At Tactical Tech we sometimes experiment with creating tools and software that we think are needed but that do not yet exist. At a recent Digital Investigation Camp, members of our team worked together with a small group of partners to address a distinct need: the ability for investigators to remain anonymous while conducting digital investigations. More specifically, we experimented with ways to use open-source tools to create a robust and durable computing environment that investigators could easily deploy when working in critical situations.
To do so, we built upon existing software – namely, Tails and Tor – to prototype a new tool, which we call Whiskers. Our aim was to help investigators do their work effectively, by running Whiskers on top of Tails, while remaining anonymous. Here, you can read about the journey of that idea, from its inception to its realisation.
My computer locked up while I was sitting on the warm stone steps of a 17th century Franciscan monastery overlooking a small bay off the Adriatic, trying to keep both my super heated ThinkPad and my rapidly warming beer within a small pocket of shade that, through no fault of its own, refused to stop drifting eastward. I was revising a series of guides for a target audience of journalists and researchers, the sensitive nature of whose investigative work – and the aggressive nature of whose adversaries – might give them cause to use the Tails operating system as a way to compartmentalise their reporting, protect their sources and preserve their anonymity.
All things considered, a frozen laptop on a hot summer day struck me as a good problem to have. My backup was relatively fresh, and – as someone whose livelihood requires pretending to understand computers – I am familiar with advanced troubleshooting methodologies that allowed me to press and hold my power button for four seconds, leave it alone for two, and then press it once more while rolling my eyes in case anyone was watching. My operating system's subsequent unwillingness to boot, combined with my own inability to leverage the techniques that had served me so well in the past (weekends misspent indoors, scouring stack exchange for the wisdom of my betters), started me on an 18 month journey.
I survived the remaining week of our Digital Investigation Camp thanks to a bootable Tails USB stick that I had created while drafting the guides mentioned above. By writing and dog fooding various scripts that allowed me to do moderately complicated things with Tails, I was able to use it exclusively throughout the year. And, the following Summer, I found myself back in Montenegro with a small team of brilliant software developers, digital security trainers, localisation engineers and technical writers who helped me prototype a Tails-compatible application called Whiskers as a way to bring those same tips and tricks within reach of journalists and researchers who, by and large, have not squandered their lives debugging strange configurations of Linux on the desktop.
Whiskers is currently a proof-of-concept. If it is fully implemented – and maintained – we believe it will give investigators who work on sensitive topics in high risk, "global south" environments access to the free and open-source digital tools they need to do their jobs in a way that is portable, cost efficient and secure. Or, to deploy the obligatory jargon, in a way that encourages compartmentalisation, supports pseudonymity, allows censorship circumvention, maximises end-point security and provides encryption.
Let's unpack that a bit.
Tails is a free and open-source, privacy-optimised variant of the Debian Linux operating system that is designed to be run from a USB stick. You turn your computer off, turn it back on after inserting the USB stick, press the right keys at the right times, wait a little while and end up running Tails. When you're done, you turn your computer off, turn it back on after removing the USB stick, wait a little while and end up right back where you were, with no changes having been made to the contents of your computer.
You may only have one laptop, but Tails gives you two different ways of using it. You can use it one way (with Tails) when working on sensitive content, and – if all goes according to plan – you can use it the other way (without Tails) when it is lost, stolen, confiscated, inspected at a border crossing or infected with malware. And you can switch from the first way to the second way simply by yanking out the USB stick and putting it in your pocket. Or, depending on the circumstances, throwing it in the trash. Security people like to call this "compartmentalisation."
While running Tails, all of your Internet traffic is routed through the Tor anonymity network. Tor is not perfect, but it is the best tool we have for preventing those with the ability to monitor your traffic – Internet service providers, airports, libraries, employers, computer criminals, website administrators, husbands, your government and other people's governments – from figuring out what you are doing online. Alongside the compartmentalisation described above, this allows you to maintain a separate collection of "identities" (including email addresses, usernames, passwords and payment methods) that you can use, when appropriate, for sensitive work. Tor makes it far more difficult for others to establish a connection between those identities and the actual You. Security people like to call this "pseudonymity."
These same properties allow many Tor users to access websites and other online services that are blocked from within their countries. It does not work everywhere, all of the time, but Tor is one of the more effective forms of what security people like to call "censorship circumvention."
By default, any changes you make while using Tails – whether intentional or unintentional – will be unmade forever when you stop using Tails. This provides what security people like to call “strong end-point security,” and is a fantastic way to protect your system from malware. As you can imagine, however, it is also a bit limiting. Fortunately, Tails also includes a feature called "Persistence."
If you do work while using Tails, and if you need that work to stick around, Persistence will try very hard to preserve only the changes you intend to make. This is still a relatively good way to protect your system from malware. And all of the files you download, create or modify while using Persistence will be encrypted on the USB stick. Pretty much everybody else just calls this "encryption."
Our objective was to help establish portable, disposable workflows that can be relied upon by a greater number of at-risk investigators who need to remain safe and productive while leveraging data to chisel away at the walls of impunity that often protect the powerful and the corrupt.
