INTERVIEWING THE MOST WANTED MAN in the hemisphere is not something any sane person undertakes lightly. Aside from weighing the risk to one’s personal safety, a journalist must also protect his or her source by taking careful precautions — some reporters have gone so far as to risk or actually receive jail time rather than break the confidence of their sources. As the Snowden revelations have brought ubiquitous mass surveillance into sharp relief, these considerations have become far more complex and personal fortitude isn’t always enough.
On Saturday, Rolling Stone published a major scoop: Actor Sean Penn traveled to northwestern Mexico to speak with Joaquín Archivaldo Guzmán Loera — “El Chapo” — the notorious leader of the Sinaloa drug cartel. It was El Chapo’s first (and perhaps last) press interview as a free man. At the time of the visit, El Chapo was a fugitive in hiding, but the day before the article went live, Mexican marines, with support from the U.S. Drug Enforcement Administration and U.S. Marshals, captured him after “a fierce gun battle.”
Mexico’s Attorney General Arely Gomez has said that Penn’s face-to-face meeting with Guzmán “was an essential element” in the operation that led to the fugitive drug lord’s apprehension. Mexico City’s El Universal published a photo gallery of what appears to be a series of surveillance images of Penn and actress Kate del Castillo’s arrival in Mexico to meet with Guzmán.
The photos notwithstanding, there are still plenty of reasons to maintain a healthy skepticism of the official line that Penn inadvertently helped Mexico and the U.S. catch El Chapo and there is no public suggestion that his digital security practices led to the raid.
Penn clearly made an earnest effort to cover his digital tracks, and it’s easy for even the most skilled operators to make costly errors, but the self-described “single most technologically illiterate man left standing” details a litany of seeming operational security mistakes in his communications. Most of these descriptions are vague and could be misinterpreted, and, of course, he could also be omitting other, more effective security measures he employed. Thus, this article is intended as a case study in source protection based on the limited information available. The Intercept reached out to Rolling Stone for this article but they did not respond.
In the age of mass surveillance, technological ignorance is no longer an option, but even best practices are far from foolproof. If you’d rather skip the don’ts and jump right to the do’s, technologist Micah Lee, my colleague at The Intercept, has written some of the handiest explainers out there on how to implement operational security best practices, which can be read here, here, here, here, here, and here.
Keep quiet
Penn’s first error is his most egregious, precisely because it is the simplest operational security rule by which one should abide: Don’t talk specifics about your operational security. The descriptions of his security methods are the first words of his 10,000-word article:
It’s September 28th, 2015. My head is swimming, labeling TracPhones [sic] (burners), one per contact, one per day, destroy, burn, buy, balancing levels of encryption, mirroring through Blackphones, anonymous e-mail addresses, unsent messages accessed in draft form. It’s a clandestine horror show for the single most technologically illiterate man left standing. At 55 years old, I’ve never learned to use a laptop. Do they still make laptops? No fucking idea!
Let’s imagine a hypothetical scenario in which, at the point the article is published, Guzmán is still at large and Mexican and U.S. officials searching for him were unaware of his rendezvous with Penn. Each of these details becomes a clue for law enforcement.
Using mass surveillance to track criminals or terrorists invokes the tired but true analogy of “a needle in a haystack.” By revealing specific brands of equipment, types of software, and particular practices, you greatly narrow the haystack that any analyst has to sift through. If your goal is to protect your source, revealing these sorts of details to establish your James Bond bona fides is an error that could be putting your source’s life at risk.
In this case, the problem is compounded by the fact that none of the particular practices is particularly effective at evading a major nation-state adversary, which I will explore below, item by item.
Mexican drug lord Joaquín “El Chapo” Guzmán is escorted by army soldiers to a waiting helicopter at a federal hangar in Mexico City, Jan. 8, 2016.
Photo: Rebecca Blackwell/AP
The goal is anonymity, not just encryption
Penn rightfully suspected that the feds might be on to him and reiterates this throughout the article. At one point he writes, “There is no question in my mind but that the DEA and the Mexican government are tracking our movements.”
