Barton Gellman's comsec with Snowden not included; Poitras' film Citizenfour
provides snapshots. Other early and continuing communications security assistance
to Poitras, Gellman and Greenwald has been hinted as coming from several
other sources but not publicized. Communications security with Snowden prior
to and parallel with journalists has been less publicized: Unidentified NGOs,
intermediaries and media outlets; crypto key-signing parties; WikiLeaks help
to leave Hong Kong; confidential legal advice in Hong Kong, Russia and the
US; travel arrangements for multiple Moscow visitors and interviewers;
arrangements for streaming videos; financial and diplomatic transactions.
Micah Lee
"Ed Snowden Taught Me To Smuggle Secrets Past Incredible Danger. Now I Teach
You." |
Glenn Greenwald
No Place to Hide |
Luke Harding
The Snowden Files: The Inside Story of the World's Most Wanted Man |
|
|
|
| A month earlier [December 2012], Snowden had anonymously emailed Glenn
Greenwald, a Guardian journalist and chronicler of war-on-terror excesses,
but Greenwald didn’t use encryption and didn’t have the time to
get up to speed, so Snowden moved on. Snowden decided to contact Poitras
because she used encryption. But he didn’t have her encryption key.
So he needed to find someone he thought he could trust who both had her key
and used encrypted email.
That was me. |
On December 1, 2012, I received my first communication from Edward Snowden,
although I had no idea at the time that it was from him. The contact
came in the form of an email from someone calling himself Cincinnatus. |
By December 2012, he had made up his mind to contact journalists.
In December 2012, one of Greenwald’s readers pinged him an email. The
email didn’t stand out; he gets dozens of similar ones every day. The
sender didn’t identify himself. He (or it could have been a she) wrote:
‘I have some stuff you might be interested in.’ |
|
Still I did nothing. |
Greenwald stretched by other demands didn’t quite get round to following
its strictures. He forgot about it. |
| Late on the evening of January 11, 2013, someone sent me an interesting
email. It was encrypted.
The anonymous emailer wanted to know if I could help him communicate securely
with Laura Poitras.
From: anon108@?????????
To: Micah Lee
Date: Fri, 11 Jan 2013
Micah,
I’m a friend. I need to get
information securely to Laura
Poitras and her alone, but I
can’t find an email/gpg key
for her.
Can you help?
I didn’t know it at the time, but I had just been contacted by Edward
Snowden. |
|
At the end of January 2013, Snowden tried a different way to get to him.
He sent an email to Laura Poitras. He was hoping to open an anonymous channel
to the documentary film-maker, who was Greenwald’s friend and a close
collaborator. |
Search results for 'anon108'
Type bits/keyID Date User ID
pub 3072R/7A675AEC 2013-01-04 JournoTest (This is only a test. do not use.) <anon108@tormail.org>
Fingerprint=84A7 22B9 1B23 D72F F469 1CC8 9015 55B2 7A67 5AEC
pub 3072R/85E85DDA 2013-01-04 I am a Test (Test only, disregard) <anon108@tormail.org>
Fingerprint=3190 EADD F89B B044 4D70 5625 B1BD 8343 85E8 5DDA
pub 4096R/175B4B1B 2012-12-31 anon108 <anon108@tormail.org>
Fingerprint=8AB5 0A82 2557 A9E6 74B1 57CE 2FAB BB90 175B 4B1B
pub 4096R/C791B403 2012-12-22 anon108 <anon108@tormail.org>
Fingerprint=A258 08C1 154F B2D3 E22C 549F 42E6 67A3 C791 B403
|
| When I got that first email, I was working as a staff technologist for
the Electronic Frontier Foundation and as the chief technology officer of
the Freedom of the Press Foundation. My encryption key was posted at both
sites, so Snowden was able to find it easily, and the key was digitally signed
by people who were well-known in the privacy world (pioneering blogger Cory
Doctorow and free software champion Richard Stallman, for instance); this
meant those people had digitally vouched, in a way that was incredibly difficult
to forge, that the key really belonged to me and not to, say, some NSA trickster.
In other words, Snowden didn’t need to worry about the key being a fake.
Poitras was a founding board member of the FPF, so he assumed I would have
her key, and he was right. |
|
If anything, Poitras was even more paranoid than Snowden during this
early period. |
The inquiry from Snowden, emailing under a pseudonym, struck me as serious.
I quickly forwarded it in an encrypted email to Poitras.
