Secure communications & computing
what it is, why you need it, how you get it
With journalist Silkie Carlo I have co-authored a 'handbook' on practical information security for journalists commissioned by the UK Centre for Investigative Journalism. The CIJ handbook 'Information Security for Journalists' was launched at the CIJ Summer School 2014 in London. Since this book was written post-Snowden - as opposed to the page below that was started in 2010 please use the book for detailed instructions on setting up tools for digital self-defense.
This document explains the need for secure communications for journalists, activists, politicians and anyone else who seeks to change the status-quo in the world somehow and also retain their basic right to privacy.
“Few things are as practical as a good theory”
The primary focus of this document is to provide a practical how-to that helps non-specialists with the installation and daily use of secure computing and communication habits. Because understanding the underlying theory behind the tools will help re-enforce independent secure behaviour, a short introduction to theoretical concepts is included. We urge everyone to spend the time required to read and understand these paragraphs. Most of the readers of this document will have to use the tools without much technical assistance from specialists, so actually understanding what you are doing is vital to doing it right.
Why you need secure communications
If you are trying to push the world in a different direction the world usually pushes back. The more successful you are, the harder the push-back will be. Over the last decade the amount of electronic surveillance, especially in western countries, has increased to levels previously only seen in the former East Germany. If you're effective as a journalist, activist or politician who's challenging the-powers-that-be, your communications will be monitored at some point (if you're not being monitored or getting arrested every now and then you're obviously not trying hard enough).
When communicating with others for planning, organisation or just sharing basic info it may be useful to keep what you are sharing, the fact that you are sharing it and with whom you share it hidden from the prying eyes of governments and/or corporations.
The fact that 'you are not doing anything wrong' is irrelevant. Sadly we have arrived in the phase in history where breaking the law or even being accused of anything specific is no longer a requirement to monitor, imprison or even kill citizens outside the context of due process and a fair trail. The fact that this kind of monitoring may be technically illegal in most western countries is sadly just as irrelevant these days. If it can be technically monitored, it very well might be.
What does secure mean?
When we say secure we do not mean: 'Difficult to intercept' or 'probably won't get broken into'. Secure must mean intrinsically secure. Secure must mean it is protected against the strongest possible attack a hyperpower-nation-state-level organisation can mount against it. The security must be derived from basic mathematical concepts that cannot be circumvented by any known method over a time-scale that is relevant (the known remaining life of the planet earth is a good start).
To achieve this it is vital to only use methods and mechanisms that have been tested by as many experts as possible (see a longer description of the importance of this here. For practical purposes this means only using Free Software (also known as opensource software).
Security, like changing the world, is hard. Getting things working and changing your computer habits will require some effort. If you do not have the time or inclination to make this effort, that's fine. Just do not assume you can use your computer without informing whomever you may be opposing. Doing everything offline is a perfectly good way of avoiding electronic surveillance, just not practical for everyone.
How to get it
This document will focus mostly on setting up a secure system and email as a means for communications and securely sharing information. I will add some thoughts on secure centralised platforms such as wikis later. Other options such as encrypted telephones exist (www.cryptophone.de) but because of their price they are not practical for large-scale, low budget application.
Using a secure platform
The basis for any secure computing application is control over the computer system itself. You can only really trust a computer that is physically under you control and that has only software on it you control yourself.
The easiest way to achieve this is getting a laptop and installing a safe operating system on it yourself or have that done by someone you can trust (really trust! - not the nice helpful guy/gal you met last week at the activist meetup). The laptop itself should be bought cash over the counter in a location that you do not contact beforehand and preferably somewhere away from where you live/work. We don't want to order online because this allows the system to be intercepted and physically tampered with (such as installing key-loggers that will allow others to intercept your passwords – thereby defeating any security system).
For cash-strapped activists low-power and lightweight netbooks are a good solution. These cost about half of an average laptop and are light and sturdy enough to be carried around almost anywhere. Models with a solid-state drive instead of a hard disk have less data-storage capacity but longer battery life and are less vulnerable to the shocks and bumps of travel.
We stress the importance of a light laptop because a desktop computer will be at your home or place of work for extended periods of time and is thus vulnerable to tampering or theft (again – if you are not effective as an activist/journalist/politician this is not a problem – try harder!).
Software – operating system
Now we have obtained a secure hardware platform we need to have an operating system on it we can also trust. A good combination of low-cost (0), functionality and trustworthiness right now is Ubuntu Linux. Ubuntu (Zwahili for 'Humanity to others') is Free Software, meaning you can use it for free, share it with as many people you can and are allowed (and encouraged!) to study the internal workings of the system. Think of it as a car where you can open the bonnet to see what's inside. The two best known systems (Windows and MacOSX) do not allow this on pain of massive fines or even imprisonment.
Because the system is free (as in freedom, and also free as in 'gratis') more people will study the system, find bugs and report them. The fixing of these bugs can then be done by many more people then just the vendor of the software. See this for a more details of this process.
