Security is Hard

In the hopes of staving off would-be state assassins, Edward Snowden announced that he has distributed encrypted copies of data that he obtained while working at the National Security Agency (NSA):

Taking another page out of the WikiLeaks playbook, Edward Snowden has apparently distributed an encrypted copy of at least “thousands” of documents that he pilfered from the National Security Agency to “several people,” according to Glenn Greenwald, the Guardian reporter who first published Snowden’s leaks.

In an interview with the Daily Beast on 25 June, Greenwald said that Snowden “has taken extreme precautions to make sure many different people around the world have these archives to insure the stories will inevitably be published.”

Greenwald added: “If anything happens at all to Edward Snowden, he told me he has arranged for them to get access to the full archives.” The Brazil-based journalist said that he himself has thousands of documents that Snowden leaked from the NSA, which may or may not constitute the totality of what he exfiltrated.

On the surface it looks like a clever method to keep himself alive but, as Bruce Schneier pointed out, he may not have thought his clever plan all the way through:

I’m not sure he’s thought this through, though. I would be more worried that someone would kill me in order to get the documents released than I would be that someone would kill me to prevent the documents from being released. Any real-world situation involves multiple adversaries, and it’s important to keep all of them in mind when designing a security system.

Security is hard. People tend to focus on very specific individual threats and design security systems around those threats without taking into consideration other potential threats. Snowden focused so heavily on the threat of a United States assassin taking him out that he forgot to consider the fact that there are many people in the world who really want that NSA data leaked.