What needs to be in your tool belt if you plan to report on a massively funded and ultra-secret organization like the NSA? In the credits of her newly released CITIZENFOUR, director Laura Poitras gives thanks to a list of important security resources that are all free software.
Here’s a closer look at the seven tools she names as helping to enable her to communicate with Snowden and her collaborators in making the film.
Tor is a collection of privacy tools that enables users to mask information about who they are, where they are connecting to the Internet, and in some cases where the sites they are accessing are located. The Tor network relies on volunteers to run nodes that traffic can pass through, but connecting is as easy as downloading the Tor Browser Bundle and hopping online.
One of the most robust ways of using the Tor network is through a dedicated operating system that enforces strong privacy- and security-protective defaults. That operating system is Tails—The Amnesiac Incognito Live System—and it’s designed to run from a USB stick plugged into nearly any computer, without interfering with already installed software.
Also from the Freedom of the Press Foundation comes SecureDrop, a whistleblower submission system designed for journalists who wish to protect the anonymity of their sources. SecureDrop was originally designed by the late activist Aaron Swartz and the journalist Kevin Poulsen, and has been actively developed by Freedom of the Press Foundation and a network of volunteers for the past year.
GPG encryption is the only one of the technologies Poitras mentions that actually gets significant screen time in her film. Throughout her early interactions with Snowden, the two consistently used emails encrypted end-to-end with GPG encryption, represented onscreen with the jumbled letters and numbers you see if you don’t have the private key necessary to decrypt. GPG has been criticized for being unfriendly to new users, and it requires that both the sender and receiver are familiar with it.
OTR Instant Messaging
The Off-The-Record protocol allows for encrypted communication over existing popular instant messaging networks. It is one of the simplest ways for two users to get end-to-end encryption; that is, a communication that is encrypted with a key that only the recipient has, not a trusted third party.
Truecrypt hard disk encryption
While CITIZENFOUR was in production, the pseudonymous team behind the popular Truecrypt software somewhat dramatically stopped supporting its further development. The future of the Truecrypt source code itself is a bit murky, then, but there are still viable alternatives for full-disk encryption.
If you find the arguments for free software security tools compelling, you may be interested in using an operating system built on the same principles. GNU/Linux is much broader that some of the other tools mentioned here, and encompasses an enormous number of distinct collections of software, called distributions. Maybe most people won’t come home from seeing CITIZENFOUR with a sudden desire to switch operating systems, but it’s at least worth exploring.
Snowden’s leaks—and the resulting news stories, books, and now documentaries—have profoundly affected the way people around the world think and talk about privacy and mass surveillance. It’s encouraging to know that, even in the face of enormous spying programs, average computer users have access to powerful tools that can help keep their communications safe from prying eyes.