While encrypted emails or messaging, when used effectively, can help obscure what someone is saying, encrypted communications produce voluminous, potentially compromising metadata that can be used to track location. Metadata is not the contents of communications, but information about the two devices in contact. If your source is using a mobile phone on a cellular network, metadata can be used to geolocate him within 30 feet of his actual position. If your source is using a standard internet connection without an effective VPN or anonymization service, like Tor, that information can identify a location to within less than a half mile.
Geolocation via metadata is a very valuable tool in the intelligence community’s arsenal. As former head of the NSA and CIA Michael Hayden once put it, “We kill people based on metadata,” which is why top jihadis have learned to stay off the phone and off the internet. This 2014 article from The Intercept explains how it is done.
Finally, the mere use of sophisticated encryption programs in parts of rural Mexico described by Penn by those not affiliated with the cartels is likely quite rare. Thus, if the NSA or DEA knows their target is using a specific program, they could simply search for the unique signatures of those programs in a given area to considerably “thin the haystack” of potential suspects.
Burner phones aren’t perfect, especially internationally
Cheap, single- or short-term use, prepaid cellphones paid for in cash — burners — first surged into the public consciousness thanks to HBO’s The Wire, which featured Baltimore drug dealers regularly swapping phones to avoid warranted wiretaps by the Baltimore police. Each new phone number has to be identified by the cops and then requires a new warrant, a process that can take days, at which point the dealers are already using another phone. Yet this high-tech game of cat and mouse loses much of its effectiveness for staying anonymous when stacked up against a massive adversary like the NSA, which isn’t always bound by the legal safeguards that cops have to follow.
Particularly on international phone calls, the NSA employs complex algorithms to sort through massive stacks of communications metadata — which doesn’t require a warrant — “to help analysts identify a phone number of interest.” Using documents obtained by NSA whistleblower Edward Snowden, the Washington Post first reported on a program known as CO-TRAVELER, which sifts through cellphone metadata looking for and automatically flagging examples of suspicious behavior indicative of tradecraft. Advanced computational tools at the NSA’s disposal can be used to identify, for example, a particular phone number in Mexico that receives only one call each from a series of phones on a prepaid cellphone carrier like TracFone.
By identifying the carrier in the article, Penn would be further assisting the hypothetical NSA analyst greatly by narrowing the necessary search parameters.
Orwellian voice recognition
Using burner phones may help keep the authorities off of your scent and allow your conversations to blend into the masses of unencrypted phone traffic, but without the protection of encryption there is yet another technological foe to contend with: voice recognition.
The NSA maintains enormous databases of unselected recordings of foreign phone conversations — that means everybody’s and anybody’s calls, not just those of targets. In the Bahamas that data has been stored for 30 days. It is not publicly known what the commensurate capabilities are in Mexico, but the country is an area of high interest for the NSA.
A 2011 document published last year by The Intercept describes how the NSA has implemented Human Language Technology processing in Mexico, which includes the ability to identify a speaker using a “statistically generated voice model.” With just a short sample of El Chapo’s voice, the NSA could be automatically sorting through all collected voice traffic in Mexico in search of his unique speech patterns, and then correlate that with geolocation metadata — although the specifics of how widely and how effectively this technology is currently implemented by the agency are not entirely clear.
Sharing messages as unsent drafts is pointless
Penn references using “unsent messages accessed in draft form,” an op-sec strategy that has been thoroughly debunked, most famously in the 2012 scandal that led to the resignation and eventual conviction of former CIA Director David Petraeus. America’s top spy, Petraeus, was revealed to have been using this technique, known as a “digital dead drop,” to pass messages with Paula Broadwell, his biographer with whom he was having an affair. Investigators were eventually able to piece together the metadata trail to identify Broadwell, who did not use Tor or an effective VPN to shield her IP address.
As the ACLU’s principal technologist, Chris Soghoian, pointed out at the time, this tactic simply is not effective since drafts are stored in the cloud just like sent email. “Ironically enough, by storing emails in a draft folder, rather than an inbox, individuals may be making it even easier for the government to intercept their communications,” Soghoian wrote. “This is because the Department of Justice has argued that emails in the ‘draft’ or ‘sent mail’ folder are not in ‘electronic storage’ (as defined by the Stored Communications Act), and thus not deserving of warrant protection. Instead, the government has argued it should be able to get such messages with a mere subpoena.”
