What the CIA should have done is have phones which impersonate actual, "normal" phones when necessary and send messages which resemble normal messages. Not "PIZZA!" but whatever the local people send, e.g. "miss u". There could be a challenge-response that is not deterministic, e.g. "are we still on for tomorrow?" "looking forward to it" and then some normal sounding conversation (of course, tomorrow wouldn't be the day they would meet).

The key is to impersonate enough phones (tunneling over a trusted subset of the network) or use a network that won't identify the endpoints. The former is much easier.

That would not stop your phone from being suspicous due to it not moving, and only communicating with one other phone.

They could even transfer usual "miss u"-alike stuff over SMS, and encode actual message in the time delays.

Great point! Anyway they don't even have to use SMS. Anonymity is easy: http://pastie.org/private/fkbu4qpsvwcwiocrdeang

Would you know who wrote it if I didn't link to it?

Pastie does. So does any advertiser who was on the page as you were pasting in that text. So does newrelic (who is dynamically loading arbitrary javascript on the load of the page).

Also, pastes are not done via ssl connections, so anybody between you and pastie knows what's in that paste, and what IP created it.

Depending on how you send that link, that messaging provider knows (for example sending it via Skype, Microsoft knows).

And thence does anybody with the legal capability of subponeaing data from any of those services.

How can the receiving party know the pastie URL?

If the sender can edit a previous paste, they can agree on a URL, but I didn't see how to do that.

If you wrote and posted it from inside Lebanon, then Hezbollah would know. Nationstate adversaries are very powerful beasts.

What if you had a friend or family outside, and you used teamviewer or equivalent on their computer?