Software to Support Human Rights

An anonymous reader writes "Some software rollouts have lives hanging in the balance. Human rights workers in massacre zones from El Salvador to Kosovo face prying eyes peering into their address books and logs, who follow up with bullets and poison gas. One project, Martus, takes these hostile environments into account: a leak can get whole families killed. They use encryption, distributed backup, and other techniques designed to survive the ultimate corrosive environment: vindictive armies in countrysides in the throes of war. The source code is open, to allow meaningful contributions from anyone willing to help. These people bet their lives on open source and private data. The sponsor organization, Benetech in Silicon Valley, funds projects that arm global rights workers, and people under siege, with communications tools that counterbalance the overwhelming force used to exterminate everything "Free"."

open source dangerous!

[SegaVegas]

The source code is open, to allow meaningful contributions from anyone,
[b]including people who do not mean well[b]
watch out!

Re:open source dangerous!

[cperciva]

While I suspect the parent post was intended as humour, it raises a good point: How carefully do people look over contributed code before including it?

Especially in the case of projects like this, I can see a significant danger of someone deliberately introducing a "mistake" which could completely compromise the system's security. With off-by-one errors routinely being found many years after they were initially introduced, I suspect that such an attempt could easily be successful.

Re:open source dangerous!

[Krapangor]

How carefully do people look over contributed code before including it?

Not often enough:
einstien@mensa> grep -e "31337|h4x0r|0wned|phear|ph34r|r00tk17|sex|pr0n|po rn" -l -r /usr/src/Linux/* | wc -l

237

Re:open source dangerous!

[exhilaration]

How carefully do people look over contributed code before including it?

They look over it very carefully - Patches can create security problems as well as stability issues. Maintainers aren't stupid enough to include untested patches from unknown persons. Their reputations are at stake, as is the reputation of the entire project.

The poor example from above is pulling words from the comments - and those contain the foulest language imaginable. There was a Slashdot article a while back about this.

Re:open source dangerous!

[mrogers]

The poor example from above is pulling words from the comments - and those contain the foulest language imaginable.

Hey, Finnish isn't that bad.

Re:open source dangerous!

[Tom]

Your count is slightly misleading. For example:

Documentation/filesystems/proc.txt: echo ':DEXE:M::\x0eDEX::/usr/bin/dosexec:' > register
drivers/sound/dev_table.h: int (*send_sysex)(int dev, unsigned char *bytes, int len);
arch/i386/kernel/setup.c: * misexecution of code under Linux. Owners of such processors should

and lots of @bytesex.org e-mail addresses. ;)

With all the new US laws

[miyako]

it might not be long untill we need this or something like it to protect us from our own homland security KGB.

Re:With all the new US laws

[paganizer]

Hate to tell you this....
brace yourself...

We are about a year+ past needing something like this ourselves.
Unfortunately, this won't work for us, because NO PLACE would be safe for the central database server.
Our only options are freenet & things of a like nature, which are decentralized.

On the other hand, you've got nothing to hide, aren't a terrorist, so you've nothing to fear, right?

right?

RIGHT, Citizen?

in times like these it's a good thing the founding fathers realized that future governments wouldn't play by the rules.

Re:With all the new US laws

[aminorex]

Here are Chip Berlett's 1992 characteristics of
historical fascism (as seen in Spain, Germany,
Italy and Japan):

*** Nationalism and super-patriotism with a sense of historic mission.

*** Aggressive militarism even to the extent of glorifying war as good for the national or individual spirit.

*** Use of violence or threats of violence to impose views on others (fascism and Nazism both employed street violence and state violence at different moments in their development).

*** Authoritarian reliance on a leader or elite not constitutionally responsible to an electorate.

*** Cult of personality around a charismatic leader.

*** Reaction against the values of Modernism, usually with emotional attacks against both liberalism and communism.

*** Exhortations for the homogeneous masses of common folk (Volkish in German, Populist in the U.S.) to join voluntarily in a heroic mission_often metaphysical and romanticized in character.

