The recent indictment of former intelligence analyst Daniel Hale offers a cautionary tale to future whistleblowers. In the process of leaking dozens of classified documents to the press, Hale followed the same canned advice that’s been repeated by Edward Snowden and countless other privacy advocates: it’s all about onion routing and strong encryption. For example, Hale used a bootable thumb drive loaded with the ostensibly secure Tails operating system. To communicate with reporters, he employed an encrypted messaging platform.
But his security measures were to no avail. Hale has been arrested and charged under the Espionage Act. He is the third such whistleblower, behind Terry Albury and Reality Winner, to have been snared by the authorities after leaking documents to The Intercept. These cases are a potent reminder that while reporters may be shielded by First Amendment protections, their sources are not.
Future whistleblowers should recognize that disclosing official secrets is a veritable minefield. Using an app which is branded as “secure” to communicate with high-profile reporters will make the corresponding network traffic stand out like a glow stick to security services. Hale, in particular, also made the flagrant mistake of printing out documents that were unrelated to his job function. There’s a whole market segment of insider threat tools that are specifically designed to detect this sort of activity.
Clandestine operations officers have had years of formal training. They pass through selection processes and gain experience stationed overseas in hostile environments. Put bluntly, they’re essentially skilled criminals who successfully break laws in other countries over sustained periods. That’s what clandestine ops are all about. It’s unclear if it’s realistic to expect someone to be able to duplicate the required level of operational expertise with a random collection of digital security platforms (e.g. Tails, Tor, PGP and Signal).
It’s almost as though Edward Snowden was an anomaly. A technical specialist who was in the right place at the right time. Working in an environment which lacked the appropriate security controls and doing so with fairly high-level authorization. Even then, six years later the results have been disappointing. After months of nonstop coverage, countless prime-time interviews and a couple of Hollywood feature films, the Edward Snowden affair has run its course. Policy makers passed empty legislation that former spies have openly mocked. Snowden, cloistered in Russia, has faded into the background.
Tech executives put on a heck of a show, deftly casting themselves as rebels against the big bad government. The Intercept, which maintained a complete copy of the Snowden documents, has officially shuttered its archives and is currently — I kid you not — promoting email servers in a box.
The Intercept’s peculiar foray into the domain of consumer network appliances is based on the premise that the vendor is unlikely to insert a clandestine back door, as doing so would be against the vendor’s financial interests. Yet, the record shows that an industry giant like RSA, which embodies corporate information security, secretly colluded with the National Security Agency (NSA) to backdoor its gear. In other words, it’s not against the vendor’s interests — so long as nobody finds out. Some security services don’t even care if people find out. Legal mandates to facilitate “technical capabilities” (read: back doors) have been formally instituted by governments in Russia, China and the United Kingdom.
In light of all this covert and overt subversion, asking if a product is secure is posing the wrong question. The appropriate question is this: Which faction of clandestine agencies have access?
This question has been studiously avoided. Early on, Silicon Valley grasped that the Snowden affair was a public relations matter: a narrative that they could hijack to sell new tech. Never mind that the stuff they’re selling tends to spy on us. It goes without saying that assurances will be offered: promises that the new and improved tech is more “secure,” and that they’ve turned over a new leaf. They’ve learned their lesson. They’re all about privacy now — just make sure to read the fine print.
Security services, in the meantime, are also swimming in data. The Office of the Director of National Intelligence has just published the intelligence community’s annual transparency report. In 2018, the NSA performed 164,770 queries of Americans’ phone records, which is more than a five-fold increase over the previous year. Likewise at the border in 2018, U.S. Customs and Border Protection conducted more than 33,000 warrantless device searches, nearly seven times the number from 2015.
Former insiders indicate that Snowden’s sacrifice represents little more than a speed bump to intelligence community efforts. Most signal intelligence collection occurs outside of U.S. borders, where it’s no holds barred.
We’re in an age where nations are spending big money to compromise each other’s networks. Every major power is an actor, and no one is immune. Even the heavyweights have had their dirty laundry aired. In the past couple of years, both the NSA and the CIA have suffered catastrophic breaches. High-value targets like Joaquín Guzmán, who try to take the tech-centric approach and build their own private digital networks, do nothing more than create a big juicy bullseye for security services. Once those networks are breached — and they will be — the secrets they guard tumble right out of the ether.
The lesson is simple: You can’t have your cake and eat it too. If you want to achieve higher levels of privacy in high-risk situations, you’ll need to sacrifice digital convenience. It’s a message that Silicon Valley finds repugnant because, above all, executives need to keep selling — selling apps, selling services, selling gadgets, selling bandwidth and selling your personal data. The money’s too good to stop. Trillions of dollars are up for grabs. The political influence that this revenue garners is substantial. Hence, don’t expect lawmakers, judges or the president to save you. The fines being threatened are essentially speeding tickets amounting to a small fraction of what they make.
So don’t listen to the marketing executives. They know what you want to hear, and it isn’t the truth. Security isn’t a commodity that can be bought. Security is a process, especially in high-risk scenarios. Avoiding detection takes discipline, consistency and training. Until whistleblowers stop relying on quick-fix gadgets and start relying on rigorous process, we will likely encounter more Daniel Hales in the future.
Help us Prepare for Trump’s Day One
Trump is busy getting ready for Day One of his presidency – but so is Truthout.
Trump has made it no secret that he is planning a demolition-style attack on both specific communities and democracy as a whole, beginning on his first day in office. With over 25 executive orders and directives queued up for January 20, he’s promised to “launch the largest deportation program in American history,” roll back anti-discrimination protections for transgender students, and implement a “drill, drill, drill” approach to ramp up oil and gas extraction.
Organizations like Truthout are also being threatened by legislation like HR 9495, the “nonprofit killer bill” that would allow the Treasury Secretary to declare any nonprofit a “terrorist-supporting organization” and strip its tax-exempt status without due process. Progressive media like Truthout that has courageously focused on reporting on Israel’s genocide in Gaza are in the bill’s crosshairs.
As journalists, we have a responsibility to look at hard realities and communicate them to you. We hope that you, like us, can use this information to prepare for what’s to come.
And if you feel uncertain about what to do in the face of a second Trump administration, we invite you to be an indispensable part of Truthout’s preparations.
In addition to covering the widespread onslaught of draconian policy, we’re shoring up our resources for what might come next for progressive media: bad-faith lawsuits from far-right ghouls, legislation that seeks to strip us of our ability to receive tax-deductible donations, and further throttling of our reach on social media platforms owned by Trump’s sycophants.
We’re preparing right now for Trump’s Day One: building a brave coalition of movement media; reaching out to the activists, academics, and thinkers we trust to shine a light on the inner workings of authoritarianism; and planning to use journalism as a tool to equip movements to protect the people, lands, and principles most vulnerable to Trump’s destruction.
We urgently need your help to prepare. As you know, our December fundraiser is our most important of the year and will determine the scale of work we’ll be able to do in 2025. We’ve set two goals: to raise $104,000 in one-time donations and to add 1340 new monthly donors by midnight on December 31.
Today, we’re asking all of our readers to start a monthly donation or make a one-time donation – as a commitment to stand with us on day one of Trump’s presidency, and every day after that, as we produce journalism that combats authoritarianism, censorship, injustice, and misinformation. You’re an essential part of our future – please join the movement by making a tax-deductible donation today.
If you have the means to make a substantial gift, please dig deep during this critical time!
With gratitude and resolve,
Maya, Negin, Saima, and Ziggy