Not all encryption is created equal
The Rolling Stone article highlights the use of Blackphone, an encrypted cellphone operating on a modified Android operating system, developed by Silent Circle and marketed to the security-conscious in the post-Snowden environment. A Silent Circle founder, legendary cryptographer Phil Zimmermann, has previously gone on the record to push back against some of the hype surrounding his company’s product. “We have a bit of a problem with the press saying that the Blackphone will make you NSA-proof,” he told Extreme Tech.“If someone [at Blackphone] tells you that it’ll protect you from the NSA, I’ll fire them.”
Last week, researchers revealed a major security vulnerability in Blackphone that had gone undetected for over a year.
Penn also repeatedly references the use of Blackberry Messenger, or BBM, by members of Guzmán’s Sinaloa cartel. At one point, when a second meeting between Penn and Guzmán is scuttled for security concerns after Guzmán narrowly escapes a military raid, Penn sends his remaining questions via BBM. Available on BlackBerry, Android, and iOS, BBM is only end-to-end encrypted if both parties pay the annual fee to upgrade to BBM Protected — Penn does not specify which version he and the others used.
BlackBerry has long maintained a vaunted reputation as “uncrackable.” In September 2013, CBC ran a headline referring to the company’s platform as “NSA-proof” even though just days earlier Der Spiegel broke a story from the Snowden archive detailing the NSA’s and GCHQ’s successful exploitations of BlackBerry.
Last month, BlackBerry’s CEO John Chen boldly stepped out against a growing tech industry consensus in favor of strong encryption and declared, “Our privacy commitment does not extend to criminals” (emphasis in the original).
Many messaging platforms marketed as “secure” or “encrypted” often don’t pass muster with security experts. And you can never 100 percent trust even those services that do get a passing grade.
If Penn was running BBM Protected on a BlackPhone, which passes all internet traffic through a VPN by default, that would definitely qualify as enhanced security measures, but, for the reasons listed above (among others), is not a recommended protocol when your risk levels are this high and your adversary is the most powerful intelligence apparatus in the world.
Don’t bring your electronics to face-to-face meetings
In this category, Penn performed admirably. He left his electronics in California before leaving for Mexico to meet El Chapo. Meanwhile, his guides from the cartel were apparently less careful. On his ride to meet with El Chapo, Penn describes how “throughout the hour-and-a-half drive away from the city and across farmlands, both men receive frequent BBM messages.”
So is it impossible to communicate securely?
Yes and no. Any digital communication comes with some risk that a journalist should make clear to his or her source as early as possible, and both parties must weigh the risks and rewards independently.
As the ACLU’s Soghoian told the Washington Post, “The only way to hide your location is to disconnect from our modern communication system and live in a cave.” Granted, that is not a very appealing option for most of us, and we are willing to make certain compromises. Only meeting face to face is one good alternative, but not always practical.
However, best practices do exist (as does debate over those best practices within the security community).
You can try some of the practices endorsed by Micah Lee and Edward Snowden.
Or, try this relatively easy-to-use approach from Soghoian:
OPSEC advice: Use Signal. On an iPod Touch. Connect via Tor. Don't chat with Sean Penn.
— Christopher Soghoian (@csoghoian) January 10, 2016
Great article. I think Penn got caught up because the authorities were already watching the actress extremely closely. When she came out in El Chapo’s favor a few years ago, she was immediately on watch lists and or course this is how they found out about the Penn initiative. He didn’t stand a chance of keeping this quiet the moment he came into her sphere.
Great analytic article. He has no idea he is next and can be killed anytime, here in LA, b/c Chapo’s workers will try and get him. This is lethal. Kind of idiotic indeed. I know these people can do anything. They can make a new “soup” or do smth horrific with him. I follow you on Twitter too. @olgalazin and/or olgamlazin
Aren’t the police in charge of guarding drug-lords?
Is not the gov of Mexico, in cahoots with El Chapo?
I wish that all drugs were legal, everything under the sun,
not just non-addictive, harmless cannabis.
Why isn’t there a movement to free all drugs?
Most prisoners get locked-up for drug crimes.
The US has the most prisoners on Earth.
