This story is part of our special coverage, The News in Crisis.
When Edward Snowden leaked the biggest collection of classified National Security Agency documents in history, he wasn’t just revealing the inner workings of a global surveillance machine. He was also scrambling to evade it. To communicate with the journalists who would publish his secrets, he had to route all his messages over the anonymity software Tor, teach reporters to use the encryption tool PGP by creating a YouTube tutorial that disguised his voice, and eventually ditch his comfortable life (and smartphone) in Hawaii to set up a cloak-and-dagger data handoff halfway around the world.
Now, nearly four years later, Snowden has focused the next phase of his career on solving that very specific instance of the panopticon problem: how to protect reporters and the people who feed them information in an era of eroding privacy—without requiring them to have an NSA analyst’s expertise in encryption or to exile themselves to Moscow. “Watch the journalists and you’ll find their sources,” Snowden says. “So how do we preserve that confidentiality in this new world, when it’s more important than ever?”
Since early last year, Snowden has quietly served as president of a small San Francisco–based nonprofit called the Freedom of the Press Foundation. Its mission: to equip the media to do its job at a time when state-sponsored hackers and government surveillance threaten investigative reporting in ways Woodward and Bernstein never imagined. “Newsrooms don’t have the budget, the sophistication, or the skills to defend themselves in the current environment,” says Snowden, who spoke to WIRED via encrypted video-chat from his home in Moscow. “We’re trying to provide a few niche tools to make the game a little more fair.”
The group’s 10 staffers and a handful of contract coders, with Snowden’s remote guidance, are working to develop an armory of security upgrades for reporters. Snowden and renowned hacker Bunnie Huang have partnered to develop a hardware modification for the iPhone, designed to detect if malware on the device is secretly transmitting a reporter’s data, including location. They’re developing a piece of software called Sunder that uses code written by Frederic Jacobs, one of the programmers for the popular encryption app Signal1; Sunder would allow journalists to encrypt a trove of secrets and then retrieve them only if several newsroom colleagues combine their passwords to access the data. And the foundation’s coders are building a plug-and-play version of Jitsi, the encrypted video-chat software Snowden himself uses for daily communication. They want newsrooms to be able to install it on their own servers with a few clicks. “The idea is to make this all paint-by-numbers instead of teaching yourself to be Picasso,” Snowden says.
Edward Snowden’s leave to remain in Russia has been extended for three years, his lawyer has said, as a Russian official said the whistleblower would not be extradited to the US even if relations improved under the incoming president, Donald Trump.
Snowden’s Russian lawyer, Anatoly Kucherena, told RIA Novosti news agency that the permit had been extended until 2020. He also said that as of next year, Snowden would have the right to apply for Russian citizenship.
Earlier on Wednesday, Maria Zakharova, a foreign ministry spokeswoman, wrote on Facebook that Snowden’s right to stay had recently been extended “by a couple of years”. Her post came in response to a suggestion from the former acting CIA director Michael Morell that Vladimir Putin might hand over Snowden to the US, despite there being no extradition treaty between the countries.
Edward Snowden has been the subject of several high-profile appeals this year, calling on Barack Obama to pardon the National Security Agency whistleblower and allow him to return home to the US. Writers, intelligence experts, film stars and tech tycoons have all joined the chorus.
Now the most audacious display of support for Snowden is under way. Messages calling for his pardon are being beamed on to the outside wall of the Newseum, the Washington institution devoted to freedom of speech and the press that stands less than two miles from the White House.
The event is a guerrilla action carried out without the knowledge or approval of the Newseum itself, though the organisers of the stunt from the Pardon Snowden campaign are hoping they will be given a sympathetic reception.
American national security whistleblower who has been stranded in Russia since 2013 says it would be ‘crazy to dismiss’ prospect of extradition to US
Edward Snowden has said he is unafraid of Russian president Vladimir Putin turning him over to the US as a favor to President-elect Donald Trump.
The national security whistleblower, speaking during a Thursday webchat from Russia, where he has been stranded since disclosing revelations of widespread National Security Agency surveillance in 2013, said it would be “crazy to dismiss” the prospect of Trump striking a deal with Putin that leads to his extradition and trial.
But he added: “If I was worried about safety, if the security and the future of myself was all that I cared about, I would still be in Hawaii.”
Snowden told the webchat hosted by the Dutch privacy-focused search engine StartPage he was comfortable with and proud of the choices he had made.
