Slashdot Mirror

← Back to Stories (view on slashdot.org)

Software to Support Human Rights

Posted by michael on from the pretty-good-publicity dept.

An anonymous reader writes "Some software rollouts have lives hanging in the balance. Human rights workers in massacre zones from El Salvador to Kosovo face prying eyes peering into their address books and logs, who follow up with bullets and poison gas. One project, Martus, takes these hostile environments into account: a leak can get whole families killed. They use encryption, distributed backup, and other techniques designed to survive the ultimate corrosive environment: vindictive armies in countrysides in the throes of war. The source code is open, to allow meaningful contributions from anyone willing to help. These people bet their lives on open source and private data. The sponsor organization, Benetech in Silicon Valley, funds projects that arm global rights workers, and people under siege, with communications tools that counterbalance the overwhelming force used to exterminate everything "Free"."

18 of 194 comments (clear)

  1. open source dangerous! by SegaVegas · · Score: 5, Insightful

    The source code is open, to allow meaningful contributions from anyone,
    [b]including people who do not mean well[b]
    watch out!

    1. Re:open source dangerous! by cperciva · · Score: 5, Insightful

      While I suspect the parent post was intended as humour, it raises a good point: How carefully do people look over contributed code before including it?

      Especially in the case of projects like this, I can see a significant danger of someone deliberately introducing a "mistake" which could completely compromise the system's security. With off-by-one errors routinely being found many years after they were initially introduced, I suspect that such an attempt could easily be successful.

      --
      Tarsnap: Online backups for the truly paranoid
    2. Re:open source dangerous! by Krapangor · · Score: 4, Funny
      How carefully do people look over contributed code before including it?

      Not often enough:
      einstien@mensa> grep -e "31337|h4x0r|0wned|phear|ph34r|r00tk17|sex|pr0n|po rn" -l -r /usr/src/Linux/* | wc -l

      237

      --
      Owner of a Mensa membership card.
    3. Re:open source dangerous! by exhilaration · · Score: 4, Informative
      How carefully do people look over contributed code before including it?

      They look over it very carefully - Patches can create security problems as well as stability issues. Maintainers aren't stupid enough to include untested patches from unknown persons. Their reputations are at stake, as is the reputation of the entire project.

      The poor example from above is pulling words from the comments - and those contain the foulest language imaginable. There was a Slashdot article a while back about this.

  2. With all the new US laws by miyako · · Score: 5, Insightful

    it might not be long untill we need this or something like it to protect us from our own homland security KGB.

    --
    Famous Last Words: "hmm...wikipedia says it's edible"
  3. Vim by Yag · · Score: 4, Interesting

    Also vim helps human rights... "Uganda licence" is a good idea to make OS Software even more useful...

  4. Possession by xixax · · Score: 5, Interesting

    And soon enough even the possession of these kinds of tools will be enough to put people in jail. After all, they were probably using them to swap MP3s or kiddie-pr0n or even plan terrorist acts.

    Strong crypto is only a part of the answer (whatever that answer may be).

    Xix.

    --
    "Everything is adjustable, provided you have the right tools"
    1. Re:Possession by enigmiac · · Score: 4, Interesting

      what makes you think there is an answer? this is an issue that I am torn on. how is it possible to stop terrorism and child pr0n, with out eliminating human rights? I believe very strongly in personal freedom, but at the same time, I believe that my rights end where yours begin. as long as what I'm doing doesn't affect anyone else, I don't see how it can be wrong. at the same time, how can we tell when some form of communication is about to affect others negativly without inspecting it all (which I find deplorable)? if anyone has an answer, I'd love to hear it

    2. Re:Possession by arvindn · · Score: 5, Informative
      Freenet is an internet infrastructure for completely anonymous communication (its been mentioned on /. before). I imagine it would be an excellent tool for human rights workers. Note that freenet is not tailored for specific content or applications, and so anyone can benefit from it.

      If most people (or atleast a majority of people) started using freenet, it would change the internet in a fundamental way: it would be no longer possible to outlaw freenet. I don't see this happening anytime soon, because most people still enjoy freedom of speech. But if there were to arise a global dictator, technology has given us a way to fight back.

  5. Still Not Good by Anonymous Coward · · Score: 5, Insightful

    The evil army will just beat your key out of you. They aren't just going to try a few codes and walk off; they are going to break out the hoses and the electric generators. They may not be able to break the encryption, but they sure as hell can break you.

  6. If you really care about freedom! by Anonymous Coward · · Score: 4, Informative

    Boycott Redhat, never ever use or install Redhat personally or in your work.

    Redhat supported tyrannic mainland China against democratic Taiwan and gladly removed Taiwans status as independant in their latest distributions. The only reason is to make more dollars from China.

    It should be notet that companies like HP and Microsoft has refused to remove Taiwans status as independant despite pressure and fines from the dictatorship in China.