If you do not want to use Linux (and there are many more flavors than Ubuntu) you could of course use MacOSX or some sort of Windows. Many people do. The problem with these systems (especially Windows) is the lack of transparency in their construction and therefore the risk of hidden backdoors. It is no coincidence that defence ministries all over the world outside the US are switching to Linux. They do not want to depend on a system that could be compromised when it counts.
Each person must make their own determination on the balance between the ease of familiarity and inherent security. But learning Linux to do websurfing and e-mail is not that hard and it can do most things the other systems can do (except games).
See here for a detailed description on downloading and installing Ubuntu Linux. It is very important to have a working broadband connection for updates while installing. The process takes as little as 10 minutes on a fast system and up to 1 hr on under-powered netbooks. The installation runs mostly unattended so you can use that time for other things.
Software – browser
Web browsing and e-mail comprise the bulk of online activities for most people and securing them will go a long way (things like twitter and skype should be considered insecure because they rely on software and servers not under your control – fine for some applications but not for serious, secure work). For web browsing we advise Firefox. This runs on any platform (Linux, Mac and Windows) and can be upgraded with many privacy enhancing features. Get it here. Also install Do Not Track, HTTPS-everwhere, Disconnect, Ghostery and Collusion plugins to limit the tracking of your online behaviour. Use this browser for everyday stuff. For absolute security use the TOR-browser. Do not ever use this browser to log into social media, your Gmail account or anything else that can identify you as the person behind that browser, the point is to be anonymous after all.
Software – mail client
Most e-mail applications can be made to work with cryptography. This document assumes we are working with Mozilla Thunderbird because it is free software and has easy-to-use crypto options.
Thunderbird will run on Linux, Macs and Windows systems. It can be a full replacement or used alongside another mail program (MailApp on Mac or Outlook on Windows).
On Ubuntu Thunderbird can be installed through the 'Ubuntu Software Center' (under the 'Applications' menu)
Mac & Windows users download here.
For configuring your mail account go to this Help document for Gmail. If your mail is running with another provider or system consult their websites.
Mail client setup with Gmail.
We strongly recommend against using non-free versions of PGP crypto software because of the impossiblity to audit these systems for technical mistakes or hidden backdoors.
Software – GPG and Enigmal
The GNU Privacy Guard (GPG) is a free software version of Pretty Good Privacy (PGP). It is already installed by default on all Linux systems.
Mac Users go here.
Windows users go here.
To make using GPG easier in combination with Thunderbird we use the Enigmail plugin.
Setting up Enigmail is described in detail here.
For more extreme use it is possible to create a whole PC for specific usage on a USB-drive or (micro)SD-card. Such a system can be small enough to physically hide and cheap enough to use-and-destroy if the situation warrants it. Using a system-on-a-stick is slower than a normal PC/laptop but for email and light surfing this may not matter that much. The TAILS bootable operating system has the same forefather as Ubuntu (Debian Linux) and is designed for this purpose. Having this on a USB-drive or microSD-card is a really secure option. This will take a bit more effort.
Using insecure mail services in a secure manner
Many of you will have a Hotmail, Yahoo or Gmail accounts. Please be aware that the mailservers of these parties are owned and operated by US companies and usually are on US soil. Therefore the data on them falls under US jurisdiction and various agencies can access your information for various reasons without the need to prove any wrongdoing on your part. When allowing US government agencies access to your information, the companies in question may be blocked from informing you of this fact. More about this here.
This limits the range of functions these type of accounts can be used for without using strong crypto for unimportant things.
Ideally we would all run our own mailservers and in the future this may be possible; today this requires a much higher level of technical knowledge than most of us have.
The second best option is to rent capacity on a mailserver with a small provider whose employees you can know and that will look out for your interests. Smaller internet companies in Sweden, Germany and Switzerland seem to taking their clients privacy seriously and these locations have at least some working legal protection for citizens against the state. This will cost something between 5-10 euros per month plus a possible onetime set-up fee.
The cheapest but least desirable option is to continue to use a service like Gmail but to use it with Crypto for anything important. This requires discipline on your part and on the part of anyone you are communicating with to always use cryptography when communicating about anything important. Another major disadvantage of using Gmail-type services even with crypto is that it allows for analysis of the patterns in your communications (who are are you mailing, when are you mailing them and possibly from what location). This pattern can reveal as much about you and your group as the contents of the mail itself.
This document is a work-in-progress, please let me know if any part is unclear or if there are other things that you would like explained.
The fingerprint for this key is: 55FB B3B7 949D ABF5 F31B BA1D 237D 4C50 118A 0EC2
Some other great resources: Tor-project.org - makes a browser that allows anonymous websurfing. Do not login to any online service that identifies you as you (Gmail, Facebook, and so on) while using this if you want to stay completly anonymous. If you login to a service such as Gmail you can still hide your IP-adress (and thus your physical location).
The American Electronic Frontier Foundation has a dedicated page to help you defend yourself against digital surveillance.
Worldwide cryptopartyies are being organised through cryptoparty.org. If there is not yet one near you ask for it on the wiki, contact hackers near you and make on happen!