[tor-talk] Corporate policy and procedure

Dear Tor Talk,

As part of my internship work with the ACLU of Washington, I’m looking for practical examples of corporate policies and procedures for:

  • Deploying Tor relays and management
  • Deploying Tor Browser on client computers and management

I will be preparing templates, and related Tor education/marketing materials, for organizations within Washington State that we want to see supporting Tor. We will also publish these materials using a public domain license for anyone to use.

For example, if a library or law office, etc, wanted to support Tor by one or both of the above examples, they might want to develop internal policies detailing how to deploy it and how to manage it. This might be important material to have in advance when advocating to managers or a board of directors.

A policy to manage a Tor relay might include:

  • Statement of purpose
  • Device access policy
  • Abuse complaints policy
  • Admin management policy
  • Isolated network zone exception policy
  • Links to any related standard operating procedures

A standard operating procedure for Tor relay management might include:

  • List of maintainers, contact information, and escalation procedures
  • Maintenance schedule
  • Management commands and expected outcomes
  • Troubleshooting steps. Reference to internal governing policy

Regarding policies and procedures for managing Tor Browser, should it be managed any differently than Firefox or Chrome? Clearly the network traffic is different from standard HTTP/HTTPS but more like HTTPS. QoS might not work at all. If companies replace client-side SSL/TLS certs for monitoring, would that affect Tor Browser? Exception policies might be prudent. Updating procedures might be different.

If your work place has any of the above documents or you have prepared similar documents in your own advocacy, please email me a copy or a redacted copy, and thank you!

End-to-end encryption for organizing groups

This post has more questions than answers.

At TA3M Seattle and Seattle Privacy Coalition I’ve been pushing for the use of a better communications platform. Email is not a sound decision anymore. PGP is too high an expectation, even for privacy advocates because too many things can go wrong and it doesn’t scale when communicating with stakeholders (people without PGP). I’m trying to find a better way.

What doesn’t work

E2EE (end-to-end encryption) is a requirement for better communication, including metadata. PGP doesn’t protect metadata. StartTLS helps protect some metadata, but when 5 or 10 (or more) people are emailing each other, not even privacy advocates are going to check the StartTLS status of each recipient.

OTR (off the record) encrypted messaging, typically used with Jabber/XMPP, is not a solution either. Like IRC, people are not going to stay logged in to a service, so not all messages are going to be delivered to all stakeholders.

What might work

I’ve been focusing on using TextSecure/Signal. It’s not perfect either. It has modern E2EE, most importantly for group messaging. It’s open source and the mobile apps are free to download.

TextSecure/Signal have downsides, but I don’t think they’re disconcerting for the groups I’m involved with. Each participant has to share their TextSecure/Signal number with everyone else, and for most people this means sharing their real cell number. While members can be easily added to a group conversation, anyone group participant can add anyone else, but this is also a benefit. More importantly, group participants cannot be removed, they have to voluntarily leave. Another thing to keep in mind that I discovered by accident is that creating a group on your TextSecure/Signal device, even if you don’t send any messages, automatically creates that group “discussion” on each participants device. Be warned!

Another TextSecure/Signal drawback is that it is for short-form text communications. Email can’t be completely abandoned since long-form writing is often necessary.

Importantly, TextSecure/Signal messages, even if just for communicating project statuses or meeting details, will reach each group member, and they don’t have to reply or acknowledge the information. It will be on their device for when they need it.

Please email or tweet at me your suggestions or concerns!

Simple Android adb & fastboot management for Ubuntu

Desktop OS: Ubuntu 14.04, 15.04, 15.10, or Tails Linux
Device: Nexus (tested on 6 (shamu) and 9 (flounder))
Mobile OS: Android 5.1.1 > 6.0.1

Requires phone to be unlocked and USB debugging enabled in Developer options.


sudo apt-get update
sudo apt-get install android-tools-adb android-tools-fastboot

sudo su
adb devices
adb reboot bootloader

fastboot erase system
fastboot erase all

fastboot flash bootloader bootloader.img
fastboot reboot-bootloader
fastboot flash radio radio.img
fastboot reboot-bootloader
fastboot flash system system.img
fastboot flash userdata userdata.img
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot erase cache
fastboot flash cache cache.img
fastboot reboot-bootloader
fastboot oem lock
fastboot reboot

1 http://forum.xda-developers.com/nexus-6/general/guide-flash-factory-images-nexus-6shamu-t2954008