“I think I did the right thing,” he said. “While I can’t predict what the future looks like, I don’t know what’s going to happen tomorrow, I can be comfortable with the way I’ve lived to today.”
Trump, who has been complimentary about Putin and Russia in a manner that prompted accusations from his Democratic rival Hillary Clinton that he was a “puppet”, has in the past mused about having Snowden killed. Trump’s major national security ally, the retired general and former Defense Intelligence Agency chief Michael Flynn, oversaw a highly speculative DIA report that claimed Snowden took from the NSA a larger trove of documents than ever confirmed based on what Snowden could access as a contract systems administrator.
“Snowden is a spy who has caused great damage in the US. A spy in the old days, when our country was respected and strong, would be executed,” Trump tweeted in 2014.
All of that has prompted concern among Snowden’s supporters worldwide that the groundwork for an extradition is in place. But Snowden proclaimed himself unperturbed.
So many hacks, so few days in the week to write alarming stories about every one. Every weekend, WIRED Security rounds up the security vulnerabilities and privacy updates that didn’t quite rise to our level for in-depth reporting this week, but deserve your attention nonetheless.
First the big stories: The FBI has a secret fleet of planes spying on you, and they are not alone. United Airlines grounded all its planes on Monday because false flight plans were being uploaded to the flight decks. The US Senate finally passed some NSA surveillance reform in the form of the USA Freedom Act–the first of its kind since Edward Snowden revealed the extent of the Big Brother nightmare that is domestic counter-terrorism in the 21st century. Facebook decided that revealing your location in Messenger isn’t a bug; it’s a feature! A feature you can now, thankfully, opt out of. And our own Andy Greenberg demonstrated that the front lines of the gun control debate are moving closer to home, as it’s now incredibly easily to build your own untraceable guns.
But there was a lot of other news this week, summarized below. To read the full story linked in each post, click on the headlines. And be safe out there!
Another month, another massive breach of a federal agency revealed. Hackers based in China accessed the records of four million federal workers when they hacked the Office of Payroll Management (OPM) in an attack first discovered in April. Despite the agency’s focus on payroll, it’s not clear if any data was stolen that could lead to financial fraud; no direct deposit information was accessed, according to the Washington Post. Instead, the attackers may have been seeking data useful for identifying government staffers with security clearances, potentially to target them in future “spear phishing” attacks. The Department of Homeland Security has taken credit for identifying the attack with its EINSTEIN intrusion detection system. But critics are questioning why that years-in-development system couldn’t have caught the attack earlier. The Chinese government, per usual, has denied any involvement. The OPM intrusion marks the second major federal breach revealed this year, following news that Russian hackers accessed unclassified White House networks as well as those of the State Department. — Andy Greenberg
Another small victory for opponents of the all-pervasive morass of electronic surveillance, at least in one state: the California senate unanimously passed the California Electronic Communications Privacy Act, a bill requiring law enforcement to obtain a search warrant or wiretap order prior to searching smartphones, laptops, or electronic devices, or accessing information stored on remote servers. The bill will be heard by the State Assembly this summer. — Yael Grauer
It only took Skype 24 hours to fix the bug, but for a moment, messaging “http://:” (without the quotes) in chat not only made Skype crash in Windows, Android, and iOS, but would immediately crash it again after restarting when Skype downloaded chat history for the server, meaning that clearing the chat history didn’t resolve the issue. This bug trailed on the heels of the iOS glitch discovered last week that caused iPhones to crash when sent a string of characters, though users are far more likely to type in http://: by accident than they are to text the complicated string of Arabic and English characters required to crash iOS devices. Before the fix was in, Skype users could get around the bug by installing an older version of Skype, or having the sender delete the offending message. — Yael Grauer
Macs shipped prior to mid-2014 are vulnerable to an exploit that would allow an attacker to permanently control the machine, even if you reinstall OS X or reformat the drive. The vulnerability, discovered by security researcher Pedro Vilaca, allows attackers to install malicious firmware that essentially overwrites the firmware that boots up the machine right after older Macs awake from sleep. The code is installed via one of the many security vulnerabilities found in web browsers such as Safari. One way to avoid this hack is to change your computer’s default setting to deactivate sleep mode. You can also download software to detect whether an attack has taken place, though the software won’t prevent it from happening. — Yael Grauer
It’s been exactly two years since Edward Snowden’s first leak about the NSA’s collection of phone metadata appeared in the press, and in an op-ed that appears in Friday’s New York Times, the former NSA contractor reflects on what he’s accomplished. Recalling his time preparing for the first leak with three journalists, he writes, “Privately, there were moments when I worried that we might have put our privileged lives at risk for nothing — that the public would react with indifference, or practiced cynicism, to the revelations. Never have I been so grateful to have been so wrong.”
