You know, there's one very valuable piece of info that I don't think has been revealed anywhere yet, or I missed it:
Recall, for example, Glenn Greenwald's admission that he "almost lost one of the biggest leaks in national-security history" because Snowden initially insisted on communicating with strong crypto and Greenwald didn't want to be bothered to install it.
What exactly did Snowden insist Greenwald do, precisely? Whatever Snowden insisted on, it's guaranteed to be an NSA-proof method of communication. So it seems like it's an essential first step to figure out the details and train people to use it habitually.
PGP email. And Snowden has already specifically stated that a PGP/GPG encrypted document is safe from the NSA (assuming no one leaves around a plaintext or private key, anyway).
"Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it." - http://www.theguardian.com/world/2013/jun/17/edward-snowden-...
I appreciate your comment, thank you. May I ask for a source where you got your info? It's probably accurate, but it's good practice to insist that hearsay not be trusted on faith.
Second paragraph into the article describes Snowden's requirement to use PGP while contacting Greenwald at the least (although it's a tertiary source and very sparse in technical details).
Would anyone speculate on the technical details of what Snowden probably recommended Greenwald do, step by step? What steps would you recommend to Greenwald if you had been in Snowden's position?
It's not enough to merely tell people "install PGP." Snowden presumably went into meticulous detail about precisely how to be completely secure. Even something small like "here is the exact exe installer to download" is probably significant, because that would mean that specific installer is clean and free of NSA tampering.
Bear in mind that as soon as Snowden started communicating with Greenwald, he knew that he was going to flee the US within a short time period, after which there would be little damage in the NSA decrypting the historical communication logs. As such, knowing which mechanism he would choose for encryption that was required to be secure for only a few months might not be that useful.
A document properly encrypted with AES or similar modern methods would be considered "strong crypto" (using the article/'90s political terminology) and would be infeasible with current computing power to crack (assuming AES does not have a major vulnerability/backdoor, which has yet to be discovered by the top security researchers who depend on it).
As tptacek and others frequently say: "Crypto is hard to do right".
There is sufficient encryption technology to evade the NSA (at this point in time) but the social-engineering aspects and difficulty confirming a bug-free, secure implementation present the most issues.
Indeed, which is precisely why it's so valuable for us to figure out exactly what Snowden insisted on: it addresses every single one of the problems you mention, which is no small feat.
Going by [1] it seems like PGP.
"Snowden only wanted to communicate securely using PGP encryption, for which Greenwald didn’t have the proper software installed at the time."
In an interview with The Huffington Post, Greenwald acknowledged that he's no expert in using such technology and said that Snowden even provided a step-by-step email and video to help secure their communication.
I wish Greenwald would publish that step-by-step email. It's probably one of the most valuable HOWTOs ever written, because only Snowden (and his colleagues) know for a fact what steps are NSA-proof.
It could be minimum key size and such, or potentially a specific older version of GPG if NSA ever managed to get something into the codebase, but I suspect it's simple.
Glenn Greenwald is really not very technical at all, so I imagine it was really about getting GPG installed and an appropriate plug-in for his mail client. I actually bet most of the e-mail was spent explaining why he needed to do this, because even now people are still reluctant to use GPG. There's been no explosion in it's use. People are still lazy.
Schneier has pretty much outlined how to communicate with reasonable assurance of security while he is working on Snowden document: Use an air-gapped machine for your work, and a separate Internet-connected machine to send and receive documents encrypted offline.
But this is just the logical conclusion if you believe:
a) Crypto math works
b) The NSA has zero-day exploits for every system.
Recall, for example, Glenn Greenwald's admission that he "almost lost one of the biggest leaks in national-security history" because Snowden initially insisted on communicating with strong crypto and Greenwald didn't want to be bothered to install it.
What exactly did Snowden insist Greenwald do, precisely? Whatever Snowden insisted on, it's guaranteed to be an NSA-proof method of communication. So it seems like it's an essential first step to figure out the details and train people to use it habitually.