Donate for the Cryptome archive of files from June 1996 to the present

29 October 2014

Snowden's First Comsec - Three Tales

Barton Gellman's comsec with Snowden not included; Poitras' film Citizenfour provides snapshots. Other early and continuing communications security assistance to Poitras, Gellman and Greenwald has been hinted as coming from several other sources but not publicized. Communications security with Snowden prior to and parallel with journalists has been less publicized: Unidentified NGOs, intermediaries and media outlets; crypto key-signing parties; WikiLeaks help to leave Hong Kong; confidential legal advice in Hong Kong, Russia and the US; travel arrangements for multiple Moscow visitors and interviewers; arrangements for streaming videos; financial and diplomatic transactions.

Public keys inserted by Cryptome.

Micah Lee
"Ed Snowden Taught Me To Smuggle Secrets Past Incredible Danger. Now I Teach You."
Glenn Greenwald
No Place to Hide
Luke Harding
The Snowden Files: The Inside Story of the World's Most Wanted Man
A month earlier [December 2012], Snowden had anonymously emailed Glenn Greenwald, a Guardian journalist and chronicler of war-on-terror excesses, but Greenwald didn’t use encryption and didn’t have the time to get up to speed, so Snowden moved on. Snowden decided to contact Poitras because she used encryption. But he didn’t have her encryption key. So he needed to find someone he thought he could trust who both had her key and used encrypted email.

That was me.

On December 1, 2012, I received my first communication from Edward Snowden, although I had no idea at the time that it was from him. The contact came in the form of an email from someone calling himself Cincinnatus. By December 2012, he had made up his mind to contact journalists.

In December 2012, one of Greenwald’s readers pinged him an email. The email didn’t stand out; he gets dozens of similar ones every day. The sender didn’t identify himself. He (or it could have been a she) wrote: ‘I have some stuff you might be interested in.’

Still I did nothing. Greenwald stretched by other demands didn’t quite get round to following its strictures. He forgot about it.
Late on the evening of January 11, 2013, someone sent me an interesting email. It was encrypted.

The anonymous emailer wanted to know if I could help him communicate securely with Laura Poitras.

From: anon108@?????????
To: Micah Lee
Date: Fri, 11 Jan 2013


I’m a friend. I need to get
information securely to Laura
Poitras and her alone, but I
can’t find an email/gpg key
for her.

Can you help?

I didn’t know it at the time, but I had just been contacted by Edward Snowden.

At the end of January 2013, Snowden tried a different way to get to him. He sent an email to Laura Poitras. He was hoping to open an anonymous channel to the documentary film-maker, who was Greenwald’s friend and a close collaborator.
Search results for 'anon108'
Type bits/keyID     Date       User ID

pub  3072R/7A675AEC 2013-01-04 JournoTest (This is only a test.  do not use.) <>
	 Fingerprint=84A7 22B9 1B23 D72F F469  1CC8 9015 55B2 7A67 5AEC 

pub  3072R/85E85DDA 2013-01-04 I am a Test (Test only, disregard) <>
	 Fingerprint=3190 EADD F89B B044 4D70  5625 B1BD 8343 85E8 5DDA 

pub  4096R/175B4B1B 2012-12-31 anon108 <>
	 Fingerprint=8AB5 0A82 2557 A9E6 74B1  57CE 2FAB BB90 175B 4B1B 

pub  4096R/C791B403 2012-12-22 anon108 <>
	 Fingerprint=A258 08C1 154F B2D3 E22C  549F 42E6 67A3 C791 B403 

When I got that first email, I was working as a staff technologist for the Electronic Frontier Foundation and as the chief technology officer of the Freedom of the Press Foundation. My encryption key was posted at both sites, so Snowden was able to find it easily, and the key was digitally signed by people who were well-known in the privacy world (pioneering blogger Cory Doctorow and free software champion Richard Stallman, for instance); this meant those people had digitally vouched, in a way that was incredibly difficult to forge, that the key really belonged to me and not to, say, some NSA trickster. In other words, Snowden didn’t need to worry about the key being a fake. Poitras was a founding board member of the FPF, so he assumed I would have her key, and he was right. If anything, Poitras was even more paranoid than Snowden during this early period.
The inquiry from Snowden, emailing under a pseudonym, struck me as serious. I quickly forwarded it in an encrypted email to Poitras.
From: Micah Lee
To: Laura Poitras
Date: Sat, 12 Jan 2013

Hey Laura,

This person just send me this GPG encrypted email. Do you want to respond? If you want to, and you need any help with using crypto, I’m happy to help.