We just followed up on this piece with a recent blog post:
“Sean Penn and El Chapo: Operational Security Errors (Part 1)”
https://medium.com/@roryireland/sean-penn-and-el-chapo-operational-security-errors-314a1847e3a0#.405kckffc
This is ridiculous. we are blaming sean penn now because he helped us inadvertently capture a criminal? im glad el chapo was caught and apparently you are not.
There is no reasonable way to conclude from the article that its author is “blaming” Sean Penn for anything more than poor operational security. Certainly one cannot conclude that the author is “apparently” not glad El Chapo has been apprehended.
Something doesn’t seem right about the whole thing? I don’t believe it……..
I think going analog is the best way to go. Face to face, paper, landlines.
Face to face doesn’t make much sense when one is being followed and the other is being hunted. Landlines … aren’t analog, among many other things. Haven’t you heard of CALEA? EVERY line is tapped, EVERY call is traced. Paper has something to be said for it, if it is transferred hand to hand, yet even there DNA evidence should be avoided. What I suggested below was more along the line of a medium that can carry video, and be transferred back and forth from physical carry to digital transmission.
Fake El Chapo. You’re an old thug thinking about retiring but people will hunt you down until you die, so what do you do? You die.
You hire some guy who looks something like you and promise to pay his family millions for his sacrifice. You dupe some naive actor into thinking he’s a journalist and mystify him with technology (oh, blackphone, this is serious!) Then you snap an incriminating photo with said actor who will, forever more, swear that the fake El Chapo is the real one. Then you shoot the fake El Chapo so it never gets to court in the US.
Or, maybe, you let fake El Chapo go ahead and get extradited and do the 20 years … 10 with good behavior. Oh yeah, and pay his family millions for doing your time.
I ran into El Chapo (I think) at the beach bar. He says your theory is nonsense.
I especially like the part about how Sean got videos from a *freshly shaven* El Chapo mere days before the arrest of that guy with the huge bushy mustache.
There are a lot of claims going around with this – like http://pagesix.com/2016/01/11/sean-penn-couldnt-keep-his-mouth-shut-about-el-chapo/ which claims he kept talking about it in public places – but I’m torn. I don’t want to join a rain-on-Sean-Penn parade that really is blaming him for letting a Bad Person have his side of the story told, regardless of circumstances. For all I know the narks are gaslighting him to keep attention off some mole they planted, or in the hope that they might manage to embarrass Guzman’s friends into shooting him (which the DEA can then crow about proudly for the next century as an object lesson, or at least they would if their country weren’t taken over by the cartels in a couple of decades).
I have to admit though that when I read about the one a day burner phones, the first image that flashed to mind was Sean Penn standing in line at Rite-Aid with a dozen ten-dollar phones on the conveyor. :) Wonder if they take credit cards. :)
The point can be made though that Sean Penn wasn’t exactly dealing with a babe in the woods. If the Sinaloa Cartel can’t manage security, who can??? I would think many war zone reporters assume that as long as they do *exactly* what they’re told, and if they make it out alive, their ethical obligations to their source are satisfied. They’re the student and he’s the master.
Really though, I don’t get why all the elaborate games to try to communicate electronically, nor even the need to meet face to face at all. It’s NOT that much of a convenience for people in a situation like that. Why not just hand off video on flash drives carried hand to hand by unknown couriers? A mixture of physical carrying around and digital encryption and transmission by nobodies ought to leave even the most dedicated enforcers scratching their heads while giving a fairly fast turnaround time. In most organizations, you’d worry the nobodies would get caught and start talking … but I doubt Guzman’s people feel like talking much.
I am in Guadalajara and have followed this event with some interest.
Mexico’s Attorney General’s office has stated that:
1.- A phone of one of the members of El Chapo’s party who accompanied Penn and del Castillo was identified and tracked; and
2.- The team that entered El Chapo’s safehouse in Los Mochis was not aware he was there. They were looking for someone else -a member of his group- that they hoped would lead them to El Chapo.
IOW, they lucked out.
Another detail: El Chapo had been located in the mountainous Golden Triangle Area of Durango, Chihuahua and Sinaloa (where the meeting with Penn and del Castillo took place) previously, but no effort was made to apprehend him due to his being accompanied by a two women and a little girl.