From: Micah Lee
To: Laura Poitras
Date: Sat, 12 Jan 2013
Hey Laura,
This person just send me this GPG encrypted email. Do you want to respond?
If you want to, and you need any help with using crypto, I’m happy to
help.
|
|
The emails continued to flow. There was one a week. They usually arrived
at weekends, when Snowden was able to slip off. |
A few hours later, she sent me a reply.
From: Laura Poitras
To: Micah Lee
Date: Sat, 12 Jan 2013
Hey Micah,
Thanks for asking. Sure, you can tell this person I can be reached with GPG
at: laurapoitras@gmail.com
I’ll reply with my public key.
I’m also on jabber/OTR at:
l.p.@jabber.org
I hope all is good with you!
Laura
|
|
At this point the film-maker sought out trusted contacts who might help
her authenticate these claims. In New York she consulted the American Civil
Liberties Union, the ACLU. Over dinner in the West Village she talked with
the Washington Post’s Barton Gellman. Gellman, a national security expert,
thought the source sounded real. But he was a tad noncommittal. Meanwhile,
the source made it clear he wanted Greenwald on board. |
Search results for 'laurapoitras gmail com'
Type bits/keyID Date User ID
pub 2048R/6396CB9C 2011-01-12 Laura Poitras <lp1228@nyu.edu>
Laura Poitras (Tech Support) <laurapoitras@gmail.com>
Fingerprint=5838 48BC 9CA0 58D6 981A F668 307F 2941 6396 CB9C
|
| I now had Poitras’ permission to send Snowden her encryption key,
but in his first email to me, Snowden had forgotten to attach his key, which
meant I could not encrypt my response. I had to send him an unencrypted email
asking for his key first. His oversight was of no security consequence—it
didn’t compromise his identity in any way—but it goes to show how
an encryption system that requires users to take specific and frequent actions
almost guarantees mistakes will be made, even by the best users.
After receiving Snowden’s key, I sent him an encrypted email with
Poitras’ key. This enabled him to send his first encrypted email to
Poitras, in which he called himself Citizenfour. But I wasn’t out of
the identity-confirmation picture yet.
Snowden and Poitras quickly set up a more secure channel for communication.
Poitras created an anonymous email account, doing so with the Tor Browser
that masks your identity on the web, and she created a new GPG key, just
for communicating with Citizenfour. This was advisable because, if she were
under surveillance by the NSA or any other intelligence agency, they might
have compromised her known accounts, and she would prefer for there to be
no trace of her true name in the correspondence with this secrecy-seeking
stranger. |
|
Back in Germany, Poitras moved ultra-cautiously. ... |
| To be extra sure that these things weren’t happening, Snowden wanted
to verify through a separate channel that he had Laura’s legitimate
key. He asked Poitras to get me to tweet the fingerprint of her new GPG key.
These fingerprints are just 40 characters long. To verify the new key that
Poitras had sent him, Snowden needed to receive her new fingerprint from
me and then compare it to the one he was using.
On January 28, Laura sent me the following encrypted email—
From: 303@riseup.net
To: Micah Lee
Date: Mon, 28 Jan 2013
Hey Micah,
This is Laura Poitras.
Someone is trying to verify my fingerprint to this email. The person has
proposed you tweet the fingerprint. Would you be able to tweet this to your
acct:
1EBF 5F15 850C 540B 3142 F158 4BDD 496D 4C6C 5F25
Let me know if possible.
Thanks,
Laura
|
|
|
Search results for 'riseup net 303'
Type bits/keyID Date User ID
pub 4096R/4C6C5F25 2013-01-26 three03 <303@riseup.net>
Fingerprint=1EBF 5F15 850C 540B 3142 F158 4BDD 496D 4C6C 5F25
|
Then, on May 9, I got an encrypted email from Poitras that was exciting
and alarming.
From: Laura Poitras
To: Micah Lee
Date: Thu, 9 May 2013
I’m working on something with Glenn and I really need to get him on
a secure (preferably Tails) system. He does not have the technical skills
to set this up himself, and I’m trying to keep things compartmentalized,
so I don’t want to email him about this topic directly on a non-secure
channel.