The emails continued to flow. There was one a week. They usually arrived at weekends, when Snowden was able to slip off.
A few hours later, she sent me a reply.
From: Laura Poitras
To: Micah Lee
Date: Sat, 12 Jan 2013

Hey Micah,

Thanks for asking. Sure, you can tell this person I can be reached with GPG at:

I’ll reply with my public key.

I’m also on jabber/OTR at:

I hope all is good with you!


At this point the film-maker sought out trusted contacts who might help her authenticate these claims. In New York she consulted the American Civil Liberties Union, the ACLU. Over dinner in the West Village she talked with the Washington Post’s Barton Gellman. Gellman, a national security expert, thought the source sounded real. But he was a tad noncommittal. Meanwhile, the source made it clear he wanted Greenwald on board.
Search results for 'laurapoitras gmail com'
Type bits/keyID     Date       User ID

pub  2048R/6396CB9C 2011-01-12 Laura Poitras <>
                               Laura Poitras (Tech Support) <>
	 Fingerprint=5838 48BC 9CA0 58D6 981A  F668 307F 2941 6396 CB9C 

I now had Poitras’ permission to send Snowden her encryption key, but in his first email to me, Snowden had forgotten to attach his key, which meant I could not encrypt my response. I had to send him an unencrypted email asking for his key first. His oversight was of no security consequence—it didn’t compromise his identity in any way—but it goes to show how an encryption system that requires users to take specific and frequent actions almost guarantees mistakes will be made, even by the best users.

After receiving Snowden’s key, I sent him an encrypted email with Poitras’ key. This enabled him to send his first encrypted email to Poitras, in which he called himself Citizenfour. But I wasn’t out of the identity-confirmation picture yet.

Snowden and Poitras quickly set up a more secure channel for communication. Poitras created an anonymous email account, doing so with the Tor Browser that masks your identity on the web, and she created a new GPG key, just for communicating with Citizenfour. This was advisable because, if she were under surveillance by the NSA or any other intelligence agency, they might have compromised her known accounts, and she would prefer for there to be no trace of her true name in the correspondence with this secrecy-seeking stranger.

Back in Germany, Poitras moved ultra-cautiously. ...
To be extra sure that these things weren’t happening, Snowden wanted to verify through a separate channel that he had Laura’s legitimate key. He asked Poitras to get me to tweet the fingerprint of her new GPG key.

These fingerprints are just 40 characters long. To verify the new key that Poitras had sent him, Snowden needed to receive her new fingerprint from me and then compare it to the one he was using.

On January 28, Laura sent me the following encrypted email—

To: Micah Lee
Date: Mon, 28 Jan 2013

Hey Micah,

This is Laura Poitras.

Someone is trying to verify my fingerprint to this email. The person has proposed you tweet the fingerprint. Would you be able to tweet this to your acct:

1EBF 5F15 850C 540B 3142 F158 4BDD 496D 4C6C 5F25

Let me know if possible.



Search results for 'riseup net 303'
Type bits/keyID     Date       User ID
pub  4096R/4C6C5F25 2013-01-26 three03 <>
	 Fingerprint=1EBF 5F15 850C 540B 3142  F158 4BDD 496D 4C6C 5F25 

Then, on May 9, I got an encrypted email from Poitras that was exciting and alarming.
From: Laura Poitras
To: Micah Lee
Date: Thu, 9 May 2013

I’m working on something with Glenn and I really need to get him on a secure (preferably Tails) system. He does not have the technical skills to set this up himself, and I’m trying to keep things compartmentalized, so I don’t want to email him about this topic directly on a non-secure channel.

