What the CIA should have done is have phones which impersonate actual, "normal" phones when necessary and send messages which resemble normal messages. Not "PIZZA!" but whatever the local people send, e.g. "miss u". There could be a challenge-response that is not deterministic, e.g. "are we still on for tomorrow?" "looking forward to it" and then some normal sounding conversation (of course, tomorrow wouldn't be the day they would meet).
The key is to impersonate enough phones (tunneling over a trusted subset of the network) or use a network that won't identify the endpoints. The former is much easier.
Pastie does. So does any advertiser who was on the page as you were pasting in that text. So does newrelic (who is dynamically loading arbitrary javascript on the load of the page).
Also, pastes are not done via ssl connections, so anybody between you and pastie knows what's in that paste, and what IP created it.
Depending on how you send that link, that messaging provider knows (for example sending it via Skype, Microsoft knows).
And thence does anybody with the legal capability of subponeaing data from any of those services.
The key is to impersonate enough phones (tunneling over a trusted subset of the network) or use a network that won't identify the endpoints. The former is much easier.