Communications security for journalists Ian Brown Hidden Footprints Ltd.

Introduction A rough guide to the Internet and cryptography Secure Web-based e-mail Pretty Good Privacy – PGP Securing phone calls Traffic analysis Freedom

A rough guide to the Internet and cryptography

Secure Web-based e-mail

Pretty Good Privacy – PGP

Securing phone calls

Traffic analysis

Freedom

The Internet All data – e-mail, Web pages, files – is sent using the Internet Protocol (IP) This chops up information into small ‘packets’ that can flow by many routes across the Internet Web and mail servers can be anywhere on the Internet

All data – e-mail, Web pages, files – is sent using the Internet Protocol (IP)

This chops up information into small ‘packets’ that can flow by many routes across the Internet

Web and mail servers can be anywhere on the Internet

Internet surveillance Packets can be monitored at many points – from you to ISP, on their network, en route to destination Servers can also monitor messages, Web pages visited, etc. Even your PC is vulnerable

Packets can be monitored at many points – from you to ISP, on their network, en route to destination

Servers can also monitor messages, Web pages visited, etc.

Even your PC is vulnerable

Cryptography Fundamental technology to protect information Data is encrypted and decrypted using secret “keys” Public-key cryptography uses a pair of keys: one public, one private You can also digitally sign information In common use as SSL

Fundamental technology to protect information

Data is encrypted and decrypted using secret “keys”

Public-key cryptography uses a pair of keys: one public, one private

You can also digitally sign information

In common use as SSL

Secure e-mail Messages travel through your ISP’s mail server, and wait at the recipient’s ISP until collected Encryption should be end-to-end PGP most commonly used

Messages travel through your ISP’s mail server, and wait at the recipient’s ISP until collected

Encryption should be end-to-end

PGP most commonly used

An encrypted message

Secure Web mail Even if accessed using SSL, messages still sit unprotected at most Web mail servers like Hotmail Hushmail runs Java applet on your computer than encrypts end-to-end if your correspondent also uses the service

Even if accessed using SSL, messages still sit unprotected at most Web mail servers like Hotmail

Hushmail runs Java applet on your computer than encrypts end-to-end if your correspondent also uses the service

Secure phone calls Starium producing Palm-sized voice encryptor Automatically protects calls to other Starium users $699 

Starium producing Palm-sized voice encryptor

Automatically protects calls to other Starium users

$699 

Traffic analysis Starium and PGP don’t hide who you are talking to, and when This leaves a nasty trail for investigators to follow to both of you RIP allows relatively easy access to traffic logs Also reveals Web sites you have visited

Starium and PGP don’t hide who you are talking to, and when

This leaves a nasty trail for investigators to follow to both of you

RIP allows relatively easy access to traffic logs

Also reveals Web sites you have visited

Web server logs 17:gateway1.gsi.gov.uk - - [08/May/2000:11:42:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 229936 17:gateway1.gsi.gov.uk - - [08/May/2000:11:43:14 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/msg01632.html HTTP/1.0" 200 4944 17:legion.dera.gov.uk - - [08/May/2000:15:37:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00195.html HTTP/1.0" 200 6869 17:horde.dera.gov.uk - - [09/May/2000:09:21:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00946.html HTTP/1.0" 200 3323 17:horde.dera.gov.uk - - [09/May/2000:10:33:23 +0100] "GET /staff/I.Brown/archives/ukcrypto/ HTTP/1.0" 200 5118 20:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:22 +0100] "GET /staff/I.Brown/pimms/index.html HTTP/1.0" 200 353 20:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:23 +0100] "GET /staff/I.Brown/pimms/toc.html HTTP/1.0" 200 1383 20:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:24 +0100] "GET /staff/I.Brown/pimms/bottle.gif HTTP/1.0" 200 9499 20:gateway.bradford.gov.uk - - [06/Jun/2000:08:42:09 +0100] "GET /staff/I.Brown/archives/ukcrypto/0399-0699/msg00663.html HTTP/1.1" 200 427 20:gatekeeper.bournemouth.gov.uk - - [08/Jun/2000:00:42:40 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00002.html HTTP/1.0" 21:mail.braintree.gov.uk - - [16/Jun/2000:11:18:06 +0100] "GET /staff/I.Brown/archives/ukcrypto/1199-0100/msg00266.html HTTP/1.0" 200 3661 22:wp.eris.dera.gov.uk - - [13/Jul/2000:11:24:42 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00508.html HTTP/1.0" 200 4265 22:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:16 +0100] "GET /staff/I.Brown/archives/ukcrypto/l HTTP/1.0" 404 244 22:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:25 +0100] "GET /staff/I.Brown/archives/ukcrypto HTTP/1.0" 302 411 22:gatekeeper.bournemouth.gov.uk - - [16/Jul/2000:08:24:10 +0100] "GET /staff/I.Brown/archives/ukcrypto/1198-0299/msg00293.html HTTP/1.0" 6:shadow.dera.gov.uk - - [05/Apr/2000:14:18:32 +0100] "GET /staff/i.brown/archives/ukcrypto/old/msg00112.html HTTP/1.0" 200 7698 6:proxy.hullcc.gov.uk - - [05/Apr/2000:16:50:21 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00014.html HTTP/1.0" 200 3725 7:Bouncer.nics.gov.uk - - [11/Apr/2000:10:31:17 +0100] "GET /staff/i.brown/archives/ukcrypto/1198-0299/msg00138.html HTTP/1.0" 200 4381 7:gateway1.gsi.gov.uk - - [11/Apr/2000:12:33:18 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 142389 7:gateway1.gsi.gov.uk - - [11/Apr/2000:14:35:19 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 142674 7:gtfw1.doh.gov.uk - - [12/Apr/2000:11:13:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00245.html HTTP/1.0" 200 4714 7:gtfw1.doh.gov.uk - - [12/Apr/2000:11:14:33 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00234.html HTTP/1.0" 200 4811