*** Dehumanization and scapegoating of the enemy_seeing the enemy as an inferior or subhuman force, perhaps involved in a conspiracy that justifies eradicating them.

*** The self image of being a superior form of social organization beyond socialism, capitalism and democracy.

*** Elements of national socialist ideological roots, for example, ostensible support for the industrial working class or farmers; but ultimately, the forging of an alliance with an elite sector of society.

*** Abandonment of any consistent ideology in a drive for state power.

Just wondering sonething...

[Altima(BoB)]

If the encryption software is open source, doesn't that mean that hostiles who want to break the encryption can use the source to make sonething to counter the encryption?

I have a vague idea on why that's not so, but nothing definate. I heard it being compared to trying to put a sausage into a meat grinder backwards to make a pig.

Re:Just wondering sonething...

[^Case^]

It is not easier to decrypt a good encryption even if you know every little detail of the encryption algorithm. Actually the consensus in the cryptography community is that if an algorithm is not published openly for everybody to poke at it cannot be trusted.

Just think how many different DSA/SSL/etc. implementations there are out there and several of these in opensource.

Re:Just wondering sonething...

[Ed+Avis]

The encryption system has two parts: an algorithm, which is publicly known, and a key, which is private. You need both to decrypt some data. The system is designed so that the key is required for decryption, it is not enough just to know the algorithm.

OK - it might be a little bit harder if you didn't know the algorithm either, but would you trust an encryption system where the author said 'we can't disclose how it works, we're worried that if people knew that they might be able to break it'?

Re:Just wondering sonething...

[collapser]

i can see how it can work in a communications context, but how does this work in the case of an addressbook/contact list?

such a device would require knowledge of a key/passcode on the owner's behalf simply to access the device/transmission/address. chances are you will find the key-bearer w/ the device. and when they do i suppose it wouldnt be difficult to 'extract' this key from the holder.

2 way comms i can understand, but as long as you can get the password/fingerprint/retina required for access out of the user, then such safeguards seem pointless.

all of the security safeguards we usually employ are with respect to people doing it behind your back without your 'assistance'.. ..much better would be to obfuscate the access method or even disguse the device as something seemingly innocuous - say a minidisk recorder with 'easter egg' access.

L, R, L, R, U, D, U, D, Select + Start ;)

Re:Just wondering sonething...

[Ed+Avis]

Yes they can get the key out of you ('rubber hose cryptanalysis') but there are some systems where you can have several keys and each key reveals different data - so you could disclose a key which gives a dummy, fairly uninformative address book. Then there is no way to show that extra data is hidden unless you have the extra keys. This means that when you say 'I have told you everything I know' there is no way to verify that claim. This has both good and bad points.

Disguising the data in something else like a minidisk recorder is a good idea but obviously not everyone can do that - each person must choose a different kind of disguise, so it gets tricky.

Vim

[Yag]

Also vim helps human rights... "Uganda licence" is a good idea to make OS Software even more useful...

Possession

[xixax]

And soon enough even the possession of these kinds of tools will be enough to put people in jail. After all, they were probably using them to swap MP3s or kiddie-pr0n or even plan terrorist acts.

Strong crypto is only a part of the answer (whatever that answer may be).

Xix.

Re:Possession

[enigmiac]

what makes you think there is an answer? this is an issue that I am torn on. how is it possible to stop terrorism and child pr0n, with out eliminating human rights? I believe very strongly in personal freedom, but at the same time, I believe that my rights end where yours begin. as long as what I'm doing doesn't affect anyone else, I don't see how it can be wrong. at the same time, how can we tell when some form of communication is about to affect others negativly without inspecting it all (which I find deplorable)? if anyone has an answer, I'd love to hear it

Re:Possession

[arvindn]

Freenet is an internet infrastructure for completely anonymous communication (its been mentioned on /. before). I imagine it would be an excellent tool for human rights workers. Note that freenet is not tailored for specific content or applications, and so anyone can benefit from it.

