DRAFT: Lawyer technical fact sheet


#1

Introduction

(to be written last)

Who is it for?

lawyers - when attorney/client conversations are effectively protected they should be the first to advise whistleblowers.

The context

Communications between whistleblowers, lawyers and journalists have fundamentally changed — technology increasingly facilitates human interactions, making them vulnerable to interception. While in the past, evading surveillance could be accomplished through payphones or handwritten letters, almost everyone now carries a mobile phone that can record the audio around it and transmit location data. The devices we depend on can betray us, and anyone who cares about privacy must go to extraordinary lengths to secure their communications.

When Snowden revealed the extent of the global surveillance apparatus in 2013, thousands of journalist and lawyers became aware of the importance of encrypting their communications so they stay private. But a new trend has emerged since: digital breadcrumbs form a trail of evidence that has led to the identification and in some cases conviction of whistleblowers. It is easier than ever for governments to identify whistleblowers, and mitigating this requires steps beyond encryption. https://flowersforsocrates.com/2015/02/13/cia-whistleblower-jeffrey-sterlings-trial-by-metadata-does-it-set-a-dangerous-precedent-for-free-speech-rights-in-the-united-states/

While some lawmakers are fortunately working to implement policies that proactively protect whistleblowers, journalists, and privacy, securing sensitive communications today requires a toolbox of technical digital security tools. https://www.opensocietyfoundations.org/sites/default/files/global-principles-national-security-10232013.pdf

Three practical scenarios/cases

The most common case. Brigitte Heinisch works in a nursing home where patients are kept in horrifying conditions. https://youtu.be/z6tBCMljTCc . In this case, neither intelligence agencies nor well-resourced private entities are involved, so Brigitte must take only basic steps to remain anonymous if she wants to blow the whistle. She shouldn’t email journalists from her personal email address, or tell anyone that she intends to expose abuse in her place of employment. Some tools she might deploy to remain anonymous include contacting journalists or watchdog organizations through Signal, Wire or WhatsApp .

Corruption involving large organizations. Antoine Deltour revealed hundreds of billions of euros tax evasion scandal https://en.wikipedia.org/wiki/Luxembourg_Leaks . Although the scandal implicates the state, it is unlikely that intelligence agencies are actively trying to prevent the documents from disclosure to the public. However, similar organizations often hire well funded private security agencies whose mission is to proactively prevent such leaks. For this reason, Antoine is strongly advised to:

State actor wrongdoing. Edward Snowden made the world aware that the United States was spying on its own citizens without any evidence of wrongdoing. https://en.wikipedia.org/wiki/Edward_Snowden Intelligence agencies are eager to keep classified information secret, and may go to extraordinary lengths to identify and prosecute whistleblowers who expose state secrets. The precautions mentioned above in the case of corruption involving large organization apply, but situations involving nation states also require:

Conclusion

These guidelines are meant to provide whistleblowers, lawyers and journalists a hint about the kind of tools they would need to effectively carry out their mission. If you feel you’re in between the above categories, for instance because you live in a country where the boundary between corporations and state actors is fuzzy, seek advice. There are many non profits and activists all over the world who are trustworthy and willing to devote their time to put an end to corruption and work daily to resist excessive online surveillance.


#2

@AEMyers @jpfoegle feel free to edit (this is a wiki) and I’m available to answer any technical questions you may have.


July SecureDrop Community Monthly Meeting, Online