21st Century Tradecraft: Discreet Transport of Documents

I have had many of my consulting clients ask me for advice about how to maintain their privacy. One of their greatest concerns is the interception of e-mails in the now ubiquitous global Surveillance State. The sad truth is there is now no such thing as “secure” e-mail, even when using high level encryption. If a government wants to know what you are communicating and they are willing to invest sufficient time and energy, then they will eventually be able to read your encrypted e-mail. This is known as brute force decryption, wherein massive computing power is dedicated to breaking an encryption scheme. It also goes without saying that telephones, faxes, radio communications, and in fact virtually all other electronic communications systems are vulnerable to interception, decryption, monitoring, and long-term database archiving.

With those capabilities in mind, this leaves us very few options other than traditional face-to-face meetings, mailing well-sealed hardcopy letters, or handing off USB memory sticks via live drops (couriers) or dead drops. (For the sake of brevity, I won’t describe live drop and dead drop methodologies in this article. Those are both Old School tradecraft tricks that have been well described in books and web articles on espionage.)

Postal Mail Cover Now SOP

Since 2013 the exterior of all envelopes sent through the U.S. Postal Service are to have been scanned both front and back and these scans are available to both law enforcement and intelligence agencies. This is the equivalent of what was known as a Postal Mail Cover—something that formerly required a court order. But in the aftermath of several anthrax-through-the mail scares, Congress mandated it. But in our post-9/11 world, it is now Stand Operating Procedure for all domestic mail and all international mail that either originates or terminates inside of the United States. So it is important that you also print the recipient’s address as the return address. This is a legal and common practice. Also keep in mind that the origin post office cancellation town or city location is part of what is routinely scanned. It is noteworthy that court tests on this routine Postal Mail Cover surveillance have failed, because the courts at the Federal level have held that there is “no reasonable expectation of privacy” for information that is contained on the outside of an envelope.

Oh, and since handwriting can be analyzed and cataloged, it is important that you use computer-printed adhesive labels for both the address label and the return address label. Don’t hand-write them! And if you are a total Secret Squirrel, don’t lick envelope seals, since that leaves DNA traces. Use a sponge, instead.

A New Twist- Going Micro

One fairly new method of physical transport of electronic files that I haven’t seen described much elsewhere is the use of Micro Secure Digital (SD) removable flash memory cards. (They are sometimes referred to as “µSD”, “uSD”, or simply “Micro” cards. These cards were first marketed in 2005 and are incredibly small and light. They measure just 15 mm × 11 mm × 1 mm– about the size of a fingernail. That is about one-fourth the size of a standard SD memory card. A Micro SD card weighs only one half a gram. They can be taped onto a couple of sheets of paper and sent through the mail and go un-noticed unless very closely examined. These tiny cards are presently available with capacities ranging from 64 Megabytes (MB) to a whopping 128 Gigabytes (GB). As this article goes to press, low capacity micro SD cards are amazingly inexpensive: 64 MB cards are as low as just 95 cents each, postage paid, when bought in bulk. Plastic protective cases for these cards cost just a few pennies each, if bought in bulk. (You can buy 100 of them for $95, postage paid, on eBay.)

Micro SD cards can be read by a laptop computer several ways. Typically this is done either with a Micro-SD to SD card adapter (aka “card reader”) or with a Micro-SD to USB adapter. These are both very compact and inexpensive adjuncts. And of course you only need to keep a couple of each available at both ends of your courier route. Only the Micro-SD card itself needs to be transported.

Even though they are considered semi-obsolete, even 64 and 128 MB Micro SD cards are still quite useful as a transport mechanism for documents. 662 pages of uncompressed plain text (“.txt”) or 63 pages of a MS-Word file fit in just ONE megabyte. Hence, a 64 MB Micro SD card can theoretically hold 42,368 pages of text! (But because of formatting, from a practical standpoint, you should deduct about 15% of that figure.) If greater capacity is required–such as for transporting JPEG photograph files–you can simply step up to using cards in the low gigabyte range, albeit at greater cost per memory card. (An 8GB Micro SD card presently costs around $7.)

Another Proviso

It is important to note that for greater security, the laptops used at both ends of the courier route should NOT be connected to the Internet. This is in intelligence and information security circles referred to as “air gapping”. Any computer that has ANY network connection should be considered an open book. Only air gapped computers can be considered fully secure, and only air-gapped ones that are also either running from battery or from isolated power are FULLY secure since unintended computer emanations can be tapped from power lines by sophistication intelligence agencies.

Please keep your privacy in mind, as you go about your daily life. Even if you have absolutely nothing to hide, using secure methods of communications is wise and should be exercised, just for the sake of principle. There is an old saying: “Gentlemen do not read other gentlemens’ mail.” Let’s keep it that way! – JWR