The next I heard of this was ten weeks later. On April 18, I flew from my home in Rio de Janeiro to New York. On landing, I saw that I had a message from Laura Poitras. It would have to be a personal meeting. In late March she returned to the States. From here she sent Greenwald a message, suggesting that they meet face to face, without any electronics.
We arranged a meeting for the next day, in the lobby at my hotel in Yonkers. Greenwald was already due to fly to New York. The pair met in the lobby of Greenwald’s hotel, the Marriott in Yonkers.
Laura then got down to business. She had an "extremely important and sensitive matter" to discuss, she said, and security was critical. Poitras showed Greenwald two emails. ‘There were no details in the emails. The source didn’t identify himself. He didn’t say where he worked,’ Greenwald says.
She had received a series of anonymous emails from someone who seemed both honest and serious. Laura then pulled several pages out of her purse from two of the emails sent by the anoymous leaker, and I read them at the table from start to finish. They were riveting. "He's real," I said when I finished readling, "he's exactly who he says he is." Laura replied, "I have very little doubt." Instead of facts, the emails offered up a radical personal manifesto – an intellectual blueprint for why Snowden was prepared to leak classified material, and what the life-changing consequences of this action would inevitably be.
Tails, the secure system Poitras asked me to get for Greenwald, is serious business. It’s a hardened operating system designed for people who need to be anonymous, and not a lot of people use it. The acronym stands for The Amnesic Incognito Live System. Before Poitras asked me to teach it to Greenwald, I had never used it. Crucially, everything you do in Tails is anonymous. All internet activity is routed through Tor, so by default your privacy is protected. And you run Tails directly off of a DVD or a USB stick — it is not installed on your hard drive. Since Tails operates completely independently from your hard drive and usual operating system, it offers a hefty dose of protection from malware and from anyone who might inspect your computer to look at what you’ve been doing. The source behaved in an unexpected way. Poitras had assumed that he would seek to remain anonymous. After all, coming forward would bring the law down on his head. But Snowden told her: ‘I’m not cleaning the metadata. I hope you will paint a target on my back and tell the world I did this on my own.’
In another email Snowden said that the ‘hard part’ of pulling the documents was over, but that a different dangerous phase was beginning.
Once a relationship of trust had been established, Poitras told the source she would like to interview him. She told Snowden he needed to articulate ‘why’ he was taking these risks. This was important. It hadn’t occurred to Snowden to give an interview . But the idea was a good one: his goal was to get the documents out to the world.
Her correspondent wrote that he was completing the final steps necessary to provide with the documents. He needed another four to six weeks.

Three days later, Laura and I met again, this time in Manhattan, and with another email from the anonymous leaker, which explained why he was willing to risk his liberty, subject himself to the high likelihood of a very lengthy prison term, in order to disclose these documents.

By late spring 2013, the idea of a conclusive meeting was in the air. ‘I need six to eight weeks to get ready to do this,’ Snowden wrote.
After returning to Rio, I heard nothing for three weeks. Poitras returned to Berlin. Greenwald returned to Rio.
I tried to teach GPG to Greenwald but I had the same problem Snowden had encountered when he reached out in December, that Greenwald was busy and couldn’t focus on it. Several months later, however, I succeeded in getting Greenwald up to speed on using an encrypted chat system called Off-the-Record (OTR), which is much simpler than GPG. For the first time he was able to have encrypted communications on the internet. Then, on May 11, I received an email from a tech expert with whom Laura and I had worked in the past. His words were cryptic but his meaning was clear: "Hey, Glenn, I'm following up with learning to use PGP. Do you have an address I can mail you something to help you get started next week?" In mid -April, Greenwald received an email from Poitras. It told him to expect a FedEx delivery. Neither of the two parties had communicated much in the interim; Greenwald still hadn’t got encryption.
On May 13, after creating a customized version of Tails for Greenwald, I hopped on my bike and pedaled to the FedEx office on Shattuck Avenue in Berkeley, where I slipped the Tails thumb drive into a shipping package, filled out a customs form that asked about the contents (“Flash Drive Gift,” I wrote), and sent it to Greenwald in Brazil. He received the package two weeks later, it having been delayed in transit, for what I believed to be bureaucratic rather than nefarious reasons, and the blue thumb drive actually made a cameo appearance in “Citizenfour.” For a technologist, this was a dream come true. The tech person then sent a package via Federal Express, scheduled to arrive in two days. Two days went by. Then five. Then a full week. Fdex said it was being held in cutomes, for reasons unknown. Finally, roughly ten days after the package had been sent to me, Fedex delivered it. I tore open the envelope nd found two USB thumb drives, along with a typewritten note containing detailed instructions for using various computer programs designed to provide maximum security, as well as numerous passphrases to encrypted email accounts and other programs I had never heard of.

