Armed cops raid home of American reporter, seize TSA/DHS-related files

PoliceRaid
Armed agents bashing down your door before dawn, while you’re still asleep in bed or in the shower or on the toilet, pointing guns at you and screaming, scaring the living daylights out of you and your children, and often, one of their favorites, shooting your family pet? And sometimes, for good measure, raiding the wrong house?

Where does this happen? And how often?

Story here.

  • CelticWhisper

    I should mention this at the root of the discussion so it doesn’t get lost in nested replies:

    Tools for encrypting data, such as GPG, GPG frontend Cryptophane, and TrueCrypt are reasonably straightforward to use once you understand some basic premises of cryptography (e.g. the nature and functionality of public/private keys, the mathematical background behind keyspaces).

    I won’t pretend that they’re immediately intuitive, but TrueCrypt (at least) makes every effort to be as user-friendly as possible.

    It’s worth setting aside some time to sit down and get acquainted with these tools. Personally, I believe you will find it a worthwhile investment of your time and mental energy, as this software quickly becomes understandable and useful.

  • CelticWhisper

    I know it’s too late, and it doesn’t excuse what these thugs did, but in the future it’d be a good idea for anyone getting documents like the ones stolen to IMMEDIATELY scan them and put them in an encrypted container which is then uploaded to an online storage service and/or distributed to other reporters.

    • Good idea. Of course the NSA will then also have access to them, but then I guess we can’t have everything.

      • CelticWhisper

        That can be mitigated, though. I use Dropbox but since the Snowden revelation, the only thing in my Dropbox account (aside from some random bullshit .txt files with nothing of any interest) is a TrueCrypt container that’s very heavily encrypted. I mount the container, copy files in/out, and unmount it and Dropbox uploads the difference without anyone being able to see what’s actually stored.

        While it’s theoretically possible that TrueCrypt may be compromised, splitting files into multiple containers (e.g. keep FOIA docs in a different container than, say, your tax returns) greatly increases the amount of work necessary to break into each one. Couple that with strong passphrases (30+ characters) and layered encryption algorithms and even the NSA is going to have a very, very bad day if they want in. At the very least you’ve bought yourself enough time to disseminate the .tc container to other contacts, who could be given the passphrase and instructed to further spread the information around. At that point you’ve saddled NSA with the issue of geometrically-expanding exposure to inconvenient information on top of the matter of finding out if the encrypted files even contain that information at all.

        • You have to be conversant, if not entirely competent, to do this stuff. I can tell you that I, for one, am not. I’m lucky I can use the internet. I’m not being facetious. My husband is an IT expert, and I bet even he would probably find it a headache to go through all the rigmarole involved in careful encryption (most of which we now know the NSA has broken anyway).

          Glenn Greenwald has written and talked about this at length. He ignored Edward Snowden’s emails for a long time because he, Greenwald, had no idea how to encrypt stuff and it was too much of a pain in the ass. It wasn’t until he hooked up with Laura Poitras, who knew how to safely encrypt, that he was able to do it.

          I’m not discounting the good sense of doing this. I’m pointing out that most people — most — including reporters — can’t or won’t do it.

          Edited to Add: Not to mention everything this reporter, Audrey Hudson, had was 100% legal. She had no expectation that fascist thugs were going to come barging into her house at 4:30 in the morning and steal her stuff.

          • CelticWhisper

            Cryptography needs a massive PR overhaul, there can be no doubt about that. The biggest issue facing proper data security today is that encryption is difficult to use and even more difficult to convince (technically-disinclined) friends and family to use.

            “But Facebook is so easy and fast!” I’m certain that I’m not the only person who’s heard this excuse/”justification” for using grossly privacy-impaired tools for corresponding with contacts, but it remains a prevalent (if illegitimate and invalid) reason for slacking off on employing technical means to secure communications. I once had a friend try to defend AOL’s AIM protocol as a means of transferring files against my suggestion of using FTP (a time-tested protocol engineered, by efficiency- and interoperability-minded electronics engineers, to be minimal in overhead) to do the same. I shudder to think how such a mind would regard Facebook when viewed exclusively through the lens of convenience.

            I have no illusions that this is an uphill battle, at least for now. What I’m glad about is that Snowden’s revelations have propelled the matter of cryptography’s user-friendliness (or, more to the point, lack thereof) to the forefront of debate among tech-heads. My sincere hope is that the near future will see the release of communication tools that A. are decentralized, B. incorporate de-facto strong encryption, and C. are specifically targeted against United States government entities in their engineering and design philosophies.

            All this having been said, Lisa, I’m happy to provide you some personal one-on-one guidance with regard to using tools like TrueCrypt to protect your personal information. You have my personal E-mail address – feel free to shoot me a message and I’ll help you get acquainted with tools like TC, GPG (GNU Privacy Guard, an open-source implementation of Phil Zimmerman’s PGP), and other tools to help keep private information private.

          • TestJeff Pierce

            I actually bought Bruce Schneier’s Cryptography text to learn about cryptography back in the 1990s. As a math major, I still found it difficult although it is one of the best written explanations of asymmetric algorithms, prime number theory, etc.

            If the NSA is forcing companies to provide their private keys, I think it is difficult for mass encryption to be used in services, and thus only the tools you use are probably best choice. It is just a pain to do.

            It would be interesting if we could have someone able to figure out an easy way to generate “electronic one time cipher pads” and then share them with the recipient(s) in a secure and easy fashion. The code would be unbreakable.
            However, you are still subject to malicious programs running on targeted PCs.

            It is just a difficult thing to guarantee reasonably secure communications.

        • RonBonner

          What’s the odds that TrueCrypt has a backdoor?

          • CelticWhisper

            That very matter has been under investigation and analysis by independant cryptographers. There was a recent effort to compile the TrueCrypt 7.1 Win32 binaries from source (i.e. take the programming code and build functioning computer-executable programs from it) and the effort succeeded, suggesting that there is no backdoor to TC on Windows. Reddit has links to articles on this matter in its /r/RestoreTheFourth and /r/NetSec subreddits (among others). http://www.reddit.com/search?q=truecrypt+binaries

            The short answer is that TrueCrypt is more trustworthy than many other encryption tools.