Snowden goes on to note that the disclosures created a “change in global awareness,” and lauds the legal and technological steps taken against mass surveillance, particularly in the U.S.:
In a single month, the N.S.A.’s invasive call-tracking program was declared unlawful by the courts and disowned by Congress. After a White House-appointed oversight board investigation found that this program had not stopped a single terrorist attack, even the president who once defended its propriety and criticized its disclosure has now ordered it terminated.
This is the power of an informed public.
He concludes that while the right to privacy is still being threatened around the world, the disclosures continue to chip away at the surveillance state (hours earlier, the New York Times and Pro Publica published the results of a joint investigation based on Snowden’s trove of documents):
We are witnessing the emergence of a post-terror generation, one that rejects a worldview defined by a singular tragedy. For the first time since the attacks of Sept. 11, 2001, we see the outline of a politics that turns away from reaction and fear in favor of resilience and reason. With each court victory, with every change in the law, we demonstrate facts are more convincing than fear. As a society, we rediscover that the value of a right is not in what it hides, but in what it protects.
It’s an enticing thought, but U.S. politicians will probably redouble their fearmongering efforts as we get closer to the 2016 election.
With only days left to act and Rand Paul threatening a filibuster, Senate Republicans remain deeply divided over the future of the PATRIOT Act and have no clear path to keep key government spying authorities from expiring at the end of the month.
Crucial parts of the PATRIOT Act, including a provision authorizing the government’s controversial bulk collection of American phone records, first revealed by Edward Snowden, are due to lapse May 31. That means Congress has barely a week to figure out a fix before before lawmakers leave town for Memorial Day recess at the end of the next week.
The prospects of a deal look grim: Senate Majority Leader Mitch McConnell on Thursday night proposed just a two-month extension of expiring PATRIOT Act provisions to give the two sides more time to negotiate, but even that was immediately dismissed by critics of the program.
The House just overwhelmingly approved its own bill to reauthorize those sunsetting authorities while reining in the phone records program, and lawmakers in the lower chamber have pledged to fight any Senate attempts to pass weaker or no reforms.
BEIJING (Reuters) – Zhang Long made his fortune selling Pu’er fermented tea and handcrafted furniture from the mountains of his native Yunnan Province in southwest China.
Last November, the 49-year old entrepreneur, who has no technology background, strode into a Beijing ballroom to pitch his latest made-in-China product: SPGnux, a Linux-based operating system he says could replace Microsoft Corp’s Windows.
“Information security is vital to the interests of China and the interests of the Chinese people,” Zhang proclaimed as a marketing video flashed images of former U.S. National Security Agency contractor Edward Snowden on large monitors.
Snowden’s disclosures in 2013 of U.S. cyberspying and security holes in American technology products have prompted China’s government to accelerate a broad campaign to replace foreign technology with Chinese-developed systems.
And that has triggered a frenzy among state-affiliated software firms, investors and savvy businessmen – all hoping to capitalize on Silicon Valley’s waning grip over China’s $450 billion-a-year enterprise computing market.
Some of those who’ve entered the fray look better equipped to succeed than others.
When Hongqi, a software company that developed China’s most successful operating system during the 2000s, but which has since struggled, put itself up for sale last year, bidders included a coal magnate, an aviation company and a food transport provider. It was eventually sold to a company with a background in household cleaning for just $6 million.
“We’re in a new bubble because of Snowden,” said He Weijia, a former director at Hongqi. “These bosses don’t need that much money or expertise to get into the game, but the payoff can be potentially large.”
International venture capitalists say China’s start-ups are more attractive bets than before as Beijing is backing the enterprise computing sector much like it did Internet firms in the last decade.
“This is obviously an area that the government wants to develop or promote – how is this different from Baidu in 2003?” said a China-based partner of a Silicon Valley venture capital firm, referring to the Chinese search engine that debuted in New York a decade ago and is now worth $75 billion.