|
The next I heard of this was ten weeks later. On April 18, I flew from
my home in Rio de Janeiro to New York. On landing, I saw that I had a message
from Laura Poitras. |
It would have to be a personal meeting. In late March she returned to
the States. From here she sent Greenwald a message, suggesting that they
meet face to face, without any electronics. |
|
We arranged a meeting for the next day, in the lobby at my hotel in Yonkers. |
Greenwald was already due to fly to New York. The pair met in the lobby
of Greenwald’s hotel, the Marriott in Yonkers. |
|
Laura then got down to business. She had an "extremely important and
sensitive matter" to discuss, she said, and security was critical. |
Poitras showed Greenwald two emails. ‘There were no details in the
emails. The source didn’t identify himself. He didn’t say where
he worked,’ Greenwald says. |
|
She had received a series of anonymous emails from someone who seemed
both honest and serious. Laura then pulled several pages out of her
purse from two of the emails sent by the anoymous leaker, and I read them
at the table from start to finish. They were riveting. "He's real," I said
when I finished readling, "he's exactly who he says he is." Laura replied,
"I have very little doubt." |
Instead of facts, the emails offered up a radical personal manifesto
– an intellectual blueprint for why Snowden was prepared to leak classified
material, and what the life-changing consequences of this action would inevitably
be. |
| Tails, the secure system Poitras asked me to get for Greenwald, is serious
business. It’s a hardened operating system designed for people who need
to be anonymous, and not a lot of people use it. The acronym stands for The
Amnesic Incognito Live System. Before Poitras asked me to teach it to Greenwald,
I had never used it. Crucially, everything you do in Tails is anonymous.
All internet activity is routed through Tor, so by default your privacy is
protected. And you run Tails directly off of a DVD or a USB stick —
it is not installed on your hard drive. Since Tails operates completely
independently from your hard drive and usual operating system, it offers
a hefty dose of protection from malware and from anyone who might inspect
your computer to look at what you’ve been doing. |
|
The source behaved in an unexpected way. Poitras had assumed that he
would seek to remain anonymous. After all, coming forward would bring the
law down on his head. But Snowden told her: ‘I’m not cleaning the
metadata. I hope you will paint a target on my back and tell the world I
did this on my own.’ |
|
|
In another email Snowden said that the ‘hard part’ of pulling
the documents was over, but that a different dangerous phase was beginning. |
|
|
Once a relationship of trust had been established, Poitras told the source
she would like to interview him. She told Snowden he needed to articulate
‘why’ he was taking these risks. This was important. It hadn’t
occurred to Snowden to give an interview . But the idea was a good one: his
goal was to get the documents out to the world. |
|
Her correspondent wrote that he was completing the final steps necessary
to provide with the documents. He needed another four to six weeks.
Three days later, Laura and I met again, this time in Manhattan, and with
another email from the anonymous leaker, which explained why he was willing
to risk his liberty, subject himself to the high likelihood of a very lengthy
prison term, in order to disclose these documents. |
By late spring 2013, the idea of a conclusive meeting was in the air.
‘I need six to eight weeks to get ready to do this,’ Snowden wrote. |
|
After returning to Rio, I heard nothing for three weeks. |
Poitras returned to Berlin. Greenwald returned to Rio. |
| I tried to teach GPG to Greenwald but I had the same problem Snowden
had encountered when he reached out in December, that Greenwald was busy
and couldn’t focus on it. Several months later, however, I succeeded
in getting Greenwald up to speed on using an encrypted chat system called
Off-the-Record (OTR), which is much simpler than GPG. For the first time
he was able to have encrypted communications on the internet. |
Then, on May 11, I received an email from a tech expert with whom Laura
and I had worked in the past. His words were cryptic but his meaning was
clear: "Hey, Glenn, I'm following up with learning to use PGP. Do you have
an address I can mail you something to help you get started next week?" |
In mid -April, Greenwald received an email from Poitras. It told him
to expect a FedEx delivery. Neither of the two parties had communicated much
in the interim; Greenwald still hadn’t got encryption. |
| On May 13, after creating a customized version of Tails for Greenwald,
I hopped on my bike and pedaled to the FedEx office on Shattuck Avenue in
Berkeley, where I slipped the Tails thumb drive into a shipping package,
filled out a customs form that asked about the contents (“Flash Drive
Gift,” I wrote), and sent it to Greenwald in Brazil. He received the
package two weeks later, it having been delayed in transit, for what I believed
to be bureaucratic rather than nefarious reasons, and the blue thumb drive
actually made a cameo appearance in “Citizenfour.” For a technologist,
this was a dream come true. |
The tech person then sent a package via Federal Express, scheduled to
arrive in two days. Two days went by. Then five. Then a full week. Fdex said
it was being held in cutomes, for reasons unknown. Finally, roughly ten days
after the package had been sent to me, Fedex delivered it. I tore open the
envelope nd found two USB thumb drives, along with a typewritten note containing
detailed instructions for using various computer programs designed to provide
maximum security, as well as numerous passphrases to encrypted email accounts
and other programs I had never heard of.