    There is plenty of really good distributions, there is simply no need to support tyranny.

  7. Don't expext the thugs to play fair by de+la+mettrie · · Score: 5, Insightful
    I'm sure this is, technically, good cryptography software. However, keep in mind that this software is explicitly designed to hide information from governmental law enforcement authorities. Therefore

    it is just as useful to criminals as to human rights workers. This is not, of course, a problem per se, but

    using this as a pretext, governments will simply ban possession and usage of this software. If they need any pretext, that is - in the kind of country this software is designed to be used, "human rights worker" is just another word for criminal.

    This kind of software is useful to preserve personal privacy in a civilized nation. In a thugocracy, however, the police will just confiscate your computer, or you will be extradited/tortured/shot for being in possession of this software.

    1. Re:Don't expext the thugs to play fair by the+eric+conspiracy · · Score: 4, Insightful

      However, keep in mind that this software is explicitly designed to hide information from governmental law enforcement authorities.

      This software is also designed to widely disseminate the information. Once the cat is out of the bag on a global basis it is out of the reach of any single governmental organization.

      the police will just confiscate your computer, or you will be extradited/tortured/shot for being in possession of this software.

      Some people care enough to risk their lives in this cause.

  8. Re:Just wondering sonething... by Ed+Avis · · Score: 4, Insightful

    The encryption system has two parts: an algorithm, which is publicly known, and a key, which is private. You need both to decrypt some data. The system is designed so that the key is required for decryption, it is not enough just to know the algorithm.

    OK - it might be a little bit harder if you didn't know the algorithm either, but would you trust an encryption system where the author said 'we can't disclose how it works, we're worried that if people knew that they might be able to break it'?

    --
    -- Ed Avis ed@membled.com
  9. A related project by ronys · · Score: 4, Informative

    People interested in this might also be interested in the rubberhose project.

    From the homepage:

    "Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanisms, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST."

    --
    Ubi dubium ibi libertas: Where there is doubt, there is freedom.
    1. Re:A related project by cliffiecee · · Score: 4, Interesting

      You didn't snip enough to tell folks the REAL power of Rubberhose.

      It is possible to create encrypted containers 'embedded' in other ecrypted containers (Matryoshka-doll fashion), each protected with a password. So when the 'thugs' come knocking, you can give them a password which will unlock the outer container, without compromising the inner ones (which, obviously, aren't visible- you have to KNOW they exist).

      Of course, the thugs already know about this software, so you can repeat the above process- give them three passwords and then say "that's all there is"- they can't prove otherwise.

      Let's be pragmatic, though- this is only going to work if you believe the thugs would let you go if they couldn't prove anything. Otherwise, it's simpler to use gpg and a cyanide pill.

  10. This concerns me greatly. by Henry+Stern · · Score: 4, Insightful

    I see this software and I find myself very afraid. It neatly packages up a military grade cryptographic communications solution and makes it freely available to the public. While the people who it is intended for will benefit greatly from it, those who intend to do harm will also have easy access to it.

    Martus is a cryptographic solution: overt, secret communications. The people who this is intended for are already under surveilance by those who wish to do them and their contacts harm, so making the already-intercepted messages unreadable is the solution to this problem.

    Criminal organisations would likely need more of a steganographic solution: covert, secret communications. An often-overlooked fact about secret communications is that the mere presence of secret messages can be an indicator that something is going on.

    When Nazi Germany was using the Enigma, they had their communications officers send garbage messages[1] so that the Allies would not detect a sudden burst of communications activity indicating some sort of military action.

    If a terrorist organisation* were to begin using a system like this, any intelligence services watching them would be tipped off and would have to figure out what's going on the old fashioned way (we all know what that means). But, the fact is that they are alerted to what's going on and can then follow up.

    If you think about these points, I hope that your fears of evil people exploiting this effort may be eased. If anything, using this (or similar) software will tip their hands and expose that something is going on.

    *An organisation targetting civilians with violent actions to serve political means.

    [1] Simon Singh, The Code Book. (1999) Random House, New York

  11. The real benefit of Martus by regen · · Score: 4, Informative

    is not that it uses cryptography. It basicly uses pgp, which you or any terrorist or human rights (HR) activist could download. But the software isn't about just sending encrypted messages, which is all terrorists would want.

    The point is that in Martus, the crypto is integrated into a package that allows HR groups to a) send the data to a secure server, where there is b) a central database, and c) allow other, approved groups to view the data. This allows HR groups to get the info out from problematic areas to a place where the international community can see what's going on. Sure, terrorists could use the software to send messages, but what the heck do they need a database for? For HR groups, the problematic gov't could come cart off every computer and piece of paper in their office, and the data would still be secure and accessible. And as soon as they got access to another computer, they could start adding to it again.

    --
    The Economics of Website Security