The day after the package arrived, during the week of May 20, Laura told me we needed to speak urgently, but only throughOTR (off-the-record) chat. I asked about access to secret documents. They would only come to me from the source, she told me, not from her, that we might have to travel to Hong Kong immediately, to meet our source.

The package arrived; inside it were two thumb drives. Greenwald at first imagined that the USB sticks contained top-secret documents ‘wrapped in layers of encryption and Linux programs’. In fact, they contained a security kit, allowing Greenwald to install a basic encrypted chat program.
Near the end of May, I received an anonymous and encrypted email from an account called “verax,” which is Latin for “truth teller.” The writer told me that he was the same person I had been in touch with several months earlier. He had a new request.

Would I help him build a website that would launch a global petition against surveillance?

Search results for 'verax'
Type bits/keyID     Date       User ID

pub  4096R/0E8CD2B6 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=F606 1774 A693 72A1 8AD0  1CD7 0C4D AF57 0E8C D2B6 

pub  4096R/71A3AA96 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=2B5D D0BF F454 8592 1FAF  22FB 4569 3580 71A3 AA96 

pub  4096R/79B82638 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=4ECC 0702 A2E9 5FA6 2074  C7BE 574F C888 79B8 2638 

pub  4096R/E87C2665 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=7F99 43F6 5CC9 BAD1 92A9  8DF8 96E6 0F93 E87C 2665 

pub  4096R/C920FAA6 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=AC5E 06C5 17D0 A8C1 75D3  17F5 53B9 0192 C920 FAA6 

pub  4096R/CEBFFE8D 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=22DA 0669 5202 A346 BA36  F35D 3CEB 5687 CEBF FE8D 

pub  4096R/2BE0BC29 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=5091 7466 B18F 35B3 F644  F700 1D0D 97F2 2BE0 BC29 

pub  4096R/9DCA85F7 2013-05-19 Verax (Informed Democracy Front)
	 Fingerprint=BDE4 AA86 8507 1371 7793  11A8 105D A7AB 9DCA 85F7 

pub  4096R/BE452B27 2013-05-13 Verax (Informed Democracy Front)
	 Fingerprint=134D 970C 5872 5AA6 8F2A  BD75 D18D FE89 BE45 2B27 

As Poitras had done with him in January, I created a new anonymous email account and GPG key just for communicating with him. He was glad that I did.
From: verax@?????????
To: ?????????
Date: Sat, 1 Jun 2013

Got it. Good idea, btw. There are some issues with keys being used for fingerprinting as they move over the network.

Snowden contacted Poitras again: ‘You should come. I will meet with you. But it’s risky.’
Search results for 'micah lee'
Type bits/keyID     Date       User ID

pub  4096R/EBA34B1C 2014-05-08 Micah Lee <>
                               Micah Lee <>
                               Micah Lee <>
                               Micah Lee <>
                               Micah Lee <>
                               Micah Lee <>
	 Fingerprint=0B14 9192 9806 5962 5470  0155 FD72 0AD9 EBA3 4B1C 

pub  4096R/F6FA0683 2013-12-05 *** KEY REVOKED *** [not verified]
                               Micah Lee <>
	 Fingerprint=3445 0321 CD3E 062F E3F0  1714 DAD7 E56C F6FA 0683 

pub  1024R/7D158F33 2013-11-01 Launchpad PPA for Micah Lee
	 Fingerprint=7EF3 3F02 7E9E 4869 F46F  77E3 4E72 F77D 7D15 8F33 

pub  4096R/99999697 2011-06-24 *** KEY REVOKED *** [not verified]
                               Micah Lee <>
                               Micah Lee <>
                               Micah Lee <>
                               Micah Lee <>
                               Micah Lee <>
                               Micah Lee <>
                               Micah Lee <>
                               Micah Lee <>
                               Micah Lee <>
	 Fingerprint=5C17 6163 61BD 9F92 422A  C08B B4D2 5A1E 9999 9697 

pub  1024D/4111ACE1 2009-11-06 Micah Lee <>
	 Fingerprint=3261 47FA EFB3 6BFB 83F9  CCA7 7EE3 FD27 4111 ACE1 

