[liberationtech] The security and ethics of mapping in repressive environments

[Jonah Silas Sheridan]

Thanks for posting this Katrin.

I am actually impressed by the writeup, as it is far beyond what most
activists I have been around are doing. My own concern would be why
encryption gets short shrift - why no encrypted local filesystem, why no
PGP emails, etc. Without those tools, deleting sensitive materials
(logs, files, emails) just made the forensics harder, not impossible....

Although I agree *absolutely* with Jacob, I have worked with numerous
U.S. based NGO's, many doing international and/or human rights work, and
don't think I have ever gotten a single individual to conform to even
these incomplete best practices. And that lack of movement, it seems to
me, is the true barrier to penetration of these better tools.

I think the Skype use case is a good example. As Danny stated:
>> Right now I'd say people
>> feel it falls in the  "gmail" category – not the best thing to use by
>> a long chalk, but certainly better than nothing.
And:
>> The in-the-wild attacks on Skype
>> users I *have* heard all involve attacks that compromise the client
>> or obtain user passwords through malware. That combined with the
>> circumstantial evidence that of state-actors' apparent fury at Skype
>> for not providing intercept access would seem to point that it's not
>> *garbage* per se. Or at least make it hard to compellingly onvince
>> people to move off it.
My own observations from working with NGO's mirrors Danny's. Folks are
using Skype, warts and all, because it meets their immediate need better
than the alternatives, which almost all demand some level of technical
facility/staffing/training to operate and so are a non-starter for most
of them. And this cultural bent around seeing Skype as
anti-authoritarian, and "common enough" does not help the cause of those
of us trying to redirect the narrative to potential harmful outcomes and
alternate best practices, regardless of the threat model. In short, it
just "doesn't matter enough" and the possible harm is abstract enough
(and counter to the status quo) to overcome the barriers to better
solutions.

My restating of Jacob's quick response is that these harmful outcomes
are very real and that the vulnerability arises from Skype's
architecture. Because they use proprietary encryption and transport
methods, there is no way to properly audit Skype for security. Beyond
that, they are clearly known to use vulnerable components (e.g. VBR) in
their product. This is why Jacob states it is their responsibility to
prove to us it is secure, not the other way around. In turn the only
way, truly, to verify the insecurity of the tool is when there is a
breach, and that could have terrible consequences. As I have often told
folks, "You don't want to discover your systems were insecure through
somebody in your community's death, incarceration or repression." Is
that a fair restatement? Can you imagine using that to successfully make
a "compelling case" to a non-techie on why not to use Skype? Me neither...

My answer then to Danny's question about how Skype is compromised is
that it doesn't matter, or it matters less than the sector wide
acceptance of the status quo over the facts of the matter, or the
opinions of "us experts."

So my question to the community is how we shift the conversation within
organizations/communities of activists to one not of perceived risks
(non-risks), or industry norms, but of actual effective steps to
protecting yourself and those with whom you communicate? Is it really a
question of building the better tools and then pushing them out?

Hope this is a useful addition to the conversation -- writing it up was
very helpful for me to organize my thoughts on these issues. :-)

Jonah

-- 
**********************************
jonah silas sheridan
email:jonahsilas at jonahsilas.net
skype, gchat, twitter:jonahsilas
**********************************