“At this stage I can offer no more than my word. I am a senior employee in the intelligence community. I hope you understand that contacting you is extremely high risk….In the end, if you publish the source material, I will likely be immediately implicated. I ask only that this information makes it home to the American public. Thank you. And Be careful.”
In every area of activism, we walk the line between security and convenience. We choose how much to reveal ourselves, and how much to keep private. This delicate balance is often upended when we speak to someone, such as a whistleblower, who has no choice but to sacrifice all of their convenience for security. And yet, many activists, including myself until last month, are unprepared for an opportunity to help a whistleblower because they have no security measures to keep themselves and their source anonymous.
U.S. National Security Agency Whistleblower Edward Snowden not only chose to contact Laura Poitras and Glen Greenwald because of their integrity and reputations, but because they had encrypted channels with which to communicate. Every activist, anywhere in the world, should be prepared for this opportunity.
Thanks to Travis at the Homan Square Opposition Coalition, I’ve been able to successfully encrypt and secure my own email communications. Here’s how to prepare yourself, in 10 steps.
1. Get a webmail account, such as Gmail, Yahoo, or Aol.com. (If you have a different account, follow the steps from Lifehacker here.)
2. Download the Mailvelope browser extension at https://www.mailvelope.com/
3. A lock and key will appear in the upper-right corner of your browser. Click it.
4. Click “options,” and a new tab will open. Click “generate key” when it appears on the left side of your screen.
5. Generating your key
Fill in the form to Generate your key. Make sure to choose a strong passphrase as your password.
6. Finding your keys
Instruct anyone to whom you want to send encrypted communications to follow this guide to this point. When they have done so, you should each access your public key by going to Key Ring > Display Keys.
7. Handing out your public key.
Click on your key. When the pop-up appears, click “Export.” Copy and paste your public (not private) key and email it to your source or fellow activist. They should do the same for you.
8. Adding a public key to your key ring.
When you receive the email with your source’s public key and scroll over it, the below screen will appear. Simply click on the image of the key, and it will add the public key to your email account.
9. Sending Encrypted Mail
Now, you have your source’s key, and they have yours. All that’s left to do is send an email. Open your email account, compose a new email, and when you do:
You will see a little box appear:
Click the box, and you’ll be greeted with this popup:
Write your message. After you have composed your message, click “Encrypt.” A new dialog will appear. Choose your destination email(s), click “add” and then click “Ok.”
After you encrypt your message, the “Encrypt” button will change to a “Transfer” button. Click “transfer” to add your message to your email. Be sure to add your source’s email as you normally would when sending an email. Send the email.
10. Receiving encrypted mail.
When you receive and scroll over the contents of an encrypted message, this overlay will appear. Simply click the image of the envelope and padlock, enter your passphrase from step 5, and if the email was addressed to you, you’ll be able to read it.
Congratulations! You’ve now set up email encryption and have a secure method of communication. Remember to protect your passphrase and your private key. If someone gains access to both they will be able to decrypt your mail without your knowledge. Keep your passphrase safe!
Now, when your Citizen Four contacts you, you’ll be ready.
Dan Johnson is the Founder and President of the Solutions Institute. Want to discuss this topic more? Email Dan at dan [at] solutions-institute.org.