Laura Poitras's CitizenFour arrives in theaters this weekend, offering an inside look at the Snowden leaks and the eight days Snowden spent in a hotel room in Hong Kong as the first stories were published. The leaks themselves required intense security measures, but editing and distributing the film has presented a challenge of its own. CitizenFour contains two separate stories which were held back until the film's carefully orchestrated premiere: one on industry infiltration in China and Germany and another on Snowden's girlfriend, Lindsay Mills, and her new residence in Moscow. Countless other secrets left behind in the editing room, and had to be protected throughout the process.
Keeping that data under wraps for the past 18 months has been a herculean security undertaking, involving physical hard-drive handoffs, shared encryption accounts and at least one surgically modified laptop. We sat down with Laura Poitras this week to talk about the tools she used to keep it all safe.
Encrypted hard drives are your friend
All of our media was stored on encrypted drives, so you had to enter passwords and if the editing room ever got raided, they wouldn't get all of our outtakes. That's a lot of encrypted drives, but ultimately you enter a password when you turn on your computer, it's not that different than stuff you know. It just takes some time and you need someone who's devoted to it. And technically, it takes some time to do the encryption, but once it's there, it basically just operates like a hard drive.
When we were finishing, we had a lot of people who were doing audio and we were a little bit careful about transferring anything just over the wire. We'd just drop it off. And everybody got on PGP to communicate, so we definitely trained a bunch of people on using encryption. We had to share cuts, so we had certain protocols, shared passwords that were decided in New York and then we'd move encrypted files using those shared passwords. It does add a level of complexity but the negative consequences are so bad that you have to do it.
Different levels of security means different computers
I definitely compartment different computers for different tasks. There's an air gap for documents. There's a Tails machine that's been sort of…a lot of things have been removed from it, just soldered off. Microphones, all the extras. And then I have one that I actually use the internet on. And of course I use software like Tor for internet browsing. But I did that long before Snowden.
After I came back from meeting Snowden in Hong Kong, I went back to Berlin and I just put my cell phone away. I figured it just wasn't a good thing for me to have for a number of reasons. It's a microphone and it's also a tracking device and I just thought…I'm just not going to broadcast it. So I stopped using a cell phone while I was editing, but now I'm in here doing distribution and I need to talk to people so I've got a cell phone again.
Once you come to terms with the risks, then the choices are pretty simple. It's just safety, and any way you would approach safety in any other context. Just, "oh that's dangerous. Your cellphone is dangerous in this situation." It becomes kind of intuitive. If we were talking about a sensitive situation, I would just say, okay let's take the computers out of the room. It just becomes an obvious thing to do as a precaution.
Don't be afraid to upgrade when necessary
When the first emails came in from Snowden, he asked for my key and I gave him my key and then he asked questions about my computer, making sure that it was secure. And then I got a bit of information and as soon as I got a bit of information I thought, okay I need to get on another system. It was clear that I wanted to get off that was tied to me by my true name. So I had another cheap computer that I bought with cash and I would use Tails to communicate and open various anonymous email accounts that we changed over time. And that was basically using Tails with PGP, no live Jabber chatting at that point. After Hong Kong we started using some chat over OTR. It's a combination.
[When Snowden saw the film], he had a lot of operational security notes. There's some encrypted cyphertext in the film and he wanted to know, did I use new keys — and I did, actually. [Ed. note: With both encrypted text and the unencrypted message, an attacker could reverse-engineer the decryption key.] If he's typing his passphrase on-screen, we tried to change some of the audio so they couldn't figure out what he was typing. He had a lot of hardware notes too: "Did you know you could see that USB stick on that player?"