He was captured in the coastal town of Los Mochis, Sinaloa; near the border with Sonora.
it was a brave thing you did. im proud if you. lots of love.
Even CIA Director John Brennan and now DNI James Clapper got their personal emails hacked. Spare a thought for Sean Penn.
If any publication should hold its fire on criticizing Sean Penn for leading the Mexican government to El Chapo, it is The Intercept. The source of the story that the actor led the government to the fugitive’s redoubt is none other than the Mexican government, which clearly has no reason to lie. Glenn Greenwald rightfully berates the journalist who repeats as fact without question whatever the government tells him or her. Is it possible that Mr. Penn did not lead Mexican authorities to El Chapo? Is it possible that it knew already where Mexico’s most wanted man was hiding? Doesn’t it seem more likely that government was protecting the fugitive? In arresting El Chapo just hours before Rolling Stone published Mr. Penn’s article, Isn’t the Mexican government telling you that it arrested him because it is embarrassing that an actor who cannot speak Spanish can find the most wanted man in Mexico, but the Mexican government can’t find him? If Mr. Penn led the government to El Chapo, why didn’t it arrest him months earlier after the actor interviewed the fugitive face to face at his home in Sinaloa?
Mr. Penn is not a great journalist. His prose is the writing equivalent of fingernails scratching on a chalk board. However, he got this story, and not any of the great journalists at places like the LA Times or NPR. Mr. Penn told us the truth, something which the great journalists of our day rarely address.
Hold your fire on Sean Penn. Clearly, he is clumsy on his security protocol, but he performed an important public service. And, before accepting the government’s story that it followed Mr. Penn to El Chapo’s lair, ask the Mexican government to prove it.
“Isn’t the Mexican government telling you that it arrested him because it is embarrassing . . . ”
Exactly. Thanks for this.
You are another who has misread the article. Did you miss this paragraph?
So, the article maintains exactly the skepticism you imply it lacks.
This piece is about Sean Penn’s operational security as an example that is usefully analyzed , regardless if whether in Penn’s case his security lapses did or did not cause the capture of El Chapo.
The simple act of shutting one’s mouth escapes about 99.9% of the population. It should be no surprise Penn is in that category.
I predict that El Chapo will vanish before his extradition. A lot of influential Mexicans as well as Americans are involved in this drug racket, and they will ensure that this bloke does not fall into US hands and gets a chance to expose them. I suspect the next prison break would be an armed assault on the jail or a hostage situation of some high-value individuals, given the limited time they have to act before the extradition.
Regarding the encryption part in this article, it is foolhardy for amateurs to even learn how to encrypt let alone apply the methods against the best professionals. Rules number one to ten must be to strictly enforce total electronic silence. Use one-time couriers if at all any message is to be exchanged.
Everyone should learn to encrypt, and use it for everything they can. Make the NSA work to look at everybody’s dick pix. Raise the cost of their blanket surveillance to the point that the public is unwilling to continue to pay them to spy on us.
Few, if any, of us have serious need to worry if the NSA is watching us, but if only those who have a serious need for encryption use encryption, the NSA then knows who to focus their energies on decrypting.
If, on the other hand, we all encrypt everything, we flood out their ability to decrypt anything.
Increasing the cost of surveillance is not going to persuade anyone to give it up, since it is a functional requirement for nation states to identify and deal with internal and external threats. There now exists technology to look through walls and closed doors and hear people as they speak. Encryption is not going to curtail surveillance, it will only alter the way it’s done. Possibly it is going to become more invasive.
Still too complicated.
Someday some smart person is going to invent a totally secure way to communicate in privacy that is as easy to use as instant messenger or something and that person is going to make a ton of money.
And then probably die in a drone strike or something.
your funny!!
Fact the fact, if the government of Mexico threatened to eliminate an American interest generating over a hundred billion a year in profits, American troops would cross the Rio Grand.
Further, as articles within the Intercept specified, if it were not for money generated from drug cartels (emphasis on El Chapo) the American/Global Banking would have crumbled like month old bread.
Thus, if anything Guzman should be hailed as a hero.