If most people (or atleast a majority of people) started using freenet, it would change the internet in a fundamental way: it would be no longer possible to outlaw freenet. I don't see this happening anytime soon, because most people still enjoy freedom of speech. But if there were to arise a global dictator, technology has given us a way to fight back.

Re:Possession

[mav[LAG]]

Phil Zimmermann has faced this issue for a lot longer than most of us. Read his thoughts here and the thoughts of some of the beneficiaries of PGP here. Restricting technology because it has the capacity to be used for evil is a slippery slope.

Still Not Good

The evil army will just beat your key out of you. They aren't just going to try a few codes and walk off; they are going to break out the hoses and the electric generators. They may not be able to break the encryption, but they sure as hell can break you.

Re:Still Not Good

[ginnocent]

Excellent point. It's clear that such software requires a feature that allows a user to do the following with minimal keystrokes :-

'I'm about to be captured. Please assume anybody logging in as me is an evil cracker. Anything that can be decrypted with my key should be re-encrypted with the key of a 'safe' user who is registered with a 'safe' country'

Determining 'safe' countries and 'users' would require some care. Perhaps a voting system of some kind? or Central control by the project maintainer (via their private key)?
Both systems could be abused. The first system would be prone to the agents of the 'evil' army registering as users and overwheliming by force of numbers.

The second system would put require all other users to trust the maintainer, and could be compromised by their capture and interrogation.
(Being the maintainer of such a project would make one a target of many hostile intelligence agencies).

I think the most trustworthy system would be a variant of the first, whereby all new users had to be declared 'trusted' by unanimous vote of current 'trusted' users. Of course this wouldn't scale to well, adding new user becoming slower and more difficult as each new user is added.
Establishing trusted countries could be handled as follows :-

1) If any trusted user claims a country cannot be trusted, then the system assumes the country cannot be trusted until 'reinstated' by unanimous vote.

2) If any user who is registered to that country invokes the 'i've been captured' feature above, the country is no longer to be trusted until restored by unanimous vote.

By unanimous vote I mean a unanimous vote of trusted users in trusted countries.

Does this make sense?

Re:Still Not Good

[spitzak]

This is for use by people who will not be tortured for the keys, ie the UN workers who will be kicked out of the country after their equipment is confiscated. With this that equipment will not give the evil army information that they want.

If you really care about freedom!

Boycott Redhat, never ever use or install Redhat personally or in your work.

Redhat supported tyrannic mainland China against democratic Taiwan and gladly removed Taiwans status as independant in their latest distributions. The only reason is to make more dollars from China.

It should be notet that companies like HP and Microsoft has refused to remove Taiwans status as independant despite pressure and fines from the dictatorship in China.

There is plenty of really good distributions, there is simply no need to support tyranny.

Can This Work?

[DASHSL0T]

I mean, the Government says "give me your decryption key or we will put you in jail until you do". Here the choice will be giving up your key vs. giving up your life. Unless someone is VERY dedicated and brave, they are going to give up the key when they have a gun to their head (or worse).

Re:Can This Work?

[the+eric+conspiracy]

"give me your decryption key or we will put you in jail until you do"

Having the key won't do you any good once the data is sent to a server in another country.

In some situations

[xixax]

Hence my other comment somewhere in here.

If it's a high profile, or an International organisation that can tell the authorities where to stick it, crypto can be very valuable. For example, to keep intercepted communications secret. OTOH, no amount of crypto is going to do you any good if they can haul you away and beat it out of you.

It's a very useful tool, but only in the right circumstances.

Xix.

