Yesterday Micah Lee published a story at The Intercept about how he communicated with Snowden before the leaks and how he was helpful in setting up secure communications for Laura Poitras and Glenn Greenwald. It is a really good article with lots of interesting tidbits. You should read it now. But the thing that caught my intention was the small mistake that happened during this time.

I need to preface this analysis by saying that everyone involved in these matters have done extremely well. My purpose in pointing out this mistake is not to cast any negative light on the people involved, but rather to use it as an example for education.

So what is this mistake that I'm talking about? As part of the setup of secure communication, Micah first sends Laura's public key to Snowden. Laura then creates a completely new email address and public key, in order to compartmentalize her communication with Snowden. But in order for Snowden to feel comfortable with this new key and address, he asks Laura to ask Micah to publish the fingerprint for Laura's new key to his Twitter account. This is all legit and a good idea. However, the crucial detail is that Laura sends an email message to Micah from her new address, to his regular address, asking him to post the fingerprint to his Twitter feed.

I am assuming that the content was correctly encrypted and signed and verified etc, so that there was no chance of a man-in-the-middle attack for this setup. However, even without the chance of a MITM, Laura broke her compartmentalization by sending that one email. Contact chaining means that Micah's regular address is now linked to Laura's new address, which is now linked to Snowden's new address. What that means is that there wasn't much point in Laura setting up the new email address.

This is not a large mistake, and things turned out fine - but it could have been the small detail that linked information together in such a way that new connections could have been made.

What is the lesson here? When compartmentalizing communication it is extremely important that you never break it. Compartmentalization is very fragile - one single mistake and it's gone. The best thing you can do then is to tear it all down and never use that account again. What is the right way of doing what Laura and Micah wanted to do? Simply for Laura to send an encrypted and signed email from the regular address she uses to communicate with Micah, asking him to post the fingerprint.

I find it interesting that the more we find out about what happened before the Snowden leaks became public, that there have been a few of these small things that could potentially have risked the whole enterprise. Greenwald using Cryptocat to communicate in the beginning of June, when Cryptocat had severe cryptographic vulnurabilities is another one of those.

Security, privacy and anonymity is fragile - it's easily broken and it requires constant vigilance.