[liberationtech] Safer submission of content to news organizations

[Michael Rogers]

Hi Okhin,

On 19/01/12 10:51, Okhin wrote:
> I totally agree with the
> fact that idiot-proof system can fail at security (see WPS), but if it
> needs a degree of computer engineering to send a document, nobody will
> uses it.

Is it better for someone to walk away from a secure system or to use an
insecure system?

I think the answer depends on whether the person understands the risks
involved. I'm not opposed to giving people an informed choice between
risk and convenience. What I'm opposed to is giving people choices that
contain hidden risks they don't understand.

Unfortunately, since the system can't tell whether the user's making an
informed or uninformed choice, there's no way to build an insecure
system without exposing technically unskilled users to risks they
haven't chosen.

> We need to educate people and journalists to uses those tool on a
> daily basis, but keeping the things out of reach of non tech-savvy
> people kind of destroy the purpose of having a WB platform.
> 
> Tech-savvy people will always find a way to use more security than the
> minimum level, so they're not the target of such a platform I think. We
> need to think about people who does not understand how communications
> work.

Yes, I agree that we should think about those people, which is why we
shouldn't build insecure but easy-to-use systems. Those people are
exactly the ones who'd be endangered by such systems.

Of course, neither security nor usability is black and white. Perhaps
it's better to talk about levels of risk and levels of difficulty. So
when designing a system we might ask: first, what's an acceptable level
of risk for the least-informed user of the system; and second, what's
the easiest system that doesn't exceed that level of risk?

The second question is technical, but the first is really political.

Cheers,
Michael