Whiskers is a graphical user interface that makes it significantly easier for researchers and investigators to install, configure and use free and open-source software that that does not work out-of-the-box on Tails. Among other tools and workflows, this might include Web scrapers, data analysis and visualisation frameworks, photo managers, secure collaboration platforms, versatile text editors, programming libraries and alternative means of accessing websites that block Tor.
Figure 1: A proof-of-concept user interface for Whiskers
The current Whiskers prototype is a Python application, with an internationalised graphical user interface and documentation framework, that simplifies the installation and configuration of the KeePassXC password manager; the Atom text editor; the Recoll text indexing and search tool; the Signal, Wire and Riot secure messaging platforms (for text only); and Jupyter Notebook, which is a data-oriented Python scripting environment. It also facilitates the rather complex series of steps required to activate and deactivate a Jupyter notebook while ensuring that it routes all of its Internet traffic through Tor.
We have taken to using the acronym SIFT (Secure Investigation Framework for Tails) as a label for the various things we would eventually like to do with Whiskers. That includes training curricula, related workshops for investigators and stand-alone guides on how to use supported tools.
Tails provides a standardised platform for educators. Regardless of what hardware they bring to the training room, all participants will be working with the same version of the same up-to-date, malware-free operating system. This system will be configured in the same way, for all participants, and will go home with them when they leave. Anyone who has facilitated a hands-on workshop can testify to the ways in which platform uniformity contributes to efficiency when working through practical, technical exercises.
Of course, insisting on the adoption of an unfamiliar operating system can introduce significant inefficiencies as well. Which is why we began developing Whiskers in the first place. At the end of the day, Whiskers is designed to make it possible for related guides, training resources and workshops to focus largely on practical investigative skills rather than getting bogged down in "advanced Tails configuration.” In our experience, researchers and investigators have a strong interest in the former and very little time for the latter.
To be clear, these workshops will not be 90-minute PowerPoint presentations. Or "full day" trainings. Indeed, even week long "bootcamps" will be insufficient – Whiskers notwithstanding – for most journalists and researchers to master the workflows that SIFT is meant to facilitate. There will be exceptions, of course: highly technical data journalists, researchers who've already grown comfortable with Tails and veteran users of the free and open-source tools supported by Whiskers.
But if there's one thing I've learned from ten years as an occasional digital security trainer, it's that not all "contact hours" are created equal. It is far more effective to spread the same curriculum over a month (or more) than it is to cram it into a 40 hour "intensive." And if that part-time series of short workshops is facilitated by someone who is local to the region – someone fluent in the local language, familiar with risk environment of their participants and available to provide ongoing support – that's where the magic happens.
Accordingly, the four training models we currently envision for SIFT include:
The Whiskers target audience can be divided into two groups:
Most of the self-learning guides and training resources in SIFT will target the former, more technical, audience. We have taken this approach in part because neither the move to Linux nor the adoption of these particular open source tools demands any sort of compromise on the part of those who work directly with data. These are among the best tools for the job and are widely used by professional data journalists and data scientists, along with other veteran investigators. The primary purpose of Whiskers, for this group, is to make these tools no more difficult to install and configure on Tails than they are on other Linux distributions. Our guiding principle, here, is to avoid underestimating or patronising this audience by focusing exclusively on single purpose desktop and cloud-based resources that are optimised for “ease of use” rather than versatility or security.
Whiskers serves a different purpose for members of the second, less technical audience. These individuals are far less likely to adopt Tails as their primary work environment. For this group, Whiskers will add a few key security, usability and collaboration features that are currently unavailable on Tails but without which many of these researchers cannot do their jobs. Examples include: the ability to access websites that block Tor users; two-factor authentication methods that do not require the use of a smartphone; and support for modern, secure communication and collaboration platforms like Signal, Wire and Riot.
We have not yet made an effort to field test Whiskers with a broad subset of our target audience, largely because we have had neither the time nor the resources to carry out a robust audit of the ways in which our software might slightly weaken some of the security properties that Tails provides. We believe we know what they are, but it would be irresponsible to engage in "outreach" for a project of this nature without thoroughly investigating how these issues might affect an at-risk user. If and when we do so, the following is more or less what we expect to find.
Below are some of the design principles we have adopted in order to help mitigate these potential issues:
Finally, Whiskers should undergo a thorough, professional security audit before journalists and researchers in the field are encouraged to adopt it.
In addition to the software security considerations described above, the following is a short list of current Whiskers development priorities:
With the notable exception of online conference calls – for which I still resort to my smartphone – I have continued to rely on Tails for all of my work-related activities throughout the six months that have passed since the second Montenegro residency at which we developed the initial Whiskers prototype. During that time, various members of our team have met up three times, in person, to implement a handful of features and to address high priority bugs.
I use the latest version of Whiskers every day, and I no longer feel like my productivity is being taxed on a weekly basis by the need to engineer new workarounds to new challenges. More importantly, I feel like journalists and researchers could do the same, despite life choices that may have rewarded them with less embarrassing hobbies. Eventually, we hope that Whiskers – or the underlying research that we have published – will allow investigators who face severe digital security threats to continue holding power to account while protecting themselves and their sources by leveraging the security, anonymity, portability and compartmentalisation that Tails helps provide.