Communications security for journalists

2,083 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,083
On SlideShare
0
From Embeds
0
Number of Embeds
13
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Communications security for journalists

    1. 1. Communications security for journalists Ian Brown Hidden Footprints Ltd.
    2. 2. Introduction <ul><li>A rough guide to the Internet and cryptography </li></ul><ul><li>Secure Web-based e-mail </li></ul><ul><li>Pretty Good Privacy – PGP </li></ul><ul><li>Securing phone calls </li></ul><ul><li>Traffic analysis </li></ul><ul><li>Freedom </li></ul>
    3. 3. The Internet <ul><li>All data – e-mail, Web pages, files – is sent using the Internet Protocol (IP) </li></ul><ul><li>This chops up information into small ‘packets’ that can flow by many routes across the Internet </li></ul><ul><li>Web and mail servers can be anywhere on the Internet </li></ul>
    4. 4. Internet surveillance <ul><li>Packets can be monitored at many points – from you to ISP, on their network, en route to destination </li></ul><ul><li>Servers can also monitor messages, Web pages visited, etc. </li></ul><ul><li>Even your PC is vulnerable </li></ul>
    5. 5. Cryptography <ul><li>Fundamental technology to protect information </li></ul><ul><li>Data is encrypted and decrypted using secret “keys” </li></ul><ul><li>Public-key cryptography uses a pair of keys: one public, one private </li></ul><ul><li>You can also digitally sign information </li></ul><ul><li>In common use as SSL </li></ul>
    6. 6. Secure e-mail <ul><li>Messages travel through your ISP’s mail server, and wait at the recipient’s ISP until collected </li></ul><ul><li>Encryption should be end-to-end </li></ul><ul><li>PGP most commonly used </li></ul>
    7. 7. An encrypted message
    8. 8. Secure Web mail <ul><li>Even if accessed using SSL, messages still sit unprotected at most Web mail servers like Hotmail </li></ul><ul><li>Hushmail runs Java applet on your computer than encrypts end-to-end if your correspondent also uses the service </li></ul>
    9. 10. Secure phone calls <ul><li>Starium producing Palm-sized voice encryptor </li></ul><ul><li>Automatically protects calls to other Starium users </li></ul><ul><li>$699  </li></ul>
    10. 11. Traffic analysis <ul><li>Starium and PGP don’t hide who you are talking to, and when </li></ul><ul><li>This leaves a nasty trail for investigators to follow to both of you </li></ul><ul><li>RIP allows relatively easy access to traffic logs </li></ul><ul><li>Also reveals Web sites you have visited </li></ul>
    11. 12. Web server logs <ul><li>17:gateway1.gsi.gov.uk - - [08/May/2000:11:42:44 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0&quot; 200 229936 </li></ul><ul><li>17:gateway1.gsi.gov.uk - - [08/May/2000:11:43:14 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/0200-0500/msg01632.html HTTP/1.0&quot; 200 4944 </li></ul><ul><li>17:legion.dera.gov.uk - - [08/May/2000:15:37:31 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00195.html HTTP/1.0&quot; 200 6869 </li></ul><ul><li>17:horde.dera.gov.uk - - [09/May/2000:09:21:44 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00946.html HTTP/1.0&quot; 200 3323 </li></ul><ul><li>17:horde.dera.gov.uk - - [09/May/2000:10:33:23 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/ HTTP/1.0&quot; 200 5118 </li></ul><ul><li>20:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:22 +0100] &quot;GET /staff/I.Brown/pimms/index.html HTTP/1.0&quot; 200 353 </li></ul><ul><li>20:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:23 +0100] &quot;GET /staff/I.Brown/pimms/toc.html HTTP/1.0&quot; 200 1383 </li></ul><ul><li>20:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:24 +0100] &quot;GET /staff/I.Brown/pimms/bottle.gif HTTP/1.0&quot; 200 9499 </li></ul><ul><li>20:gateway.bradford.gov.uk - - [06/Jun/2000:08:42:09 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/0399-0699/msg00663.html HTTP/1.1&quot; 200 427 </li></ul><ul><li>20:gatekeeper.bournemouth.gov.uk - - [08/Jun/2000:00:42:40 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00002.html HTTP/1.0&quot; </li></ul><ul><li>21:mail.braintree.gov.uk - - [16/Jun/2000:11:18:06 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/1199-0100/msg00266.html HTTP/1.0&quot; 200 3661 </li></ul><ul><li>22:wp.eris.dera.gov.uk - - [13/Jul/2000:11:24:42 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00508.html HTTP/1.0&quot; 200 4265 </li></ul><ul><li>22:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:16 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/l HTTP/1.0&quot; 404 244 </li></ul><ul><li>22:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:25 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto HTTP/1.0&quot; 302 411 </li></ul><ul><li>22:gatekeeper.bournemouth.gov.uk - - [16/Jul/2000:08:24:10 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/1198-0299/msg00293.html HTTP/1.0&quot; </li></ul><ul><li>6:shadow.dera.gov.uk - - [05/Apr/2000:14:18:32 +0100] &quot;GET /staff/i.brown/archives/ukcrypto/old/msg00112.html HTTP/1.0&quot; 200 7698 </li></ul><ul><li>6:proxy.hullcc.gov.uk - - [05/Apr/2000:16:50:21 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00014.html HTTP/1.0&quot; 200 3725 </li></ul><ul><li>7:Bouncer.nics.gov.uk - - [11/Apr/2000:10:31:17 +0100] &quot;GET /staff/i.brown/archives/ukcrypto/1198-0299/msg00138.html HTTP/1.0&quot; 200 4381 </li></ul><ul><li>7:gateway1.gsi.gov.uk - - [11/Apr/2000:12:33:18 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0&quot; 200 142389 </li></ul><ul><li>7:gateway1.gsi.gov.uk - - [11/Apr/2000:14:35:19 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0&quot; 200 142674 </li></ul><ul><li>7:gtfw1.doh.gov.uk - - [12/Apr/2000:11:13:31 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00245.html HTTP/1.0&quot; 200 4714 </li></ul><ul><li>7:gtfw1.doh.gov.uk - - [12/Apr/2000:11:14:33 +0100] &quot;GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00234.html HTTP/1.0&quot; 200 4811 </li></ul>
    12. 13. <ul><li>Freedom from ZeroKnowledge Systems can provide content and traffic analysis protection over the Internet </li></ul><ul><li>Automatically reroutes your traffic through the encrypted Freedom network </li></ul><ul><li>Works best with support at both ends </li></ul>                                        
    13. 14. Freedom
    14. 15. Marked files and messages <ul><li>Be very careful about keeping original messages and files from sources </li></ul><ul><li>They contain all sorts of hints that may lead back to their sender </li></ul><ul><li>Fingerprints may have been subtly inserted </li></ul><ul><li>Use secure delete; remember backups </li></ul>
    15. 16. E-mail trails Messages are full of clues about their origins
    16. 17. Tracing IP addresses
    17. 18. Conclusions <ul><li>Communications security is difficult! </li></ul><ul><li>Traffic data may be more important than content </li></ul><ul><li>Security software will get better </li></ul><ul><li>Legal environment may get worse </li></ul>
    18. 19. Links <ul><li>http://www.pgp.com/ </li></ul><ul><li>http://www.hushmail.com/ </li></ul><ul><li>http://www.starium.com/ </li></ul><ul><li>http://www.freedom.net/ </li></ul><ul><li>http://www.cs.ucl.ac.uk/staff/I.Brown/ </li></ul>

    ×