This story is part of our special coverage, The News in Crisis.
When Edward Snowden leaked the biggest collection of classified National Security Agency documents in history, he wasn’t just revealing the inner workings of a global surveillance machine. He was also scrambling to evade it. To communicate with the journalists who would publish his secrets, he had to route all his messages over the anonymity software Tor, teach reporters to use the encryption tool PGP by creating a YouTube tutorial that disguised his voice, and eventually ditch his comfortable life (and smartphone) in Hawaii to set up a cloak-and-dagger data handoff halfway around the world.
Now, nearly four years later, Snowden has focused the next phase of his career on solving that very specific instance of the panopticon problem: how to protect reporters and the people who feed them information in an era of eroding privacy—without requiring them to have an NSA analyst’s expertise in encryption or to exile themselves to Moscow. “Watch the journalists and you’ll find their sources,” Snowden says. “So how do we preserve that confidentiality in this new world, when it’s more important than ever?”
Since early last year, Snowden has quietly served as president of a small San Francisco–based nonprofit called the Freedom of the Press Foundation. Its mission: to equip the media to do its job at a time when state-sponsored hackers and government surveillance threaten investigative reporting in ways Woodward and Bernstein never imagined. “Newsrooms don’t have the budget, the sophistication, or the skills to defend themselves in the current environment,” says Snowden, who spoke to WIRED via encrypted video-chat from his home in Moscow. “We’re trying to provide a few niche tools to make the game a little more fair.”
The group’s 10 staffers and a handful of contract coders, with Snowden’s remote guidance, are working to develop an armory of security upgrades for reporters. Snowden and renowned hacker Bunnie Huang have partnered to develop a hardware modification for the iPhone, designed to detect if malware on the device is secretly transmitting a reporter’s data, including location. They’re developing a piece of software called Sunder that uses code written by Frederic Jacobs, one of the programmers for the popular encryption app Signal1; Sunder would allow journalists to encrypt a trove of secrets and then retrieve them only if several newsroom colleagues combine their passwords to access the data. And the foundation’s coders are building a plug-and-play version of Jitsi, the encrypted video-chat software Snowden himself uses for daily communication. They want newsrooms to be able to install it on their own servers with a few clicks. “The idea is to make this all paint-by-numbers instead of teaching yourself to be Picasso,” Snowden says.
Edward Snowden’s leave to remain in Russia has been extended for three years, his lawyer has said, as a Russian official said the whistleblower would not be extradited to the US even if relations improved under the incoming president, Donald Trump.
Snowden’s Russian lawyer, Anatoly Kucherena, told RIA Novosti news agency that the permit had been extended until 2020. He also said that as of next year, Snowden would have the right to apply for Russian citizenship.
Earlier on Wednesday, Maria Zakharova, a foreign ministry spokeswoman, wrote on Facebook that Snowden’s right to stay had recently been extended “by a couple of years”. Her post came in response to a suggestion from the former acting CIA director Michael Morell that Vladimir Putin might hand over Snowden to the US, despite there being no extradition treaty between the countries.
Edward Snowden has been the subject of several high-profile appeals this year, calling on Barack Obama to pardon the National Security Agency whistleblower and allow him to return home to the US. Writers, intelligence experts, film stars and tech tycoons have all joined the chorus.
Now the most audacious display of support for Snowden is under way. Messages calling for his pardon are being beamed on to the outside wall of the Newseum, the Washington institution devoted to freedom of speech and the press that stands less than two miles from the White House.
The event is a guerrilla action carried out without the knowledge or approval of the Newseum itself, though the organisers of the stunt from the Pardon Snowden campaign are hoping they will be given a sympathetic reception.
American national security whistleblower who has been stranded in Russia since 2013 says it would be ‘crazy to dismiss’ prospect of extradition to US
Edward Snowden has said he is unafraid of Russian president Vladimir Putin turning him over to the US as a favor to President-elect Donald Trump.
The national security whistleblower, speaking during a Thursday webchat from Russia, where he has been stranded since disclosing revelations of widespread National Security Agency surveillance in 2013, said it would be “crazy to dismiss” the prospect of Trump striking a deal with Putin that leads to his extradition and trial.
But he added: “If I was worried about safety, if the security and the future of myself was all that I cared about, I would still be in Hawaii.”
Snowden told the webchat hosted by the Dutch privacy-focused search engine StartPage he was comfortable with and proud of the choices he had made.