Don't expext the thugs to play fair

[de+la+mettrie]

I'm sure this is, technically, good cryptography software. However, keep in mind that this software is explicitly designed to hide information from governmental law enforcement authorities. Therefore

it is just as useful to criminals as to human rights workers. This is not, of course, a problem per se, but

using this as a pretext, governments will simply ban possession and usage of this software. If they need any pretext, that is - in the kind of country this software is designed to be used, "human rights worker" is just another word for criminal.

This kind of software is useful to preserve personal privacy in a civilized nation. In a thugocracy, however, the police will just confiscate your computer, or you will be extradited/tortured/shot for being in possession of this software.

Re:Don't expext the thugs to play fair

[the+eric+conspiracy]

However, keep in mind that this software is explicitly designed to hide information from governmental law enforcement authorities.

This software is also designed to widely disseminate the information. Once the cat is out of the bag on a global basis it is out of the reach of any single governmental organization.

the police will just confiscate your computer, or you will be extradited/tortured/shot for being in possession of this software.

Some people care enough to risk their lives in this cause.

Re:Don't expext the thugs to play fair

[Stonehand]

Everybody has a breaking point.

Most people, for instance, would probably talk if the alternative was seeing acid injected into the eyeballs of their coworkers, or being forced to watch the slow execution of villagers they're supposed to be helping and then to eat their remains.

A related project

[ronys]

People interested in this might also be interested in the rubberhose project.

From the homepage:

"Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanisms, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST."

Re:A related project

[cliffiecee]

You didn't snip enough to tell folks the REAL power of Rubberhose.

It is possible to create encrypted containers 'embedded' in other ecrypted containers (Matryoshka-doll fashion), each protected with a password. So when the 'thugs' come knocking, you can give them a password which will unlock the outer container, without compromising the inner ones (which, obviously, aren't visible- you have to KNOW they exist).

Of course, the thugs already know about this software, so you can repeat the above process- give them three passwords and then say "that's all there is"- they can't prove otherwise.

Let's be pragmatic, though- this is only going to work if you believe the thugs would let you go if they couldn't prove anything. Otherwise, it's simpler to use gpg and a cyanide pill.

This concerns me greatly.

[Henry+Stern]

I see this software and I find myself very afraid. It neatly packages up a military grade cryptographic communications solution and makes it freely available to the public. While the people who it is intended for will benefit greatly from it, those who intend to do harm will also have easy access to it.

Martus is a cryptographic solution: overt, secret communications. The people who this is intended for are already under surveilance by those who wish to do them and their contacts harm, so making the already-intercepted messages unreadable is the solution to this problem.

Criminal organisations would likely need more of a steganographic solution: covert, secret communications. An often-overlooked fact about secret communications is that the mere presence of secret messages can be an indicator that something is going on.

When Nazi Germany was using the Enigma, they had their communications officers send garbage messages[1] so that the Allies would not detect a sudden burst of communications activity indicating some sort of military action.

If a terrorist organisation* were to begin using a system like this, any intelligence services watching them would be tipped off and would have to figure out what's going on the old fashioned way (we all know what that means). But, the fact is that they are alerted to what's going on and can then follow up.

If you think about these points, I hope that your fears of evil people exploiting this effort may be eased. If anything, using this (or similar) software will tip their hands and expose that something is going on.

*An organisation targetting civilians with violent actions to serve political means.

[1] Simon Singh, The Code Book. (1999) Random House, New York

Re:This concerns me greatly.

[hughk]

It concerns me that you should believe that the state is to be any more trusted with information than law-abiding individuals.

Under recent laws, not just in the US, but in other countries like the UK, you may be forced to disclose keys. The state by definition is generally law abiding, but the officers of the state are individuals. Some of those, I may trust, some I definitely will not. Yes there are criminals working for the state too.

Once information is acquired, it can not be forgotten. It may then be abused by the less honest state officials.

You raise the prospect of terrorists using this system. Look, I do not need crypto to tell a terrorist to attach. In WW2, the British SOE used the BBC to send messages to the French Resistance.

Re:This concerns me greatly.

