[liberationtech] SMS questions
Robert Munro
robert.munro at gmail.com
Wed Aug 28 16:15:47 PDT 2013
Take the advice *not* to use SMS. I'd also avoid any NGO software that
insists it was written for humanitarian purposes: this branding is
usually skin deep and they are often less secure than off-the-shelf
software. There are exceptions, like much of what Benetech produces,
but if you need to ask lists about security and you are working from
scratch on a tight timeline, like you say, then you are not in a
position to adequately evaluate the pros and cons.
If your main concern is that election monitoring reports are being
read by the local government while in transit via the phone networks,
then I would recommend Email rather than SMS, and have the reporters
use an email provider that defaults to SSL (like gmail).
This is assuming that you are not worried about the following things:
1- the local government knowing about the *existence* of the system,
if not the content of every report.
2- the identities of reporters being discovered.
3- the implications of individual reporters and/or their devices in
the country being physically compromised.
If the security situation is critical enough that any of these three
points concerns you, then should probably avoid digital reporting
entirely, or find someone qualified in security to take the lead.
Otherwise, there's a good chance you'll just be helping the local
government identify their wanted dissidents, and ultimately do more
harm than good.
Rob
ps: Is the "small far, far away country" Luxembourg or Andorra?
On 28 August 2013 15:40, elijah <elijah at riseup.net> wrote:
> On 08/27/2013 09:36 AM, Richard Brooks wrote:
>
>> I have colleagues living in a small country, far, far
>> away with a history of rigged elections who want to
>> put in place a system for collecting information
>> using SMS. The local government keeps shutting
>> down the systems that they put in place.
>
> As you probably know, the main solutions people use for this are
> Ushahidi or FrontlineSMS, but neither of these are secure enough for
> your needs, I think.
>
> FrontlineSMS has a good rundown of risks here:
>
> http://www.frontlinesms.com/wp-content/uploads/2011/08/frontlinesms_userguide.pdf
>
> Guardian created a fork of the Ushahidi android app to support encrypted
> transport, but it requires a data plan (and maybe isn't maintained?):
>
> https://guardianproject.info/2010/03/10/ushahidi-linda-testimony-protection/
>
> If you want secure reporting over SMS as the transport, I think your
> only option is moxie's TextSecure android app. This will not help in
> processing the reports, but it will allow the reports to be securely
> submitted. The government will still be able to identify and shut down
> this approach by identifying which devices are sending encrypted SMS
> messages or by blocking the number that reports are submitted to.
>
> The final option is to use SMS over satellite phones. Supposedly, this
> works very well, but is monstrously expensive.
>
> -elijah
> --
> Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
--
Idibon
www.idibon.com
www.robertmunro.com
More information about the liberationtech
mailing list