On Thursday morning, Edward Snowden and hardware developer Andrew “bunnie” Huang unveiled a plan at MIT Media Lab to provide an open source tool that allows journalists to know when their phones are revealing their location. While Snowden has been a constant advocate for freedom of the press since his revelations in 2013, this is the first piece of hardware he has introduced. The paper begins:
Front-line journalists are high-value targets, and their enemies will spare no expense to silence them. Unfortunately, journalists can be betrayed by their own tools. Their smartphones are also the perfect tracking device. Because of the precedent set by the US’s “third-party doctrine,” which holds that metadata on such signals enjoys no meaningful legal protection, governments and powerful political institutions are gaining access to comprehensive records of phone emissions unwittingly broadcast by device owners. This leaves journalists, activists, and rights workers in a position of vulnerability. This work aims to give journalists the tools to know when their smart phones are tracking or disclosing their location when the devices are supposed to be in airplane mode.
The new tool addresses a need among journalists and others for an honest representation of what their devices are doing, and no smartphone currently on the market provides that. When phones are in airplane mode, can they really be trusted to not transmit the journalist’s location? Journalists are especially vulnerable to malware, they write, because of the range of contacts and sources who send information to them.
The idea behind the hardware is to passively detect the activity of the phone’s radio emissions—via WiFi, bluetooth, cellular modem, GPS, and NFC—near-field communication, the vehicle for Apple Pay. The device will involve relatively simple alterations within the smartphone, plus an external battery case that alerts the phone’s owner to any unwanted radio activity. Snowden and Huang call it an “introspection engine,” and hope to have a working prototype using the Apple iPhone 6 in the coming year.
But the point isn’t that this will be the exact thing that journalists use. I spoke with Susan McGregor, the Assistant Director of the Tow Center for Digital Journalism, who said the report hints at driving change, not only among journalists, but in the smartphone industry:
This isn’t like, you’re going to be able to buy this in a store, snap it onto your iPhone, and you’re done. Somebody’s really going to have to open it up and go to town on it. So … it’s going to be a pretty rarified thing in its current form. But I think the spirit behind it is to say, look, one way forward is for vendors to make it easier to monitor the hardware for traffic on these various radios, and that says to me that [Snowden and Huang are] suggesting this is something that vendors might want to take on.
When Snowden and Huang say, “if phone vendors wanted to support efforts like this, future revisions of phones could break [certain] pins out,” they are letting smartphone makers like Apple know what they need.
This is the only first step toward making something that is usable, without being obstructive. Snowden and Huang aren’t focusing on detecting whether the microphone, for instance, or the camera are on, but they say it will be possible to extend their work to include such detection. “Journalists shouldn’t have to be cryptographers to be safe,” note Snowden and Huang. McGregor agrees: “We’re not all computer scientists, we’re not hardware or software experts, we need our devices to do things they don’t do. … I think it’s a really commendable effort and reflects a healthy and promising concern with the issues that real people face with technology.”
Back in the newsroom, there are other, somewhat more cumbersome tools that journalists can use to keep metadata secure. One of those tools is SecureDrop, which works via the Tor network to create a secure way for anonymous sources and whistleblowers to reach journalists without disclosing their identity, even to the journalist. Tow fellow Charles Berret spoke to journalists who use it in his recently published Guide to SecureDrop. Even in encrypted email, where the contents of the messages are hidden, the metadata—the sender, the time, the fact of the correspondence—is often enough to figure out the circumstances of communication between a journalist and a source.
While SecureDrop and the introspection engine solve two different problems—secure communication and secure location—, McGregor told me, they are both trying to address a need among journalists for practical solutions to what are often theoretical problems.
Not surprisingly, after the Snowden revelations about the extent of government surveillance in 2013, Berret finds that interest in security among journalists went up dramatically. Because SecureDrop connects sources directly to a server at the newsroom, it can be legally beneficial, because it preserves the journalist’s right to keep his or her sources secret.
“A Pew poll from February 2015 found that sixty-four percent of investigative journalists believe that they have been subjected to surveillance by the U.S. government,” writes Berret. “The same poll found that about half of these journalists had since taken measures to protect sensitive documents they share, and thirty-eight percent had begun to use secure communication tools with their sources.”
SecureDrop is now used by over a dozen newsrooms, including The New Yorker, The Intercept, the Washington Post, Gawker, The Globe and Mail, and ProPublica. More than 80 organizations are on the waiting list for SecureDrop. While most of the journalists that Berret spoke with were reluctant, for privacy reasons, to reveal which stories came from SecureDrop tips, all of them confirmed that stories had indeed come in through this route. New Yorker staff writer Amy Davidson described it as a “much-needed asset” in an age where senders can be traced “even when they don’t want to be found.”
At the moment, SecureDrop, like the introspection engine, takes a great deal of investment to install, and, unlike the introspection engine, to keep up: it is a magnet for all kinds of spam and trolling. But the journalists who use SecureDrop do not seem to be troubled by the large amount of spam that comes in. Even if it’s not always useful, the journalists that Berret spoke with see SecureDrop as a crucial tool for a healthy and free press.
Despite the fact they require a lot of upfront investment, there is a real need and desire for secure tools. The introspection engine, McGregor said, “is a great example of grounding experimental design and research efforts in the needs of a real community.”