Postal mail and Courier services


"Inform the queen!" said Athos; "and how? Have we relations with the court? Could we send anyone to Paris without its being known in the camp? From here to Paris it is a hundred and forty leagues; before our letter was at Angers we should be in a dungeon."

"As to remitting a letter with safety to her Majesty," said Aramis, coloring, "I will take that upon myself. I know a clever person at Tours--"

Aramis stopped on seeing Athos smile.

"Well, do you not adopt this means, Athos?" said d'Artagnan.

"I do not reject it altogether," said Athos; "but I wish to remind Aramis that he cannot quit the camp, and that nobody but one of ourselves is trustworthy; that two hours after the messenger has set out, all the Capuchins, all the police, all the black caps of the cardinal, will know your
letter by heart, and you and your clever person will be arrested."

Chapter 47, The Council of the Musketeers, The Three Musketeers, by Alexandre Dumas, 1844 - text available online via Project Gutenberg


Mail Interception

Some national Post Office services have literally hundreds of years of experience of intercepting letters on behalf of the state or the police etc. For targeted investigations, they have the skills and technology to copy a letter in a sealed envelope, or to make a good copy of a sealed envelope which they have had to destroy when opening it..

It is impractical to intercept lots of postal mail, a much more difficult task than intercepting emails or phone calls, so these powers are reserved for serious cases, such as drug smugglers, terrorists and, unfortunately, Government whistleblowers.

In the United Kingdom, this Postal Communications Interception is covered by the "Regulation of Investigatory Powers Act 2000 section 19 Offence for unauthorised disclosures , with a penalty of up to 2 years in prison for "tipping off" anyone about the existence of or details of an interception warrant (which needs to be rubber stamped by the Home Secretary or a Home Office official), just like phone or email content tapping.

In the United Kingdom, Postal Communications Providers are required, by law, to:

Statutory Instrument 2002 No. 1931

The Regulation of Investigatory Powers (Maintenance of Interception Capability) Order 2002

[...]

Part I: Interception Capability for Public Postal Services

1. To ensure the interception and temporary retention of postal items destined for addresses in the United Kingdom for provision to the person on whose application the interception warrant was issued.

2. To provide for the interception and retention of postal items sent by identified persons where the carrier keeps records of who sent which item in the course of their normal business.

3. To maintain a system of opening, copying and resealing of any postal item carried for less than £1.

4. To comply with the obligations set out in paragraphs 1 to 3 above in such a manner that the chance of the interception subject or other unauthorised persons becoming aware of any interception is minimised.

Postal Mail anti-forensics precautions

  • Licking a Postage Stamp is likely to leave both your fingerprints on it, and to preserver a sample of your DNA from your saliva.
  • Sealing a letter envelope or parcel, or affixing a postage stamp using sticky adhesive tape or glue etc. will also tend to trap possibly identifiable fibres, dust particles, hairs, skin cells and fingerprints (which may contain sufficient DNA for analysis) , or even a characteristic scent which could be used by tracker dogs.
  • A single sheet letter, in an envelope with the seal along the long edge, is relatively easy to extract, examine / copy and then re-insert, simply by rolling it up with tweezers etc, and removing it through the gap in the adhesive designed to allow for the insertion of a letter opener. Obviously, with multiple sheets of paper, stapled together, in envelopes with the sealed flap along the short side, it is often impossible to do this, and the usual steaming and re-sealing techniques (or if, all else fails, a completely new envelope) would then be used
  • As pointed out by irdial. Self adhesive "peel off" postage stamps are increasingly common these days and there are also now "over the counter" laser printed postage stamps and also ones which can be downloaded and printed from a web page. Such on demand printed postage stamps, and even some franking machine stamps leave a potentially traceable serial number audit trail.

  • What is true for postage stamps, also applies to sealing the flap of an envelope, to Air Mail stickers, Registered Post stickers, various address labels, or any use of self adhesive tape to wrap up a parcel or packet or letter.

  • irdial also suggest:

    Do not use envelopes from a sealed pack. There are many places where you can buy packs of envelopes that are not sealed. In fact, these are often displayed adjacent to the Post Office queue. Why should you do this? If you use one of these loose envelopes, you can be sure that the sneezes, browsing touches, hairs and and breath traces of tens of thousands of people are going to be on them. These envelopes will be hopelessly contaminated, and that is good for you.

  • Sometimes the source of your envelopes may actually be easy to trace, especially if like this malicious hoaxer Naser Ahmed, who was convicted under the Malicious Communications Act 1988, you send several postal letter threats and hoaxes "using a specific kind of envelope that was only available from one Post Office department."

  • It is therefore a good idea to use gloves (and a facemask, and a hair net etc. - just as if you were handling uncontaminated food or biological laboratory samples) when touching a letter or envelope, especially as the latent fingerprint techniques have been improved recently e.g. through the use of di-sulpher di-nitride S2N2 polymer, which can "develop even very faint traces of fingerprints.. This appears to a an improvement on previous techniques for developing latent fingerprints on difficult surfaces e.g. absorbent paper, over say, "superglue" or iodine vapour fumes.