The day after the package arrived, during the week of May 20, Laura told
me we needed to speak urgently, but only throughOTR (off-the-record) chat.
I asked about access to secret documents. They would only come to me from
the source, she told me, not from her, that we might have to travel to Hong
Kong immediately, to meet our source. |
The package arrived; inside it were two thumb drives. Greenwald at first
imagined that the USB sticks contained top-secret documents ‘wrapped
in layers of encryption and Linux programs’. In fact, they contained
a security kit, allowing Greenwald to install a basic encrypted chat program. |
| Near the end of May, I received an anonymous and encrypted email from
an account called “verax,” which is Latin for “truth
teller.” The writer told me that he was the same person I had been in
touch with several months earlier. He had a new request.
Would I help him build a website that would launch a global petition against
surveillance? |
|
|
Search results for 'verax'
Type bits/keyID Date User ID
pub 4096R/0E8CD2B6 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=F606 1774 A693 72A1 8AD0 1CD7 0C4D AF57 0E8C D2B6
pub 4096R/71A3AA96 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=2B5D D0BF F454 8592 1FAF 22FB 4569 3580 71A3 AA96
pub 4096R/79B82638 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=4ECC 0702 A2E9 5FA6 2074 C7BE 574F C888 79B8 2638
pub 4096R/E87C2665 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=7F99 43F6 5CC9 BAD1 92A9 8DF8 96E6 0F93 E87C 2665
pub 4096R/C920FAA6 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=AC5E 06C5 17D0 A8C1 75D3 17F5 53B9 0192 C920 FAA6
pub 4096R/CEBFFE8D 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=22DA 0669 5202 A346 BA36 F35D 3CEB 5687 CEBF FE8D
pub 4096R/2BE0BC29 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=5091 7466 B18F 35B3 F644 F700 1D0D 97F2 2BE0 BC29
pub 4096R/9DCA85F7 2013-05-19 Verax (Informed Democracy Front)
Fingerprint=BDE4 AA86 8507 1371 7793 11A8 105D A7AB 9DCA 85F7
pub 4096R/BE452B27 2013-05-13 Verax (Informed Democracy Front)
Fingerprint=134D 970C 5872 5AA6 8F2A BD75 D18D FE89 BE45 2B27
|
As Poitras had done with him in January, I created a new anonymous email
account and GPG key just for communicating with him. He was glad that I did.
From: verax@?????????
To: ?????????
Date: Sat, 1 Jun 2013
Got it. Good idea, btw. There are some issues with keys being used for
fingerprinting as they move over the network.
|
|
Snowden contacted Poitras again: ‘You should come. I will meet with
you. But it’s risky.’ |
Search results for 'micah lee'
Type bits/keyID Date User ID
pub 4096R/EBA34B1C 2014-05-08 Micah Lee <micah@micahflee.com>
Micah Lee <micah@firstlook.org>
Micah Lee <micah@freedom.press>
Micah Lee <micah.lee@firstlook.org>
Micah Lee <micah.lee@theintercept.com>
Micah Lee <micah@pressfreedomfoundation.org>
Fingerprint=0B14 9192 9806 5962 5470 0155 FD72 0AD9 EBA3 4B1C
pub 4096R/F6FA0683 2013-12-05 *** KEY REVOKED *** [not verified]
Micah Lee <micah@newconews.org>
Fingerprint=3445 0321 CD3E 062F E3F0 1714 DAD7 E56C F6FA 0683
pub 1024R/7D158F33 2013-11-01 Launchpad PPA for Micah Lee
Fingerprint=7EF3 3F02 7E9E 4869 F46F 77E3 4E72 F77D 7D15 8F33
pub 4096R/99999697 2011-06-24 *** KEY REVOKED *** [not verified]
Micah Lee <micah.lee@theintercept.com>
Micah Lee <micah@micahflee.com>
Micah Lee <micahflee@riseup.net>
Micah Lee <micah@eff.org>
Micah Lee <micah@firstlook.org>
Micah Lee <micah@newconews.org>
Micah Lee <micahflee@gmail.com>
Micah Lee <micah.lee@firstlook.org>
Micah Lee <micah@pressfreedomfoundation.org>
Fingerprint=5C17 6163 61BD 9F92 422A C08B B4D2 5A1E 9999 9697
pub 1024D/4111ACE1 2009-11-06 Micah Lee <micahflee@gmail.com>
Fingerprint=3261 47FA EFB3 6BFB 83F9 CCA7 7EE3 FD27 4111 ACE1
|
|
|
It was the next stage of their plan. Snowden intended to leak one actual
document. |
|
|
Snowden didn’t want Poitras directly involved; instead he asked
her to recommend other journalists who might publish it without attribution
to him. He wanted to spread his net wider. |
|
|
Greenwald contacted Snowden via chat. Over the next two hours Snowden
