When most people think of digital security, the first topic that comes to mind is Edward Snowden and the NSA. But coverage of the wiretap on German Chancellor Angela Merkel’s phone or the leaked NSA documents published in the Guardian do not address the problems most people face in this new digital security world. While these headlines stoke outrage, they bury the real issues that that journalists and activists will face going forward.
For example, while Snowden was off on a Carmen Sandiego-like galavant across the globe, a little known “secure” email provider named Lavabit was beginning the slow and painful process of shutting its doors, turning off the lights, and going out of business. Because Snowden used Lavabit’s secure email service to transfer files, data, and other secret information to reporters, the F.B.I. ordered Lavabit to hand over user information, including the volume of each and every data transfer and the “source and destination” of all communications. The F.B.I. made these requests legally because the structure of email – in its current form – mandates that email providers store user data on servers, usually third-party servers, and transfer information through a digital ether where it can be intercepted, making plain text email, therefore, completely insecure. Lavabit opted to go out of business instead of giving over user data.
keeping email secure
Email is the nature of our digital communication world right now, and it is just now beginning to address security. Prior to email, if you wanted to send secure information you could put it in a sealed envelope and mail it to the destination. Unless the package was intercepted along the way, there was no infrastructure that could allow a company or government body to learn about the contents of that package months after the fact; a subpoena to the postal service, for example, would be fruitless, even if there was such a feature as tracking added to your package.
Perhaps the prevalence of email makes people like to feel as though it is currently at its idyllic iteration, but frankly that could not be further from the truth. Lavabit and Washington, D.C.-based encryption technology firm Silent Circle have recently formed the Dark Mail Alliance to create a secure email, launching a Kickstarter campaign two months ago to generate funding. As of Nov. 5 they had raised just over $15,000. This endeavor is clearly only the beginning.
Additionally, secure SMS and web-based messaging platforms are in development and available to users, but they have their own hurdles to overcome ranging from building comprehensible user interfaces that everyday users can understand to more established issues like data tracking and telecommunications regulations.
However, being able to securely transmit data is only part of the battle. Mobile phone applications that can successfully track individuals in conflict zones and allow them to notify people when they are in physical danger are also on the horizon. For journalists, activists and citizen reporters who put their lives and their livelihoods at risk to deliver vital information, learning how to securely transfer data is part of the struggle. The ability to enter and exit a conflict zone, to continue to deliver the news that people need, is the overarching struggle.
At the end of the day, software only goes so far and it is up to individuals, communities, and organizations to take the necessary precautions to remain safe and secure both digitally and physically. In this new digital environment, it’s up to us to delve into the chaos, to make sense of this digital world, so that we can collectively enhance our security in the years ahead.
Barrett Holmes Pitner is the Director of Journalism, Communications and Strategy at CommunityRED, a Washington, DC-based non-profit that develops digital security tools for journalists, activists and citizen reporters working in conflict zones. He is a graduate of the Medill School of Journalism at Northwestern University and has covered issues ranging from human rights abuses, nation building and Beltway politics. Recently he served as the senior global editor at Cont3nt.com, a DC-based journalism startup, and prior to that he covered conflicts in Africa for the Institute for War & Peace Reporting and was a multimedia producer at National Journal.
OpenITP improves and increases the distribution of open source anti-surveillance and anti-censorship tools by providing the communities behind these tools with many kinds of support. Follow us at @OpenITP If you would like to contribute to this column or learn more, contact Sandra Ordonez at sandraordonez AT OpenITP DOT org.
galavant? really?? in russia?
Oh cheese and rice. Read how Lavabit WAS providing data (because the service was never ‘secure’ in the first place), but then decided to try and extort taxpayers for the ‘cost of automation’, and then shut down in a hissy fit –
http://t.co/zr6NzVCRSD
$3500 is most certainly an unreasonable cost for a programmer who supposedly wrote the entire code base of an email service. All of a sudden it takes, what, 170 hours (@$200/hr), to write a filter? Whatever.
For individuals, we must pay more attention to personal data security, even though it’s stored in our own PC or flash drives. Some even don’t beware of the importance of data security. In order to prevent our data being stolen or breached by others,we’d better lock it with useful file encryption program(http://www.kakasoft.com/folder-encryption/how-to-encrypt-files.html). I have used such kind of software for years, and it works well.