Announcing a new mobile app project, built from a collaboration between @FreedomofPress and @guardianproject Learn more at https://t.co/2lzt7rH2SH aka https://t.co/vJkeAwKR8Q #keepwatch pic.twitter.com/Hk2Aos447Y
— Haven (@gethavenapp) December 22, 2017
Snowden hasn’t carried a mobile device since 2013, but in the last couple of years, much of his time has been taken up by prying apart smartphones and poking away at their circuit boards with the aid of fine tweezers and a microscope. In 2016, he collaborated with hardware hacker Andrew “Bunnie” Huang on Introspection Engine, a phone case that monitors iPhone outputs, alerting you to when your device is sending signals through its antenna.
Snowden is notoriously careful about the technology around him. In the documentary Citizenfour, Snowden is shown taking increasingly extravagant precautions against surveillance, going as far as to drape a pillowcase (his “Magic Mantle of Power,” he says, deadpan) over himself and his computer when he types in a password. Famously, he also asked journalists to place their phones in the hotel fridge, to prevent transmission of any surreptitious recording through their microphones or cameras.
Snowden at least has a pretty understandable reason to be paranoid — and while he doesn’t expect the rest of the world to adopt his somewhat inconvenient lifestyle, he’s been trying to use his uniquely heightened threat model to improve other people’s lives. “I haven’t carried a phone but I can increasingly use phones,” he said. Tinkering with technology to make it acceptable to his own standards gives him insight into how to provide privacy to others.
“Did you know most mobile phones these days have three microphones?” he asked me. Later he rattled off a list of different kinds of sensors. It wasn’t just audio, motion, and light, an iPhone can also detect acceleration and barometric pressure. He had become intimately familiar with the insides of smartphones while working with Bunnie Huang, and the experience had left him wondering if the powerful capabilities of these increasingly ubiquitous devices could be used to protect, rather than invade, people’s privacy — sousveillance, rather than surveillance.
It was Micah Lee, a security engineer who also writes at the Intercept, who had the first spark of insight. For years, developers with access to signing keys — particularly developers who deal with incredibly sensitive work like the Tor Project — have become fairly paranoid about keeping their laptops in sight at all times. This has much to do with what security researcher Joanna Rutkowska dubbed “the evil maid attack”. Even if you encrypt your hard drive, a malicious actor with physical access to your computer (say, a hotel housekeeper of dubious morals) can compromise your machine. Afterwards, it’s nearly impossible to tell that you’ve been hacked.
Snowden and Lee, who both sit on the board of the Freedom of the Press Foundation, partnered with the Guardian Project, a collective of app developers who focus on privacy and encrypted communications, to create Haven over the last year. Snowden credited Nathan Freitas, the director of the Guardian Project, for writing the bulk of the code.
Though “evil maid” attacks are not a widespread concern — “we’re talking about people who can’t go into the pool without their laptops,” said Snowden, “that’s like nine people in the whole world” — Haven was conceptualized to benefit as many people as possible. Micah Lee points out in his article for The Intercept that victims of domestic abuse can also use Haven to see if their abuser is tampering with their devices. Snowden told me that they had thought very deliberately about intimate partner violence early on.
“You shouldn’t have to be saving the world to benefit from Haven,” said Snowden, but acknowledged that the people most likely to be using Haven were paranoid developers and human rights activists in the global south. Andy Greenberg describes in WIRED how the Guardian Project worked with the Colombian activist group Movilizatario to run a trial of the software earlier this year. Sixty testers from Movilizatario used Haven to safeguard their devices and to provide some kind of record if they should be kidnapped in the middle of the night.
It was this case scenario that sprung to the mind of Jacqueline Moudeina when she spoke with Snowden earlier this year. “In many places around the world, people are disappearing in the night,” he said. For those dissidents, Haven was reassurance that if government agents break into their home and take them away, at least someone would know they were taken. In those cases, Haven can be installed on primary phones, and the app is set to send notifications to a friend.
I asked Snowden what it was like to collaborate on a software project while in exile in Russia. It wasn’t that bad, he said. Since he became stranded in Russia in 2013, technology has progressed to the point where it’s much easier to talk to people all over the world in secure ways. The creators of Haven were scattered all over the globe. “Exile is losing its teeth,” he told me.
More than anything, Snowden is hoping that Haven — an open source project that anyone can examine, contribute to, or adapt for their own purposes — spins out into many different directions, addressing threat models of all kinds. There are so many different kinds of sensors in mobile phones that the possibilities were boundless. He wondered, for instance, if a barometer in a smartphone could possibly detect a door opening in a room.
Threat models don’t have to involve authoritarian governments kidnapping and torturing activists. Lex Gill posted on Twitter that her partner had been testing Haven with a spare phone for a month, and she had begun to use it to send “helpful reminders.”
My partner has been testing Haven for a few months with a spare phone. Every time you open the closet, it sends a picture by Signal. In addition to impressive intrusion detection capabilities, you can also use it to send helpful reminders! ✨ https://t.co/FHi1bjFsLP pic.twitter.com/IS58HzDVha
— lex.txt (@lex_is) December 22, 2017
And when Nathan Freitas explained his most recent project to his young children, he discovered yet another use case. “We’re going to use it to catch Santa!” they told him excitedly.