It was the next stage of their plan. Snowden intended to leak one actual document.
Snowden didn’t want Poitras directly involved; instead he asked her to recommend other journalists who might publish it without attribution to him. He wanted to spread his net wider.
Greenwald contacted Snowden via chat. Over the next two hours Snowden explained to Greenwald how he could boot up the Tails system.
At JFK airport, the ill-matched trio boarded a Cathay Pacific flight.
Once the seat belt signs were off, Poitras joined Greenwald. She brought  present both were eager to open: a USB stick. Snowden had securely delivered to her a second cache of secret NSA documents. It contained 3-4,000 items.
Snowden and I exchanged encrypted emails to discuss the site mockup and the site’s functionality, and he let me know a bit of what was going on. “Just wanted to provide an update on the work out here,” he emailed me on June 3. “Had an extremely productive meeting with two journalists today you may know, and will encounter a third tomorrow [Ewen MacAskill, a Guardian reporter who joined Greenwald and Poitras at the last moment]. After discussion, may hold off on the declaration for a few more days to give them time to work first.”

He told me his name, so that I could attach his signature to the end of the manifesto. This was about a week before the rest of the world would learn who he was. Using Tor, I searched the internet for Edward Snowden, but I couldn’t find anything. I checked LinkedIn, I checked Facebook, I think I even checked Twitter, and I found nothing. Who was this guy?

For the rest of the journey Greenwald read the latest cache. He was mesmerized. From time to time, Poitras would come up from her seat in the rear and grin at Greenwald. 'We would just cackle and giggle like we were schoolchildren. We were screaming, and hugging and dancing with each other up and down,' he says. The scoop was becoming a scoop to end all scoops.
Search results for 'snowden edward'
pub  4096R/21B7141F 2013-03-24 Ed Snowden <>
                               Ed Snowden <>
                               Edward Snowden <>
                               Edward Snowden <>
                               Edward Snowden <>
	 Fingerprint=98E6 3244 07FA 26AD B358  7C95 4DB8 A088 21B7 141F 
I was quite excited, especially after Greenwald’s first story was published on June 5, revealing a secret NSA program to collect massive amounts of domestic phone data. I finally knew what Snowden was leaking.

“Big news today, huh?” I emailed him. “How are you doing?”

He responded quickly.

From: verax@?????????
To: ?????????
Date: Thu, 6 Jun 2013

Oh, that old thing? That could have come from anywhere..

Timing is everything on this, and we aren’t close to finished. It’s encouraging to see prominent civil rights organizations already calling for change, and I’m hopeful that maybe this time, things will be different.

Come Monday, people will have something to be angry about. I think that will be the day. Please feel free to criticize the draft as much as you’d like: it needs to be something people are willing to give words to their own feelings.

The next few days brought a blitz of headline-grabbing stories about NSA surveillance from Greenwald, Poitras, and MacAskill as well as the The Washington Post’s Barton Gellman, who received documents from Snowden even though he hadn’t made the risky trip to Hong Kong. On June 9, there was another thunderbolt: Greenwald, MacAskill, and Poitras broke the news that Edward Snowden was their source, releasing a 12-minute interview with him in which he explained his motivations.

On June 13, after he had parted ways with Greenwald and Poitras and gone underground in Hong Kong, he finally emailed me.
From: verax@?????????
To: ?????????
Date: Thu, 13 Jun 2013

I’m still here. As you may have heard, I’m on the run. Tons of surveillance, media, and less savory teams crawling all over this place…

I have a new draft for the site, but I keep revising it. Hold off on any action for now. I’m thinking something major may happen on Saturday and give us a venue to bring this to the fore.

Thank you again for all of your help and support. I’m sorry this has become so dangerous for everyone involved, but I suppose this is precisely what needed to be illustrated about our government. Let’s hope people reign it back in.

We never launched the website.