Slashdot Mirror

← Back to Stories (view on slashdot.org)

Software to Support Human Rights

Posted by michael on from the pretty-good-publicity dept.

An anonymous reader writes "Some software rollouts have lives hanging in the balance. Human rights workers in massacre zones from El Salvador to Kosovo face prying eyes peering into their address books and logs, who follow up with bullets and poison gas. One project, Martus, takes these hostile environments into account: a leak can get whole families killed. They use encryption, distributed backup, and other techniques designed to survive the ultimate corrosive environment: vindictive armies in countrysides in the throes of war. The source code is open, to allow meaningful contributions from anyone willing to help. These people bet their lives on open source and private data. The sponsor organization, Benetech in Silicon Valley, funds projects that arm global rights workers, and people under siege, with communications tools that counterbalance the overwhelming force used to exterminate everything "Free"."

10 of 194 comments (clear)

  1. open source dangerous! by SegaVegas · · Score: 5, Insightful

    The source code is open, to allow meaningful contributions from anyone,
    [b]including people who do not mean well[b]
    watch out!

    1. Re:open source dangerous! by cperciva · · Score: 5, Insightful

      While I suspect the parent post was intended as humour, it raises a good point: How carefully do people look over contributed code before including it?

      Especially in the case of projects like this, I can see a significant danger of someone deliberately introducing a "mistake" which could completely compromise the system's security. With off-by-one errors routinely being found many years after they were initially introduced, I suspect that such an attempt could easily be successful.

      --
      Tarsnap: Online backups for the truly paranoid
  2. With all the new US laws by miyako · · Score: 5, Insightful

    it might not be long untill we need this or something like it to protect us from our own homland security KGB.

    --
    Famous Last Words: "hmm...wikipedia says it's edible"
  3. Still Not Good by Anonymous Coward · · Score: 5, Insightful

    The evil army will just beat your key out of you. They aren't just going to try a few codes and walk off; they are going to break out the hoses and the electric generators. They may not be able to break the encryption, but they sure as hell can break you.

    1. Re:Still Not Good by ginnocent · · Score: 3, Insightful

      Excellent point. It's clear that such software requires a feature that allows a user to do the following with minimal keystrokes :-

      'I'm about to be captured. Please assume anybody logging in as me is an evil cracker. Anything that can be decrypted with my key should be re-encrypted with the key of a 'safe' user who is registered with a 'safe' country'

      Determining 'safe' countries and 'users' would require some care. Perhaps a voting system of some kind? or Central control by the project maintainer (via their private key)?
      Both systems could be abused. The first system would be prone to the agents of the 'evil' army registering as users and overwheliming by force of numbers.

      The second system would put require all other users to trust the maintainer, and could be compromised by their capture and interrogation.
      (Being the maintainer of such a project would make one a target of many hostile intelligence agencies).

      I think the most trustworthy system would be a variant of the first, whereby all new users had to be declared 'trusted' by unanimous vote of current 'trusted' users. Of course this wouldn't scale to well, adding new user becoming slower and more difficult as each new user is added.
      Establishing trusted countries could be handled as follows :-

      1) If any trusted user claims a country cannot be trusted, then the system assumes the country cannot be trusted until 'reinstated' by unanimous vote.

      2) If any user who is registered to that country invokes the 'i've been captured' feature above, the country is no longer to be trusted until restored by unanimous vote.

      By unanimous vote I mean a unanimous vote of trusted users in trusted countries.

      Does this make sense?

  4. Don't expext the thugs to play fair by de+la+mettrie · · Score: 5, Insightful
    I'm sure this is, technically, good cryptography software. However, keep in mind that this software is explicitly designed to hide information from governmental law enforcement authorities. Therefore

    it is just as useful to criminals as to human rights workers. This is not, of course, a problem per se, but

    using this as a pretext, governments will simply ban possession and usage of this software. If they need any pretext, that is - in the kind of country this software is designed to be used, "human rights worker" is just another word for criminal.

    This kind of software is useful to preserve personal privacy in a civilized nation. In a thugocracy, however, the police will just confiscate your computer, or you will be extradited/tortured/shot for being in possession of this software.

    1. Re:Don't expext the thugs to play fair by the+eric+conspiracy · · Score: 4, Insightful

      However, keep in mind that this software is explicitly designed to hide information from governmental law enforcement authorities.

      This software is also designed to widely disseminate the information. Once the cat is out of the bag on a global basis it is out of the reach of any single governmental organization.

      the police will just confiscate your computer, or you will be extradited/tortured/shot for being in possession of this software.

      Some people care enough to risk their lives in this cause.

  5. Re:Just wondering sonething... by Ed+Avis · · Score: 4, Insightful

    The encryption system has two parts: an algorithm, which is publicly known, and a key, which is private. You need both to decrypt some data. The system is designed so that the key is required for decryption, it is not enough just to know the algorithm.

    OK - it might be a little bit harder if you didn't know the algorithm either, but would you trust an encryption system where the author said 'we can't disclose how it works, we're worried that if people knew that they might be able to break it'?

    --
    -- Ed Avis ed@membled.com
  6. This concerns me greatly. by Henry+Stern · · Score: 4, Insightful

    I see this software and I find myself very afraid. It neatly packages up a military grade cryptographic communications solution and makes it freely available to the public. While the people who it is intended for will benefit greatly from it, those who intend to do harm will also have easy access to it.

    Martus is a cryptographic solution: overt, secret communications. The people who this is intended for are already under surveilance by those who wish to do them and their contacts harm, so making the already-intercepted messages unreadable is the solution to this problem.

    Criminal organisations would likely need more of a steganographic solution: covert, secret communications. An often-overlooked fact about secret communications is that the mere presence of secret messages can be an indicator that something is going on.

    When Nazi Germany was using the Enigma, they had their communications officers send garbage messages[1] so that the Allies would not detect a sudden burst of communications activity indicating some sort of military action.

    If a terrorist organisation* were to begin using a system like this, any intelligence services watching them would be tipped off and would have to figure out what's going on the old fashioned way (we all know what that means). But, the fact is that they are alerted to what's going on and can then follow up.

    If you think about these points, I hope that your fears of evil people exploiting this effort may be eased. If anything, using this (or similar) software will tip their hands and expose that something is going on.

    *An organisation targetting civilians with violent actions to serve political means.

    [1] Simon Singh, The Code Book. (1999) Random House, New York

  7. Why this is a useless plan by Anonymous Coward · · Score: 3, Insightful

    I read the website, it seems the creators of Martus (along with humanitarian workers) are under the delusion that nothing gets done about these human rights violations because nobody knows about them.

    They are wrong, people do know about them (many of them).

    People don't give a shit. That's the problem, nobody wants to go solve other people's problems. It's not lack of awareness. Sure there is lack of awareness, and yes very few of the human rights violations of the world are documented.

    But fundamentally, people only care about their own problems even if they are much smaller in comparison. People do not want to sacrifice for others, especially people they dont know are dont have a cultural bond with. It's a combination of ignorance and apathy, with apathy being the MAJOR dominant factor.

    Martus and other projects like it will be a disappointment until people figure start caring about issues of human rights and try to solve them in a meaningful and logical manner (and that excludes the "let them kill each other" excuse/way).