There’s abundant information about how they located Guzman in Spanish-language newspapers. This article is pure speculation and propagates propaganda regarding both Sean Penn and the “omnipotent” NSA. Mexican law enforcement surveiled Guzman’s attorneys. From the time Kate Del Castillo met w/one of Guzman’s attorneys, she was also under surveillance. She then met with Penn. Get the picture?
You seem to have misunderstood what the article is arguing, and pointing out. There was this paragraph:
Clearly, then, the reporter here, Andrew Fishman, is aware — and informed us — that the Mexican government cites the meeting with Guzman as critical.
Moreover, Fishman told his readers, very explicitly, what the purpose of his article is:
Quite regardless of how the Mexican government and the DEA actually found El Chapo, Sean Penn’s operational “security” was very poor for all the reasons Fishman sets forth above.
Its not that clear but this article (I think) isn’t trying to say “these are the things that led to El Chapo’s capture” but rather its a hypothetical – “If Chapo was still at large when Rolling Stone published this piece the NSA could have used details in the article to help them find him”
The one thing that we are not acknowledging is that the capture likely forced Rolling Stone to rush the article to publication before the editorial process was complete. Maybe some of the details would have been edited out if RS had more time?
“this article is intended as a case study in source protection based on the limited information available.”
“Work on the article was completed about two weeks ago, Mr. Wenner said, but because of Rolling Stone’s production cycle, those involved were subjected to an excruciating wait for the next issue, during which time Mr. Guzmán was captured.” http://www.nytimes.com/2016/01/11/business/media/how-rolling-stone-magazine-handled-a-get-with-ramifications.html
I guess the authorities didn’t have a clue about El Chapo until a big, American celebrity came along to help them out.
I imagine the NSA was tracking El Chapo’s location and listening to his conversations the entire time. Monitoring his activities in jail will be considerably more difficult, as his cell phone will probably be confiscated when he is incarcerated. So rather than easy monitoring of electronic communications, it will be necessary to identify and compromise the guards who will be acting as his couriers.
However, the publishing of the interview may have forced the NSA’s hand, as people would have questioned why Sean Penn could track him down while law enforcement could not. So they were forced to arrest him. Go ahead and institute the OpSec recommended in this article, but my recommendation for anyone who truly wishes to avoid surveillance by the NSA, is to go to prison.
I don’t know Benito, I’m starting to think that maybe ‘the short one’ knew he was going to get caught soon anyways.
Or he’s already planned his next escape.
Possibly, but there’s also the “major embarrassment factor” to consider (see shota con safos’ comment above).
“However, the publishing of the interview may have forced the NSA’s hand, as people would have questioned why Sean Penn could track him down while law enforcement could not”
You sir made a good point
You think that he couldn’t get a cell phone in prison? –> “During his previous stint in prison he played host to the occasional busload of prostitutes.” http://www.newyorker.com/news/news-desk/el-chapo-escapes-again
He does seem eager, for whatever reason, to get back into prison.
I need to get this off my chest before I post my primary message elsewhere: Gen. David Patraeus should be in prison. Our government’s double standard would put Joe Blow behind bars till the end of time, no chance for parole, for doing much less than what Patraeus did. But, Patraeus totally skates, even though military secrets could have been lost and easily been in enemy hands and used against us. Felt compelled to say that…
Someone of the general’s stature should be held to a much higher standard than most. And, nothing cou
I think most of us agree, entirely.
A great many “classified secrets” are highly overrated. In fact, a lot of classified info is publicly known. Whether something is actually a secret or not has no bearing on its classification status. The whole classification system is a case study in bureaucracy gone haywire, and these days it is used mainly to shield embarrassing failures from public scrutiny, and to bludgeon peons with lengthy jail sentences. The modern phenomenon of “official leaks” simply demonstrates how one-sided and pointless it is.
There are legitimate secrets that need protecting. They are a tiny minority of all things which the government claims are secret. Reforms of the whole classification system are sorely needed. Hopefully, it won’t take the spectacle of pardoning a former US Secretary of State for behavior she would have jailed a subordinate for.
Or maybe he just should not have done it?
The photo reminds me of the Pink Floyd album cover, ‘Wish you were here’. But I’m wondering, what all the fuss is about? It’s hard to imagine that the short one would have stayed alive this long if he didn’t know Penn would be followed.
Entertaining and informative, thanks.