Any sufficiently paranoid person will remind you, is only as good as your physical security. The world's most sensitive users of technology, like dissidents, activists, or journalists in repressive regimes, have to fear not just hacking and online surveillance, but the reality that police, intelligence agents, or other intruders can simply break into your home, office, or hotel room. They can tamper with your computers, steal them, or bodily detain you until you cough up passwords or other secrets. To help combat that threat, one of the world's most well-known activists against digital surveillance has released what's intended to be a cheap, mobile, and flexible version of a physical security system. On Friday, the Freedom of the Press Foundation and its president, famed NSA leaker Edward Snowden, launched Haven, an app designed to transform any Android phone into a kind of all-purpose sensor for detecting intrusions.
Designed to be installed on a cheap Android burner, Haven uses the phone's cameras, microphones and even accelerometers to monitor for any motion, sound or disturbance of the phone. Leave the app running in your hotel room, for instance, and it can capture photos and audio of anyone entering the room while you're out, whether an innocent housekeeper or an intelligence agent trying to use his alone time with your laptop to install spyware on it. It can then instantly send pictures and sound clips of those visitors to your primary phone, alerting you to the disturbance. The app even uses the phone's light sensor to trigger an alert if the room goes dark, or an unexpected flashlight flickers.
"Imagine if you had a guard dog you could take with you to any hotel room and leave it in your room when you’re not there. And it’s actually smart, and it witnesses everything that happens and creates a record of it," Snowden said in an encrypted phone call with WIRED from Moscow, where he has lived in exile since 2013. "The real idea is to establish that the physical spaces around you can be trusted."
Since he became the director of the Freedom of the Press Foundation in early 2016, Snowden has led a small team of programmers and technologists working on security tools. The projects so far range from software that only allows secrets to be decrypted if a group of collaborators combine their secret keys, to a hardware modification for the iPhone that's designed to detect if malware on the device is secretly transmitting a user's data.
The 'Evil Maid' Problem
The notion of a smartphone-based alarm system arose when Micah Lee, a technologist at the news outlet The Interceptand board member of the Freedom of the Press Foundation, suggested it to Snowden in early 2017. Lee hoped for a new approach to the perennial problem that the cybersecurity community calls the "evil maid" attack: It's very difficult to prevent someone with physical access to your computer from hacking it.
Eventually, Lee and Snowden's group of developers at the Freedom of the Press Foundation partnered with the security-focused nonprofit Guardian Project to build and test a software solution to that problem. "We thought, is there a way we can use a smartphone as a security device," says Nathan Freitas, the director of the Guardian Project. "Take all the surveillance technologies in smartphones and flip them on their head, to keep watch on all the things you care about when you’re not there?"
'Imagine if you had a guard dog you could take with you to any hotel room and leave it in your room when you’re not there.'
In practice, Haven could protect its users from more than just hands-on computer hackers; it could guard against everyone from abusive spouses to authoritarian police. In November, the groups teamed up with the Colombian activism group Movilizatorio to conduct a trial with social justice activists—a group that's been the target of dozens of assassinations over the last year, in the fallout of tense negotiations between guerrilla groups and the country's government. Movilizatorio founder Juliana Uribe Villegas says the app provided a key reassurance that month, for a group of 60 testers, that government or criminals agents weren't breaking into their homes to plant surveillance equipment or, far worse, to kidnap or physically harm them.
"It's very significant for them to know that they have tools they can use themselves when the government isn’t protecting them," Uribe Villegas says. "It’s great to think about cybersecurity, but in countries like ours, personal security is still at the top of our list."
Of course, any device that takes pictures and records audio clips in your home or office and sends them over the internet might sound more like an intolerable privacy violation than a security measure, especially for someone as privacy-sensitive as Snowden, who hasn't even carried a mobile phone since he first became a fugitive from the US government in 2013.
But Haven takes some serious measures to prevent its surveillance mechanisms from being turned against a phone's owner. It integrates the encrypted messaging app Signal, so that every alert, photo, and audio clip it sends to the user is end-to-end encrypted. As another safeguard, users can also configure Haven to work with the Android app Orbot, which has an option to turn your phone into a so-called Tor Onion Service—essentially, a server on the darknet. That means the Haven phone's event log can be accessed remotely from your desktop or another phone, but only over Tor's near-untraceable connection. In theory, that means no eavesdropper can break in to access those audio and photo snapshots of your sensitive spaces.
"Now you can take this huge aggregation of sensors available on any phone today—accelerometers, light sensors, cameras, microphones—and make it work for you and only you," Snowden says. He notes that despite his personal avoidance of carrying a smartphone, even he has used Haven in hotel rooms while traveling and at home, albeit only with some additional precautions that he declined to fully detail.
In WIRED's initial tests of Haven's beta version, the app successfully detected and alerted us to any attempts to approach a laptop on an office desk, reliably sending photos of would-be evil maids over Signal. If anything, the app was too sensitive to saboteurs; it picked up and alerted us to every stray office noise. The app's accelerometer detection was so hair-triggered that even leaving the phone on top of a computer with a moving fan inside created hundreds of alerts. You can set thresholds for the audio, but it was tricky choosing a level that wouldn't trigger false positives. Freitas says the developers are still working on fine-tuning those controls, but that users may have to experiment.
Snowden acknowledges that Haven can't stop an intruder bent on physically harming someone. But by simply detecting and recording their presence, it might just make them think about the consequences of that intrusion's documentation, and give victims a significant tool they haven't had before. "If you’re the secret police making people disappear, Haven changes the calculus of risk you have to go through," Snowden says. "You have to worry that every possible cell phone might be a witness."