2 https://developers.google.com/android/nexus/images?hl=en

A resolution for Seattle: encryption and anonymity as moral imperatives

Published: 2015-Sep-19
Updated: 2015-Sep-19, revision 17


CITY OF SEATTLE
RESOLUTION _________________

title

A RESOLUTION affirming the human right to encryption and anonymity as consistent with the findings of the United Nations report on encryption, anonymity, and the human rights framework, advancing previously adopted human rights resolutions.

body

WHEREAS, in December 2012, the Seattle City Council adopted Resolution 31420 proclaiming Seattle to be a Human Rights City, endorsing the human rights set forth in the Universal Declaration of Human Rights, recognizing the importance of using the international human rights framework for cities to work on their commitment to protecting, respecting, and fulfilling the full range of universal human rights; and

WHEREAS, in July 2015, the Seattle City Council adopted Resolution 31598 affirming privacy as a human right and aligning the work of the City’s privacy initiative with the right to privacy as described in the Universal Declaration of Human Rights; and

WHEREAS, in May 2015, the United Nations report on encryption, anonymity, and the human rights framework was published and finds that encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age; and

WHEREAS, with respect to encryption and anonymity, the City of Seattle should adopt policies of non-restriction or comprehensive protection: (1) only adopt restrictions on a case-specific basis and that meet the requirements of legality, necessity, proportionality and legitimacy in objective, (2) require court orders for any specific limitation, and (3) promote security and privacy online through public education; and

WHEREAS, potential criminality and emergency situations do not relieve the City of its obligation to ensure respect for international human rights law; and

WHEREAS, legislative proposals for the revision or adoption of restrictions on individual security or privacy online should be subject to public debate and adopted according to regular, public, informed and transparent legislative process; and

WHEREAS, the City must promote effective participation of a wide variety of civil society actors and minority groups in such debate and processes and avoid adopting such legislation under accelerated legislative procedures; and

WHEREAS, all Seattle organizations should not block or limit the transmission of encrypted communications and should permit anonymous communication; and

WHEREAS, all Seattle organizations should support secure technologies for websites and software applications, develop widespread end-to-end encryption, and employ anonymity-preserving software to support privacy-sensitive populations; and

WHEREAS, the City’s laws must recognize that individuals are free to protect the privacy of their communications by using encryption technology and tools that allow anonymity online; and

WHEREAS, the City’s legislation and regulations protecting human rights defenders and journalists must include provisions enabling access and providing support to use the technologies to secure their communications; and

WHEREAS, the City must avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows; and

WHEREAS, the City must refrain from making the identification of users a condition for access to digital communications and online services and requiring SIM card registration for mobile users; and

WHEREAS, all Seattle organizations should consider their own policies that restrict encryption and anonymity (including through the use of pseudonyms); and

WHEREAS, all Seattle organizations should follow internationally and regionally accepted principles for conducting business in accordance with human rights law; and

WHEREAS, court-ordered decryption, subject to domestic and international law, may only be permissible when it results from transparent and publicly accessible laws applied solely on a targeted, case-by-case basis to individuals (i.e., not to a mass of people) and subject to judicial warrant and the protection of due process rights of individuals; and

WHEREAS, all Seattle organizations will not conduct any manner of intentional or unintentional mass tracking, monitoring, or surveillance of person-linkable information or metadata without strict anonymization processes during collection, transfer, and storage processes; and

WHEREAS, if strict anonymization processes during person-linkable information or metadata collection, transfer, and storage cannot be performed, then those tracking, monitoring, or surveillance technologies will not be used; and

WHEREAS, given the relevance of new communication technologies in the promotion of human rights and development, all those involved should systematically promote access to encryption and anonymity without discrimination; and

WHEREAS, given the threats to freedom of expression online, corporate actors should review the adequacy of their practices with regard to human right norms; and

WHEREAS, Seattle companies should adhere to principles such as those laid out in the Guiding Principles on Business and Human Rights (PDF), the Global Network Initiative’s Principles on Freedom of Expression and Privacy (PDF), the European Commission’s ICT Sector Guide on Implementing the UN Guiding Principles on Business and Human Rights, and the Telecommunications Industry Dialogue Guiding Principles; NOW, THEREFORE,

BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF SEATTLE, THE MAYOR CONCURRING, THAT:

Section 1. In accordance with the findings of the UN Report on encryption, anonymity, and the human rights framework, the City Council affirms the human right to encryption and anonymity are foundational to human dignity, intellectual freedom, and democratic governance in the digital age.

Section 2. The City Council implores that all City of Seattle past, present, and future technology projects maximize person anonymity during the collection, transference, and storage of person-linkable data and information.

Section 3.

