ENGW 3301 Project 3 Blog Post
NOTE: This is supposed to be a guest post on The Intercept
Introduction
In June 2013, through the combined efforts of Edward Snowden, Laura Poitras, Glenn Greenwald, and many others, the world learned operational details of the ongoing global surveillance being conducted by the NSA and its global partners. These revelations, along with those that have since been revealed, emphasize the necessity that journalists working in this domain use strong privacy software to protect themselves from this global adversary.
Where We Are Now
There are numerous software systems in place to assist in this mission, such as TAILS (The Amnesic Incognito Live System), Tor, GPG, and OTR (Off-the-Record) Messaging. When used in concert correctly, these systems provide journalists with the privacy and protection they need. However, while they are vastly easier to use than ever before, they still require dedication and a desire to use them despite user-experience issues. As Glenn Greenwald puts it, "It's reall annoying and complicated, the encryption software" [1]
Additionally, using the OTR protocol for instant messaging with sources requires that you either host and maintain your own chat server, or that you trust the 3rd party hosting the chat server you're using is not going to log the ongoing communications. Additionally, this 3rd party provides a single point of failure in your security protocol; all an adversary would need to do is to subpoena the chat server for records of any and all communications. So, while we have come quite far, there are still a ways to go.
Where We're Headed
To solve the issues listed above, I propose a software system that would provide ephemeral, encrypted instant message communications between individuals with ease of use at the forefront of the design. Such a system would allow journalists to create a temporary server that they use to communicate with a source. Once their communications are over, they'll be able to completely destroy the server, erasing all traces of communication. In addition to removing the dependency on a 3rd party, this system allows for "hiding in plain site". In other words, by using commercial Infrastructure as a Service providers such as Amazon Web Services or RackSpace, the traffic being generated by these ephemeral servers would be masked by the ocean of network traffic these providers already generate.
Conclusion
If this sounds at all exciting to you, please get involved with the project in any way you can! The source code is open source, so if you have development experience you can contribute that way, or you could simply write an articel about this project to help generate more interest. Additionally, please share this with anyone you feel may benefit from this sort of software system.
[1] How Laura Poitras Helped Snowden Spill His Secrets