Schneier on Security's Journal
 
 [Most Recent Entries] [Calendar View]

Thursday, October 17th, 2013

    Time Event
    7:15a
    SecureDrop

    SecureDrop is an open-source whistleblower support system, originally written by Aaron Swartz and now run by the Freedom of the Press Foundation. The first instance of this system was named StrongBox and is being run by the New Yorker. To further add to the naming confusion, Aaron Swartz called the system DeadDrop when he wrote the code.

    I participated in a detailed security audit of the StrongBox implementation, along with some great researchers from the University of Washington and Jake Applebaum. The problems we found were largely procedural, and things that the Freedom of the Press Foundation are working to fix.

    Freedom of the Press Foundation is not running any instances of SecureDrop. It has about a half dozen major news organization lined up, and will be helping them install their own starting the first week of November. So hopefully any would-be whistleblowers will soon have their choice of news organizations to securely communicate with.

    Strong technical whistleblower protection is essential, especially given President Obama's war on whistleblowers. I hope this system is broadly implemented and extensively used.

    12:50p
    "A Court Order Is an Insider Attack"

    Ed Felten makes a strong argument that a court order is exactly the same thing as an insider attack:

    To see why, consider two companies, which we'll call Lavabit and Guavabit. At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party -- in this case, the government. Meanwhile, over at Guavabit, an employee, on receiving a bribe or extortion threat from a drug cartel, copies user data and gives it to an outside party -- in this case, the drug cartel.

    From a purely technological standpoint, these two scenarios are exactly the same: an employee copies user data and gives it to an outside party. Only two things are different: the employee's motivation, and the destination of the data after it leaves the company. Neither of these differences is visible to the company's technology -- it can't read the employee's mind to learn the motivation, and it can't tell where the data will go once it has been extracted from the company's system. Technical measures that prevent one access scenario will unavoidably prevent the other one.

    This is why designing Lavabit to be resistant to court order would have been the right thing to do, and why we should all demand systems that are designed in this way.

    Also on BoingBoing.

    << Previous Day 2013/10/17
    [Calendar]     		Next Day >>

Schneier on Security   About LJ.Rossia.org