17:gateway1.gsi.gov.uk - - [08/May/2000:11:42:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 229936

17:gateway1.gsi.gov.uk - - [08/May/2000:11:43:14 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/msg01632.html HTTP/1.0" 200 4944

17:legion.dera.gov.uk - - [08/May/2000:15:37:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00195.html HTTP/1.0" 200 6869

17:horde.dera.gov.uk - - [09/May/2000:09:21:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00946.html HTTP/1.0" 200 3323

17:horde.dera.gov.uk - - [09/May/2000:10:33:23 +0100] "GET /staff/I.Brown/archives/ukcrypto/ HTTP/1.0" 200 5118

20:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:22 +0100] "GET /staff/I.Brown/pimms/index.html HTTP/1.0" 200 353

20:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:23 +0100] "GET /staff/I.Brown/pimms/toc.html HTTP/1.0" 200 1383

20:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:24 +0100] "GET /staff/I.Brown/pimms/bottle.gif HTTP/1.0" 200 9499

20:gateway.bradford.gov.uk - - [06/Jun/2000:08:42:09 +0100] "GET /staff/I.Brown/archives/ukcrypto/0399-0699/msg00663.html HTTP/1.1" 200 427

20:gatekeeper.bournemouth.gov.uk - - [08/Jun/2000:00:42:40 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00002.html HTTP/1.0"

21:mail.braintree.gov.uk - - [16/Jun/2000:11:18:06 +0100] "GET /staff/I.Brown/archives/ukcrypto/1199-0100/msg00266.html HTTP/1.0" 200 3661

22:wp.eris.dera.gov.uk - - [13/Jul/2000:11:24:42 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00508.html HTTP/1.0" 200 4265

22:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:16 +0100] "GET /staff/I.Brown/archives/ukcrypto/l HTTP/1.0" 404 244

22:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:25 +0100] "GET /staff/I.Brown/archives/ukcrypto HTTP/1.0" 302 411

22:gatekeeper.bournemouth.gov.uk - - [16/Jul/2000:08:24:10 +0100] "GET /staff/I.Brown/archives/ukcrypto/1198-0299/msg00293.html HTTP/1.0"

6:shadow.dera.gov.uk - - [05/Apr/2000:14:18:32 +0100] "GET /staff/i.brown/archives/ukcrypto/old/msg00112.html HTTP/1.0" 200 7698

6:proxy.hullcc.gov.uk - - [05/Apr/2000:16:50:21 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00014.html HTTP/1.0" 200 3725

7:Bouncer.nics.gov.uk - - [11/Apr/2000:10:31:17 +0100] "GET /staff/i.brown/archives/ukcrypto/1198-0299/msg00138.html HTTP/1.0" 200 4381

7:gateway1.gsi.gov.uk - - [11/Apr/2000:12:33:18 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 142389

7:gateway1.gsi.gov.uk - - [11/Apr/2000:14:35:19 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 142674

7:gtfw1.doh.gov.uk - - [12/Apr/2000:11:13:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00245.html HTTP/1.0" 200 4714

7:gtfw1.doh.gov.uk - - [12/Apr/2000:11:14:33 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00234.html HTTP/1.0" 200 4811

Freedom from ZeroKnowledge Systems can provide content and traffic analysis protection over the Internet Automatically reroutes your traffic through the encrypted Freedom network Works best with support at both ends

Freedom from ZeroKnowledge Systems can provide content and traffic analysis protection over the Internet

Automatically reroutes your traffic through the encrypted Freedom network

Works best with support at both ends

Freedom

Marked files and messages Be very careful about keeping original messages and files from sources They contain all sorts of hints that may lead back to their sender Fingerprints may have been subtly inserted Use secure delete; remember backups

Be very careful about keeping original messages and files from sources

They contain all sorts of hints that may lead back to their sender

Fingerprints may have been subtly inserted

Use secure delete; remember backups

E-mail trails Messages are full of clues about their origins

Tracing IP addresses

Conclusions Communications security is difficult! Traffic data may be more important than content Security software will get better Legal environment may get worse

Communications security is difficult!

Traffic data may be more important than content

Security software will get better

Legal environment may get worse

Links http://www.pgp.com/ http://www.hushmail.com/ http://www.starium.com/ http://www.freedom.net/ http://www.cs.ucl.ac.uk/staff/I.Brown/

http://www.pgp.com/

http://www.hushmail.com/

http://www.starium.com/

http://www.freedom.net/

http://www.cs.ucl.ac.uk/staff/I.Brown/