What needs to be in your tool belt if you plan to report on a massively funded and ultra-secret organization like the NSA? In the credits of her newly released CITIZENFOUR, director Laura Poitras gives thanks to a list of important security resources that are all free software. We've previously written about CITIZENFOUR and Edward Snowden's discussion of his motivation to release closely guarded information about the NSA. Here's a closer look at the seven tools she names as helping to enable her to communicate with Snowden and her collaborators in making the film.
Tor is a collection of privacy tools that enables users to mask information about who they are, where they are connecting to the Internet, and in some cases where the sites they are accessing are located. The Tor network relies on volunteers to run nodes that traffic can pass through, but connecting is as easy as downloading the Tor Browser Bundle and hopping online. We've helped strengthen the Tor network by running a challenge to encourage more volunteer support, and our newly updated Surveillance Self Defense guide has information for Windows users on how to use the software. The Tor Project was also a winner of EFF's 2012 Pioneer Award.
One of the most robust ways of using the Tor network is through a dedicated operating system that enforces strong privacy- and security-protective defaults. That operating system is Tails—The Amnesiac Incognito Live System—and it's designed to run from a USB stick plugged into nearly any computer, without interfering with already installed software. Tails has received support from a group called the Freedom of the Press Foundation, where Poitras sits on the board alongside Snowden and Glenn Greenwald, who also features prominently in the film.
Also from the Freedom of the Press Foundation comes SecureDrop, a whistleblower submission system designed for journalists who wish to protect the anonymity of their sources. SecureDrop was originally designed by the late activist Aaron Swartz and the journalist Kevin Poulsen, and has been actively developed by Freedom of the Press Foundation and a network of volunteers for the past year. It has been deployed a number of prominent news organizations, including the New Yorker, Forbes, ProPublica, The Guardian, The Washington Post, and Poitras and Greenwald's current publication, The Intercept.
GPG encryption is the only one of the technologies Poitras mentions that actually gets significant screen time in her film. Throughout her early interactions with Snowden, the two consistently used emails encrypted end-to-end with GPG encryption, represented onscreen with the jumbled letters and numbers you see if you don't have the private key necessary to decrypt. GPG has been criticized for being unfriendly to new users, and it requires that both the sender and receiver are familiar with it. But it may be getting easier to use: we've explained how to do so on Mac, Windows, and GNU/Linux, and the Free Software Foundation has also prepared a guide.
OTR Instant Messaging
The Off-The-Record protocol allows for encrypted communication over existing popular instant messaging networks. It is one of the simplest ways for two users to get end-to-end encryption; that is, a communication that is encrypted with a key that only the recipient has, not a trusted third party. Our Surveillance Self-Defense guide outlines how to use OTR for Mac and Windows users. We've also awarded its co-founder Ian Goldberg with a Pioneer Award in 2011.
Truecrypt hard disk encryption
While CITIZENFOUR was in production, the pseudonymous team behind the popular Truecrypt software somewhat dramatically stopped supporting its further development. The future of the Truecrypt source code itself is a bit murky, then, but there are still viable alternatives for full-disk encryption. We've got a tutorial for the Windows tool DiskCryptor in our Surveillance Self-Defense guide, as well as general tips for full-disk encryption on Mac and GNU/Linux systems.
If you find the arguments for free software security tools compelling, you may be interested in using an operating system built on the same principles. GNU/Linux is much broader than some of the other tools mentioned here, and encompasses an enormous number of distinct collections of software, called distributions. Debian is one such distribution. Maybe most people won't come home from seeing CITIZENFOUR with a sudden desire to switch operating systems, but it's at least worth exploring.
Snowden's leaks—and the resulting news stories, books, and now documentaries—have profoundly affected the way people around the world think and talk about privacy and mass surveillance. It's encouraging to know that, even in the face of enormous spying programs, average computer users have access to powerful tools that can help keep their communications safe from prying eyes. Learn more about how to defend yourself from that surveillance with our Surveillance Self-Defense Guide.