“I think I did the right thing,” he said. “While I can’t predict what the future looks like, I don’t know what’s going to happen tomorrow, I can be comfortable with the way I’ve lived to today.”
Trump, who has been complimentary about Putin and Russia in a manner that prompted accusations from his Democratic rival Hillary Clinton that he was a “puppet”, has in the past mused about having Snowden killed. Trump’s major national security ally, the retired general and former Defense Intelligence Agency chief Michael Flynn, oversaw a highly speculative DIA report that claimed Snowden took from the NSA a larger trove of documents than ever confirmed based on what Snowden could access as a contract systems administrator.
“Snowden is a spy who has caused great damage in the US. A spy in the old days, when our country was respected and strong, would be executed,” Trump tweeted in 2014.
All of that has prompted concern among Snowden’s supporters worldwide that the groundwork for an extradition is in place. But Snowden proclaimed himself unperturbed.
So many hacks, so few days in the week to write alarming stories about every one. Every weekend, WIRED Security rounds up the security vulnerabilities and privacy updates that didn’t quite rise to our level for in-depth reporting this week, but deserve your attention nonetheless.
First the big stories: The FBI has a secret fleet of planes spying on you, and they are not alone. United Airlines grounded all its planes on Monday because false flight plans were being uploaded to the flight decks. The US Senate finally passed some NSA surveillance reform in the form of the USA Freedom Act–the first of its kind since Edward Snowden revealed the extent of the Big Brother nightmare that is domestic counter-terrorism in the 21st century. Facebook decided that revealing your location in Messenger isn’t a bug; it’s a feature! A feature you can now, thankfully, opt out of. And our own Andy Greenberg demonstrated that the front lines of the gun control debate are moving closer to home, as it’s now incredibly easily to build your own untraceable guns.
But there was a lot of other news this week, summarized below. To read the full story linked in each post, click on the headlines. And be safe out there!
Another month, another massive breach of a federal agency revealed. Hackers based in China accessed the records of four million federal workers when they hacked the Office of Payroll Management (OPM) in an attack first discovered in April. Despite the agency’s focus on payroll, it’s not clear if any data was stolen that could lead to financial fraud; no direct deposit information was accessed, according to the Washington Post. Instead, the attackers may have been seeking data useful for identifying government staffers with security clearances, potentially to target them in future “spear phishing” attacks. The Department of Homeland Security has taken credit for identifying the attack with its EINSTEIN intrusion detection system. But critics are questioning why that years-in-development system couldn’t have caught the attack earlier. The Chinese government, per usual, has denied any involvement. The OPM intrusion marks the second major federal breach revealed this year, following news that Russian hackers accessed unclassified White House networks as well as those of the State Department. — Andy Greenberg
Another small victory for opponents of the all-pervasive morass of electronic surveillance, at least in one state: the California senate unanimously passed the California Electronic Communications Privacy Act, a bill requiring law enforcement to obtain a search warrant or wiretap order prior to searching smartphones, laptops, or electronic devices, or accessing information stored on remote servers. The bill will be heard by the State Assembly this summer. — Yael Grauer
It only took Skype 24 hours to fix the bug, but for a moment, messaging “http://:” (without the quotes) in chat not only made Skype crash in Windows, Android, and iOS, but would immediately crash it again after restarting when Skype downloaded chat history for the server, meaning that clearing the chat history didn’t resolve the issue. This bug trailed on the heels of the iOS glitch discovered last week that caused iPhones to crash when sent a string of characters, though users are far more likely to type in http://: by accident than they are to text the complicated string of Arabic and English characters required to crash iOS devices. Before the fix was in, Skype users could get around the bug by installing an older version of Skype, or having the sender delete the offending message. — Yael Grauer
Macs shipped prior to mid-2014 are vulnerable to an exploit that would allow an attacker to permanently control the machine, even if you reinstall OS X or reformat the drive. The vulnerability, discovered by security researcher Pedro Vilaca, allows attackers to install malicious firmware that essentially overwrites the firmware that boots up the machine right after older Macs awake from sleep. The code is installed via one of the many security vulnerabilities found in web browsers such as Safari. One way to avoid this hack is to change your computer’s default setting to deactivate sleep mode. You can also download software to detect whether an attack has taken place, though the software won’t prevent it from happening. — Yael Grauer