Avoiding high-tech spies
Ex-military officers provide insight into electronic surveillance and the protection of confidential sources
Ex-military officers provide insight into electronic surveillance and the protection of whistleblowers
A smiling woman I don’t know greets me by first name.
The conference room has been swept for surveillance devices, she explains, and everyone who enters will get a brief pat-down.
With three other journalists and a computer security expert, I am about to begin a two-day training in pre-electronic spycraft. Our instructors: two military police veterans. The goal: learn how to protect people who risk their jobs or freedom to share information with the public, also known as whistleblowers.
After we all get settled in, class starts. “Once you realize that what’s possible in electronic surveillance today has basically reached the realm of science fiction, you have to take a different route,” says Larry Jones, a former intelligence analyst for the Marines and one of the workshop’s leaders.
His partner, Daryl Baginski, guides us through pen-and-paper cryptosystems—ways to encrypt and decrypt short messages. When we’ve encrypted a note, we mail it or leave it for someone to pick up. These techniques date back thousands of years, but even simple ciphers can stump today’s best code-breaking computers for days. A cipher called the “one-time pad” can defeat computer analysis entirely and is still used by spies. However, to get around its limitations (it requires a long key of random letters), Baginski invented his own cipher and teaches it in class. The aim, he says, is “making it prohibitively laborious and expensive to keep a tab on you.”
“Governments from all over the world are [acting] against journalists, human rights activists, human rights defenders and political dissidents,” explains Bruce Schneier, widely considered the foremost U.S. electronic-security expert (Congress called him in to explain the implications of the Edward Snowden leaks). “There’s an arms race here, and journalists are losing.”
In November 2014, for example, online investigative publication The Intercept reported that the U.K.’s top intelligence agencies gave their employees authority to ignore attorney-client privilege and review the private documents of anyone in “sensitive professions,” including journalists. Meanwhile, under the Obama administration, the U.S. government has subpoenaed or snooped on reporters from Fox News to The New York Times and, according to an analysis by PolitiFact, prosecuted more employees for press leaks than all previous administrations combined.
In this climate, journalists must take precautions when communicating with sensitive sources. In 2012, reporters from Vice News failed to strip metadata from a photo of John McAfee, a famous fugitive with whom they were traveling, and inadvertently revealed his location. But even the best electronic security practices have their limits. “Journalists now compete with spooks and spies,” Tom Lowenthal, the resident security expert for the Committee to Protect Journalists (CPJ), wrote in a post on CPJ’s website in April, “and the spooks have the home-field advantage.”
Someone monitoring power lines can tell what sequence of keys is being pressed on a plugged-in keyboard. That includes the passwords necessary to unlock encrypted communications and files. Another device can, from a short distance away, read the electromagnetic waves emanating from computer monitors. So anything on screen is potentially vulnerable. Still wackier are the programs that can listen to the tiny sounds of a computer processor. A technician with sufficient software can, in theory, enlist your cellphone to listen to the data being handled by your nearby laptop—including, again, encryption keys. In this age of technological wizardry, the humble passing of notes may be the last way to communicate with guaranteed privacy.
To be clear, these listening techniques are highly targeted, unlike the NSA programs revealed by Snowden. Only certain people should be worried: whistleblowers from the national security or intelligence communities (and possibly from megacorporations), and the journalists who work with them. But since freedom of the press is at stake, everyone should be concerned. From Snowden to the man who released more than 200 videos of helicopters dumping noxious herbicides on agricultural workers in Oregon: Without whistleblowers, critical investigative reporting will die.
That’s where Baginski and Jones come in. The ex-military police agents started the Clandestine Reporters Working Group (CRWG) because they believe investigative journalism is a core American value. Since leaving the Marines six years ago, Jones has worked as a private investigator. Baginski left the military in 2002 and became an attorney and college instructor.
The men aren’t out to bash their former colleagues. Baginski grants that some extraordinarily smart people work in the intelligence community. He says the lavish recruiting process—which sells intelligence work as a “higher calling”—lures them in.
Both stress that training as an intelligence operator never truly leaves your psyche. That isn’t to say you look over your shoulder all the time, but you’re constantly aware of your surroundings and many potential adversaries.
“If we weren’t educating reporters,” Jones says, only half-joking, “we’d be doing something else with our skills. We could help keep tabs on big-game poachers in Africa.”
That afternoon, we take a field trip. Jones shows us how to analyze the urban landscape for creative ways to lose a minder: to mail something without being seen and to communicate with sources while going about our daily business. To anyone keeping track, our movements look utterly boring—and that’s the point.
This is CRWG’s first training session. Eventually, Jones and Baginski envision the organization being able to provide highly trained reporters to media organizations when a story seems too risky to tackle alone. Baginski imagines providing more thorough training in detecting and evading surveillance, urban land navigation and even how to maneuver out of checkpoints and stand up to interrogation.
It’s clear that services like those provided by CRWG have value, but they come at a cost. Lowenthal, writing for the CPJ website, notes that the expenses necessary to protect key sources, such as “hiring elite security teams instead of extra editors,” can take a deep toll on newsroom budgets.
“When journalists must compete with spies and surveillance,” he writes, “even if they win, society loses.”