explained to Greenwald how he could boot up the Tails system. |
|
|
At JFK airport, the ill-matched trio boarded a Cathay Pacific flight. |
|
|
Once the seat belt signs were off, Poitras joined Greenwald. She brought
present both were eager to open: a USB stick. Snowden had securely
delivered to her a second cache of secret NSA documents. It contained 3-4,000
items. |
| Snowden and I exchanged encrypted emails to discuss the site mockup and
the site’s functionality, and he let me know a bit of what was going
on. “Just wanted to provide an update on the work out here,” he
emailed me on June 3. “Had an extremely productive meeting with two
journalists today you may know, and will encounter a third tomorrow [Ewen
MacAskill, a Guardian reporter who joined Greenwald and Poitras at the last
moment]. After discussion, may hold off on the declaration for a few more
days to give them time to work first.”
He told me his name, so that I could attach his signature to the end of the
manifesto. This was about a week before the rest of the world would learn
who he was. Using Tor, I searched the internet for Edward Snowden, but I
couldn’t find anything. I checked LinkedIn, I checked Facebook, I think
I even checked Twitter, and I found nothing. Who was this guy? |
|
For the rest of the journey Greenwald read the latest cache. He was
mesmerized. From time to time, Poitras would come up from her seat in the
rear and grin at Greenwald. 'We would just cackle and giggle like we were
schoolchildren. We were screaming, and hugging and dancing with each other
up and down,' he says. The scoop was becoming a scoop to end all scoops. |
Search results for 'snowden edward'
pub 4096R/21B7141F 2013-03-24 Ed Snowden <edsnowden@hushmail.com>
Ed Snowden <edsnowden@lavabit.com>
Edward Snowden <edsnowden@hushmail.com>
Edward Snowden <edward_snowden@bah.com>
Edward Snowden <esnowden@boozallen.com>
Fingerprint=98E6 3244 07FA 26AD B358 7C95 4DB8 A088 21B7 141F
|
| I was quite excited, especially after Greenwald’s first story was
published on June 5, revealing a secret NSA program to collect massive amounts
of domestic phone data. I finally knew what Snowden was leaking.
“Big news today, huh?” I emailed him. “How are you doing?”
He responded quickly.
From: verax@?????????
To: ?????????
Date: Thu, 6 Jun 2013
Oh, that old thing? That could have come from anywhere..
Timing is everything on this, and we aren’t close to finished. It’s
encouraging to see prominent civil rights organizations already calling for
change, and I’m hopeful that maybe this time, things will be different.
Come Monday, people will have something to be angry about. I think that will
be the day. Please feel free to criticize the draft as much as you’d
like: it needs to be something people are willing to give words to their
own feelings.
The next few days brought a blitz of headline-grabbing stories about NSA
surveillance from Greenwald, Poitras, and MacAskill as well as the The Washington
Post’s Barton Gellman, who received documents from Snowden even though
he hadn’t made the risky trip to Hong Kong. On June 9, there was another
thunderbolt: Greenwald, MacAskill, and Poitras broke the news that Edward
Snowden was their source, releasing a 12-minute interview with him in which
he explained his motivations. |
|
|
On June 13, after he had parted ways with Greenwald and Poitras and gone
underground in Hong Kong, he finally emailed me.
From: verax@?????????
To: ?????????
Date: Thu, 13 Jun 2013
I’m still here. As you may have heard, I’m on the run. Tons of
surveillance, media, and less savory teams crawling all over this place…
I have a new draft for the site, but I keep revising it. Hold off on any
action for now. I’m thinking something major may happen on Saturday
and give us a venue to bring this to the fore.
Thank you again for all of your help and support. I’m sorry this has
become so dangerous for everyone involved, but I suppose this is precisely
what needed to be illustrated about our government. Let’s hope people
reign it back in.
We never launched the website. |
|
|
|
|
|