  • S2N2 polymer is so sensitive, that it can pick up latent images of inkjet printed text from a letter or document which has been transferred to the inside of an envelope This sort of ink transfer, which is not visible to the naked eye, is something to watch out for if you decide to re-use otherwise untraceable envelopes, or if you print you whistleblowing document to a network printer - you may transfer traceable information to or from your whistleblower document, if it is printed in the middle of a stack of other print jobs at the same time.

Posting your mail

Mailing a whistleblower leak document requires careful choice of a post box. An out of the way rural post box, where strangers stand out as being potentially suspicious, may actually be less anonymous than a very busy urban one, in spite of the extra chances of CCTV surveillance footage..

Some large organisations have very lax internal mail systems (e.g. HMRC, which managed to lose the CDs with copies of the entire national Child Benefit database on them) , which could allow a whistleblower to simply mail an external mail envelope to their journalistic or other contacts from work, with a high degree of anonymity, especially one already franked or stamped, which is then handled by lots of people before it is sent out via the postal mail service or private courier systems.

Receiving whistleblower postal mail

Receiving whistleblower documents by mail at your normal business or home address is , of course, not advisable, if you are trying to protect your sources.

Commercial Postal Box rental, either from a private company or for an extra fee from the state postal service, has its place, but there is always a financial paper trail to the person who rents the box, and often CCTV video footage of anyone picking up mail from such boxes.

Wikileaks Postal Submissions

Wikileaks.org offers a supposedly secure Postal Whistleblowing service, for whistleblower leaks to them, but they do not seem to recommend many anti-forensics precautions. except regarding the serial numbers embedded into batches of CDROMs, and the unique Recorder IDs which most CD or DVD burners embed in each copy which they produce..

About this blog

We know that there are decent, honest, trustworthy individual politicians, civil servants, law enforcement, intelligence agency personnel and broadcast, print and internet journalists etc., who often feel powerless or trapped in the system. They need the assistance of external, detailed, informed, public scrutiny to help them to resist deliberate or unthinking policies, which erode our freedoms and liberties.

Some of these people will, in the public interest, act as whistleblowers, and may try to leak documents or information to the mainstream media, or to political blog websites etc.

Here are some Spy Blog "Hints and Tips", giving some basic preecautions, and some more obscure technical tips, which both whistleblowers, journalists, and bloggers need to be aware of, in order to help preserve the anonymity of whisteleblowing or other journalistic sources, especially in the United Kingdom, but applicable in other countries as well.

Whistleblower anonymity may not always be possible, or even necessary, forever into the future, but it is usuially crucial during at least the early stages of a "leak", whilst it is being evaluated by others, to see if it merits wider publication and publicity.

Email & PGP Contact

Please feel free to email your views about this blog, or news about the issues it tries to comment on.

blog@spy[dot]org[dot]uk

Our PGP public encryption key is available for those correspondents who wish to send us news or information in confidence, and also for those of you who value your privacy, even if you have got nothing to hide.

Current PGP Key ID: 0xA165A29480CFAA4C which will expire on 6th September 2014

pgp-now.gif
You can download a free copy of the PGP encryption software from www.pgpi.org
(available for most of the common computer operating systems, and also in various Open Source versions like GPG).

We look forward to the day when UK Government Legislation, Press Releases and Emails etc. are Digitally Signed so that we can be assured that they are not fakes. Trusting that the digitally signed content makes any sense, is another matter entirely.

Pages

Tag Cloud

Syndicate this site (XML):

Categories

Tor Hidden Service

In order to make censorship a little more difficult, a copy of this Hints and Tips for Whistleblowers guide is also being published as a Tor Hidden Service.

You will need to have installed the Tor software and established a working Tor connection, and then you will be able access this copy via end to end encryption and a high degree of anonymity through the Tor cloud:

http://r3lb3r3an7uj7bos.onion/

If you do not have Tor installed, you can still access this Hidden Service via the tor2web.org proxy: https://r3lb3r3an7uj7bos.tor2web.org/ still with encryption, but without as much anonymity.

Convention on Modern Liberty - 28th Feb 2009

Convention on Modern Liberty - 28th Feb 2009
Convention on Modern Liberty - 28th Feb 2009

The Convention is being held in the Logan Hall and adjoining rooms at the Institute of Education in Bloomsbury, central London.

Address:

The Institute of Education
20 Bedford Way
London
WC1H 0AL

There are video linked screenings or other parallel meetings being held across the UK in Belfast. Bristol, Cambridge, Cardiff and Manchester.

Convention on Modern Liberty blog

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com- - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Open_Rights_Group.png
Open Rights Group

renew for freedom - renew your passport in 2006
Renew For Freedom - renew your Passport in the Summer Autumn of 2006.

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

public_concern_at_work.gif
Public Concern at Work - "(PCaW) is the independent authority on public interest whistleblowing. Established as a charity in 1993 following a series of scandals and disasters, PCaW has played a leading role in putting whistleblowing on the governance agenda and in developing legislation in the UK and abroad. All our work is informed by the free advice we offer to people with whistleblowing dilemmas and the professional support we provide to enlightened organisations."