercept.com/2015/11/11/securus-hack-prison-phone-company-exposes-thousands-of-calls-lawyers-and-clients

2. SecureDrop Leak Tool Produces a Massive Trove of Prison Docs November 11, 2015. By Andy Greenberg for Wired. http://www.wired.com/2015/11/securedrop-leak-tool-produces-a-massive-trove-of-prison-docs/

3. Nationwide PLN Survey Examines Prison Phone Contracts, Kickbacks. April 15, 2011. by John Dannenberg for Prison Legal News. https://www.prisonlegalnews.org/news/2011/apr/15/nationwide-pln-survey-examines-prison-phone-contracts-kickbacks/

4. Prison Legal News, Complete Issue, December 2013. https://www.prisonlegalnews.org/media/issues/12pln13.pdf

5. Securus Press Release, October 2014.
http://www.prnewswire.com/news-releases/securus-provides-over-13-billion-in-prison-jail-and-government-funding-over-the-last-10-years-281105252.html

6. Securus Press Release, March 2015.
http://www.prnewswire.com/news-releases/securus-provides-over-13-billion-in-prison-jail-and-government-funding-over-the-last-10-years-300043861.html

7. GTL on reducing rates (From October 2015):
http://www.gtl.net/global-tel-link-gtl-grave-concern-with-proposed-fcc-decision-on-inmate-calling-services/

8. Jail’s Inmate Welfare Fund Gets Rich .
http://www.independent.com/news/2014/sep/29/jails-inmate-welfare-fund-gets-rich/

9. From HRDC executive director Paul Wright, October 23, 2015, FCC Caps the Cost of Prison Phone Calls .
https://www.prisonlegalnews.org/news/2015/oct/23/hrdc-executive-director-paul-wright-october-23-2015-fcc-caps-cost-prison-phone-calls/

12. FCC Second Further Notice of Proposed Rulemaking, October 22, 2014. https://apps.fcc.gov/edocs_public/attachmatch/FCC-14-158A1.pdf

11. Authorities Listen in on Attorney-Client Calls at Jails in FL, CA and TX, by David Reutter for Prison Legal News. Aug. 15, 2008 https://www.prisonlegalnews.org/news/2008/aug/15/authorities-listen-in-on-attorney-client-calls-at-jails-in-fl-ca-and-tx/

12. Suit Filed Over Minnesota Jail’s Secret Recording of Privileged Phone Calls, by Matthew Clarke for Prison Legal News. April 15, 2009 https://www.prisonlegalnews.org/news/2009/apr/15/suit-filed-over-minnesota-jails-secret-8232recording-of-privileged-phone-calls/

13. Recording of Nashville, Tennessee Jail Prisoners’ Attorney Calls Criticized, published in Prison Legal News, Dec. 15, 2011. https://www.prisonlegalnews.org/news/2011/dec/15/recording-of-nashville-tennessee-jail-prisoners-attorney-calls-criticized/

 

Micah Lee at Aaron Swartz Day 2015

Download mp4      Hi-res files of entire event
CC0

Note: I’m including a full transcription at the bottom of this post, for safekeeping. Thanks to OpenTranscripts.org for their transcriptions of these talks.

Micha Lee gave a charming first person account of how Ed Snowden first contacted him anonymously, looking for Laura Poitras’ PGP key, and then asked him to please get Glenn Greenwald get set up on PGP.

Next, he explains how SecureDrop enables sources to connect with journalists without having to learn PGP, and how Aaron’s core design is still in use today.

Micah has also written about this entertaining story in much more  splendid detail at The Intercept.

Quotes from Micah’s Talk:

“…two years before Edward Snowden decided to start becoming a whistleblower, Aaron had already done a lot of development work on DeadDrop and was well on his way to making it so that rather than having someone like Ed have to try and send a bunch of plaintext emails to journalists he wants to talk to to convince them to learn how to use PGP and stuff, he made it so that whistleblowers could talk to journalists in less than six months. I think that was pretty amazing…

The one thing is that SecureDrop has come a very long way and it’s really easy to use for sources now. So now if you’re a whistleblower and you want to leak documents, it’s really easy. All you need to do is go and download Tor Browser, go to a web site, click “I’m a new source,” and upload a document. Then you’re done…

…he (Aaron) made it so that whistleblowers could talk to journalists in less than six months. I think that was pretty amazing. And like what Garrett was saying earlier, the core design of DeadDrop is still exactly the same in SecureDrop, and that’s pretty amazing I think that he had such good foresight to figure out what all these technical problems were and try and solve them.– Micah Lee, Co-Founder, Freedom of the Press Foundation, Technologist at The Intercept.

 

***Complete Transcript Below****

Hello. I don’t have a whole lot to say.

When I was thinking about what I would talk about last night, I was reading more about Aaron. Unfortunately, I never got to meet him before he died, but I realized that he passed away on January 11, 2013, and that was actually the same day that I first heard from Edward Snowden.

At the time I didn’t know that it was Edward Snowden. He was anonymous. He sent me an email and it was encrypted. And he was trying to get Laura Poitras’ PGP key and he was saying that—you know, he couldn’t tell me what it was for but I should help Glenn Greenwald learn how to use PGP and it was important.

So I helped out as I could, and it took several months. I kept talking to Glenn and Glenn was into it, but he was also really impatient with learning anything new on the computer and he didn’t really know why it was so important. I didn’t really know why it was so important. There were a couple of false attempts at teaching Glenn PGP, and finally I had a Skype call with him where I helped him set up Pidgin and off-the-record encryption. That was like, five and a half, six months later after I first got that encrypted anonymous email from Snowden. And that was the first time that Snowden was able to have a secure conversation with Glenn Greenwald.

And I was thinking about it. Aaron had already kind of done a lot of work to solve this problem. The year, two years before Edward Snowden decided to start becoming a whistleblower, Aaron had already done a lot of development work on DeadDrop and was well on his way to making it so that rather than having someone like Ed have to try and send a bunch of plaintext emails to journalists he wants to talk to to convince them to learn how to use PGP and stuff, he made it so that whistleblowers could talk to journalists in less than six months. I think that was pretty amazing. And like what Garrett was saying earlier, the core design of DeadDrop is still exactly the same in SecureDrop, and that’s pretty amazing I think that he had such good foresight to figure out what all these technical problems were and try and solve them.

I guess the one thing is that SecureDrop has come a very long way and it’s really easy to use for sources now. So now if you’re a whistleblower and you want to leak documents, it’s really easy. All you need to do is go and download Tor Browser, go to a web site, click “I’m a new source,” and upload a document. Then you’re done, and you don’t have to go through all of this having to be a technical expert and having to train the journalists and all this stuff. But the hard part is that it’s still not nearly as easy for journalists to use. So, in fact, Glenn Greenwald doesn’t use SecureDrop himself. Instead, other people who have more time and patience with technical stuff use it and talk to him about it if there’s stuff for him.

So there’s still a lot more work to be done in this area, and I just really wish that Aaron were still around to help with this, because I think that he would contribute greatly on his project.

And that’s all that I have to say.