The Washington Post

I serve as a technical expert and security advisor at the Washington Post where I co-author articles and blog posts about the Snowden documents and other developments in privacy news. I also appear in the occasional video segment explaining or demonstrating relevant technology.

Articles on the Snowden Files
SIGINT Tree Privacy watchdog’s next target: the least-known but biggest aspect of NSA surveillance The Privacy and Civil Liberties Oversight Board plans to review signals intelligence collection under Executive Order 12333. Read our analysis here.
Communication breakdown In NSA-intercepted data, those not targeted far outnumber the foreigners who are Barton Gellman, Julie Tate, and I break the news that the vast majority of communications intercepted by the NSA were from individuals who were not the intended surveillance target. You can read the article here and see a more detailed graphic of the communication breakdown here. Additionally, Barton wrote a behind-the-scenes look at how we report on these documents which is available here.
mystic NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls We report on the NSA’s ability to record 100% of a foreign country’s calls and review them with TiVo-like capability.
ItalianSpy Italian spyware firm relies on U.S. Internet servers The Italian company uses servers in America to hack on journalists and activists around the world. While not part of the reporting on the Snowden files, this article discusses tools of government surveillance.
NSA uses Google cookies to pinpoint targets for hacking Intelligence agencies leverage commercial tracking cookies used by Google to identify otherwise anonymous web users.
  Panel urges new curbs on surveillance by U.S. A 5-member panel appointed by President Obama prepared a 300 page report recommending significant limits on government surveillance. Read the report here.
  By cracking cellphone code, NSA has capacity for decoding private conversations The outdated encryption technology used in most cell phones is vulnerable to attacks from hackers, foreign operators, and government surveillance.
NSA tracking cellphone locations worldwide, Snowden documents show The NSA collects massive amounts of cell location records to determine if anyone, including US citizens, are co-traveling with suspected targets. 
NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say  The NSA taps into the private lines of connecting the data centers of email providers like Gmail, scooping up American’s information in the process. 
Related: How we know the NSA had access to internal Google and Yahoo cloud data
NSA collects millions of e-mail address books globally The NSA intercepts e-mail address books and “buddy lists” from instant messaging services, including those of Americans, to the tune of 250 million a year.

Related: Here’s everything you should know about NSA address book spying in one FAQ
Secret NSA documents show campaign against Tor encrypted network The Washington Post reports on a 49-page research paper produced by the NSA that describes tactics to unmask TOR users. Read more.
Blogposts
 Yahoo Yahoo’s uphill battle to secure its users’ privacy After years of pressure from experts, Yahoo announced it is increasing the security of its services including securing traffic that moves between their servers and encrypting most search queries automatically.
 Microsoft Companies e-mail sensitive data to law enforcement The Syrian Electronic Army posted stolen documents online that include emails between Microsoft’s government compliance staff and various law enforcement officers. These emails indicate that Microsoft sends sensitive data without sufficient security. There are no laws requiring that information sent as part of criminal law enforcement investigations be kept secure.
  Research shows how MacBook Webcams can spy on their users without warning Researchers at Johns Hopkins University confirm statements by Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, that it is possible to turn on some MacBook cameras without the telltale light also activating.
Dictionary.com dubs ‘privacy’ their word of the year. But visiting their homepage sets 90 cookies. 
New documents show how the NSA infers relationships based on mobile location data Following a person’s cell phone as it searches for towers can reveal a lot of information about a person, including whether or not they are following an American agent abroad.
Why Apple’s claim that it can’t intercept iMessages is largely semanticsMy take on a debate over whether or not iMessages are completely safe from prying NSA eyes. Spoiler alert: I don’t think they are.
  Yahoo to make SSL encryption the default for Webmail users. Finally. As a direct response to our reporting about the NSA’s collection of user’s address books and chat buddies, Yahoo announces plans to encrypt their users’ traffic by default. Better late than never.
Videos
PostTV Pulitzer Option 1 The Snowden files decoded I was on a panel with the rest of the reporting team credited with winning the 2014 Pulitzer for Public Service. We spoke about decoding the documents and took questions from the audience. Twitter recap here.
MYSTIC video NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls I discuss our reporting of the NSA’s “MYSTIC” program.
Webcams can record secretly Watch me demonstrate how to disable the light that indicates a MacBook’s camera is active.
  Reporter: For NSA, Google cookies allow ‘laser-guided’ targeting
  Reporter explains NSA collection of cellphone data