Digital rights
advocates often say the best way to fight government or even private
surveillance is encryption.
Many news organizations and journalists investigating
corruption or human rights abuses look to these encryption tools to overcome
security threats, but the digital world is still built to make us rely on third
parties to store our information.
“The worst practice that journalists are doing with their
security is relying on third parties that they don't control, that they
shouldn’t depend on, to protect their privacy,” said Micah Lee, an expert on
source protection and cryptography, at a recent privacy conference in San
Francisco held to celebrate Aaron Swartz Day.
In memory of Swartz, who developed SecureDrop
to let sources anonymously share information with journalists, organizations
like the Freedom of the Press
Foundation, Electronic
Frontier Foundation and Internet Archive got together to hack on known or new tools
to help journalists keep their data and sources safe.
Lee, who works at The Intercept, teaches people like
Pulitzer Prize winner Glenn Greenwald and other reporters how to use
state-of-the-art security measures when dealing with sensitive information.
“If you store your story drafts in Google docs, or your
newspaper uses Gmail or Hotmail, not its own email server, I think that’s
pretty bad,” he said. “If there is some investigation into your sources,
authorities will send a request to those third parties, not to you.”
These are some tools featured over the weekend:
Onion Share
Developed by Lee, Onion Share lets anybody securely share any size file.
Instead of carrying sensitive information provided by sources on USBs or
portable devices, reporters can share it in this temporary, untraceable
website.
"It is like Dropbox, but encrypted and reliable. As
soon as the person downloads the file, it can be erased from the server and
it’s no longer accessible to anyone,” explained Lee. If a reporter or a source
wants to send files, the tool creates a URL and a password that can be shared
via encrypted messages. Freelancers can find this tool useful for communicating
with whistleblowers.
Tor Messenger
If you are familiar with the TOR Project, currently the best
way to navigate online without leaving trace, you will be glad to learn that it
recently launched TOR Messenger. The cross-platform tool
facilitates encrypted chats on a variety of networks like Facebook and Gchat.
Lee recommended to run it with Jabber or Xmpp, which are “decentralized servers
owned by privacy nonprofits that are more into keeping your data secure than
giant corporations.”
OpenArchive
OpenArchive is a mobile application that seeks to preserve audiovisual civic
media in a secure way.
“A lot of citizen journalists take photos of human rights
abuses or videos of police brutality, and they are hesitant to put it on social
media immediately,” explained OpenArchive founder Natalie Cadranel. “They want to give it to someone they trust, so they could upload into the
Archive, using a pseudonym if needed, and the app makes it widely available for
a long time.”
The app, currently in beta for Android, uses mobile TOR
technology to allow people on the ground to send sensitive images without fear
of being tracked. All content uploaded to OpenArchive will have a Creative
Commons license. In the future, the idea is to make this content searchable.
Keybase
Keybase is an open directory of public keys that you can
verify through social media accounts. A public key combined with a private key
can be used to effectively encrypt messages. If a source is sending you an
encrypted email and you want to verify that person is reliable, the Keybase directory can tell
you who's that key, according to his or her profiles on Twitter, Reddit,
Github, Bitcoin and domain names. “The tool is a beta code, so it needs more
development to be verified through Facebook or Instagram,” Jeremy
Stribling, co-founder of Keybase, said.
Journalists can create a Keybase account and share their
public key. That way, sources can verify who they’re sharing information with.
It’s a trust model that seeks to avoid impersonation. “If you put a link to
your Keybase account in the footer of your articles, anybody can search your
profile and verify you through your social media accounts,” added Stribling.
Signal
Don’t confuse it with the Facebook or Linkedin Signal apps.
This tool, developed by Open
Whisper System, allows you to make encrypted voice calls, as well as send
encrypted text messages, with your existing number and the contacts that also
download the app. The one problem with sources talking to journalists through
Signal? If the phone gets seized, authorities would know they have been in
touch, although they won’t get access to the content of conversations.
Source: IJNET
No comments:
Post a Comment