Encryption Works: How to Protect Your Privacy (And Your Sources) in the Age of NSA Surveillance

Micah Lee

Former Board Member, Freedom of the Press Foundation

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

— Edward Snowden, answering questions live on the Guardian's website

The stories of how NSA whistleblower Edward Snowden first contacted journalists Glenn Greenwald and Laura Poitras (both Freedom of the Press Foundation board members), and how he communicated with the Washington Post's Barton Gellman, have given the public a rare window into digital security and conversing online in the age of mass surveillance.

In response, we've just published our first whitepaper—using the public comments by both Snowden and the journalists involved as illustrations—to show how reporters, whistleblowers, and ordinary Internet users can still protect their privacy online.

You can read the whitepaper here [PDF version].

It's important to remember that while the NSA is the biggest, best funded spy agency in the world, other governments, including China and Russia, spend massive amounts of money of their own high-tech surveillance equipment and are known to specifically seek out journalists and sources for surveillance. In the US, bad digital security can cost whistleblowers their freedom, but in other countries it can cost both journalists and sources their lives. A recent example from Syria illustrates how careless digital security can have tragic results.

The whitepaper covers:

  • A brief primer on cryptography, and why it can be trustworthy
  • The security problems with software, and which software you can trust
  • How Tor can be used to anonymize your location, and the problems Tor has when facing global adversaries
  • How the Off-the-Record instant message encryption protocol works and how to use it
  • How PGP email encryption works and best practices
  • How the Tails live GNU/Linux distribution can be used to ensure high endpoint security

Donate to support press freedom

Your support is more important than ever.

Read more about Security

First major study looks at how SecureDrop is used in newsrooms in North America

Today the Tow Center for Digital Journalism at Columbia Journalism School has published a first-of-its-kind study on how newsrooms are using SecureDrop, our open-source whistleblower submission system that is now …

Publishing the unredacted SecureDrop 0.3.4 audit report

In July, we announced the release of SecureDrop 0.3.4 and published the accompanying security audit by iSEC partners (now NCC Group). The audit found 10 issues, one of which …

US officials have no problem leaking classified information about surveillance—as long as it fits their narrative

In the past few days there have been a flurry of stories about the Russian plane that crashed in the Sinai peninsula, which investigators reportedly think may have been caused …