[frdmfghtr]

I see this software and I find myself very afraid. It neatly packages up a military grade cryptographic communications solution and makes it freely available to the public. While the people who it is intended for will benefit greatly from it, those who intend to do harm will also have easy access to it.

Such is the price of Open Source and the desire for freedom of speech. Should a terrorist organization start using strong encryption, they could do as the Germans and send those "garbage" messages so that the level of communication traffic is relatively constant. One would have thought they would have figured this out by now, but I guess not.

I would be more concerned of such cryptography were NOT available to the public. I have just as much right to secure my data and communications as anybody, and I'm not a political activist, human rights worker, or terrorist. PGP secures data on my Windows box, and I try to encourage the use of PGP in e-mail whenever possible (besides the fact that spammers don't use it and it would make spam filtering SOOO easy, but that was the topic of another post some time ago).

Re:This concerns me greatly.

[blibbleblobble]

"I see this software and I find myself very afraid. It neatly packages up a military grade cryptographic communications solution and makes it freely available to the public."

As opposed to the people who package up miltary-grade firearms and make them freely available to the public?

Or indeed, to Iran, China, Iraq, Indonesia, and others...

Re:This concerns me greatly.

Forget the rest of this. I don't think you grasp what Martus is really about.

It's about whisking incriminating data out of the reach of the powerful and into the hands of the rest of the world.

The more easily this data slips through their hands, the more circumspect the fascists will be about harming people (at the very least).

Why this is a useless plan

I read the website, it seems the creators of Martus (along with humanitarian workers) are under the delusion that nothing gets done about these human rights violations because nobody knows about them.

They are wrong, people do know about them (many of them).

People don't give a shit. That's the problem, nobody wants to go solve other people's problems. It's not lack of awareness. Sure there is lack of awareness, and yes very few of the human rights violations of the world are documented.

But fundamentally, people only care about their own problems even if they are much smaller in comparison. People do not want to sacrifice for others, especially people they dont know are dont have a cultural bond with. It's a combination of ignorance and apathy, with apathy being the MAJOR dominant factor.

Martus and other projects like it will be a disappointment until people figure start caring about issues of human rights and try to solve them in a meaningful and logical manner (and that excludes the "let them kill each other" excuse/way).

The real benefit of Martus

[regen]

is not that it uses cryptography. It basicly uses pgp, which you or any terrorist or human rights (HR) activist could download. But the software isn't about just sending encrypted messages, which is all terrorists would want.

The point is that in Martus, the crypto is integrated into a package that allows HR groups to a) send the data to a secure server, where there is b) a central database, and c) allow other, approved groups to view the data. This allows HR groups to get the info out from problematic areas to a place where the international community can see what's going on. Sure, terrorists could use the software to send messages, but what the heck do they need a database for? For HR groups, the problematic gov't could come cart off every computer and piece of paper in their office, and the data would still be secure and accessible. And as soon as they got access to another computer, they could start adding to it again.

Re:Java

[hughk]

The main offices all have reasonable systems, Pentium 2s or better. Roaming field workers for HROs may have quite reasonable laptops. Field offices may have just 486s. PCs tend to get looted or are gratuitously destroyed by militia, so you don't really want to have your latest cool stuff there.

Please remember that Java can be compiled. When it is, it can run ok even on older systems. We did a stock exchange client in Uzbekistan in Java on a 32MB 66MHz 486 under Win98SE because that was all they had available for the dealers at the exchange.

Oh please.

[error0x100]

Redhat supported tyrannic mainland China

Oh please, if you all feel so strongly about tyrannic China, then why don't we see a boycott of Chinese products? Take a look around you and see how many products you use all the time that were "made in China". My Microsoft mouse, my Logitech mouse, my keyboard at work, some of the parts inside my computer, my Microcom modem etc, all made or assembled in China. Americans don't want to support China's tyranny, but they don't feel so strongly about it that they will stop buying China's cheaper products as a protest.