How to use an iPod Touch as a secure calling and messaging device

Published: 2015-Sep-12
Updated: 2015-Oct-10, revision 64

IMG_20150922_152941-02

Modern communication technologies are abundant, but legacy phone calling and texting (SMS, MMS) are inherently insecure. Communications content in addition to metadata is collected and stored by various organizations and for many years. People have a responsibility to safeguard their personal communications with strong encryption technologies because only then will your friends and family be able help collectively defend your rights. In professions where privacy is expected between you and clients (law, journalism, etc), policy should dictate to either communicate securely or not at all.

Encryption technology is not new but default strong encryption in mass-market devices is. We’re slowly evolving. The political cost of default security is at an all-time low while the social expectations of strong encryption are at an all-time high. Modern telecommunications largely depend on legacy communications infrastructure which is unfortunate:

  • All cell phones transmit insecure content and metadata because cell networks were designed for surveillance.
  • All cell phones not broken, off, or in airplane mode can be easily tracked.
  • All cell phones contain baseband processors with system wide access that can be remotely controlled.
  • The majority of SIM cards require registration using government-issued ID.
  • Android’s default is unencrypted storage.
  • Androids get slowly patched, if at all.
  • Carrier modified versions of Android are poorly developed.
  • Until the next version of Android, apps have near limitless access to other local data.
  • Microsoft’s and Amazon’s phones are a joke in terms of capability and security.

“Nobody is listening to your telephone calls” –President Obama

President Obama is technically correct. It is not possible for the US government employees to listen to every phone call. The data requirements for maintaining recorded phone calls is feasible, but what is cheaper and more effective is to transcribe voice data to text. The solution is easy: don’t give it to them.

What is bad for the FBI is also bad for all other malicious actors. It is up to us to cause the social change that in turn lowers the financial liability and cost of default security.

The financial cost of surveillance equipment is also at an all-time low. Mobile IMSI catchers can be built and deployed by anyone technically savvy enough to learn how to build one, and law enforcement has large budgets for more feature rich devices. The most effective way to assure that you are not a victim of cell tracking or attack is to not use those systems.

The Apple iPod Touch

ipod2

The modern iPod fills a much needed space. WiFi only. Generations 5 and 6 support iOS 8 which is the minimum requirement for Open Whisper System’s free and open source Signal application.

Note: WiFi only iPads could also be used and may be a better solution for people with poor eye sight.

Please review my post Signal, TextSecure, and RedPhone ecosystem notes if you would like to learn more about Signal’s capabilities and limitations. Also review my post TextSecure, RedPhone, and Signal threat modeling if you would like to learn more about Signal’s threats and adversaries in comparison to legacy cellular telephony.

Advantages

  • Network: the iPod does not have inherent baseband insecurities or SIM card insecurities.
  • Network: you can control which WiFi networks to expose your device to.
  • Data at rest: The iPod employs default device encryption.
  • Data at rest: Signal employs default message database encryption and isolation.
  • Data in motion: Signal only uses modern protocols and state-of-the-art encryption.
  • OS security: Apple pushes security patches relatively quickly and the iPod is a more challenging device to infect with malware when used correctly.
  • Verifiability: Signal allows users to compare and verify encryption key fingerprints.
  • Verifiability: Signal is a free and open source software project that is publicly audited.
  • Scalability: other people with an iPod, iPhone or Android can freely install and use Signal.
  • Liability: when employed in a work place with supportive policy, work-oriented communications are compartmentalized from personal devices.

Disadvantages

  • Configuration: using Signal on an iPod requires additional steps to get setup.
  • Network: WiFi access is not as abundant as cellular data.
  • Privacy: iOS requires an Apple ID account to download apps — alternative information can be given if Apple is an adversary in your threat model.

Cost

If you use your iPod minimally to maintain good system health, there is no reason to get anything above 16GB. That is enough free space to upgrade to iOS 9. A new 16GB iPod has 11.7GB usable. A USB wall charger is not included when buying a new iPod, you must buy one or use an existing one (don’t plug it into any computer). If you will be making voice calls with Signal, a required additional purchase is any manner of corded headset.

Apple’s prices:

  • 16GB – $199
  • 32GB – $249
  • 64GB – $299
  • 128GB – $399
  • 16GB – 229€
  • 32GB – 279€
  • 64GB – 339€
  • 128GB – 449€

U.S. Costco prices, only available with membership:

  • 16GB – $189 in store
  • 32GB – $229 in store
  • 64GB – $289 online

Phone number

Signal, for the foreseeable future, requires a phone number to use for registration. Since an iPod does not have a SIM card or any other phone service, we have to use a phone number that you have SMS or voice access to. It is possible to use any manner of burner phone number, but this guide will not instruct how to do that since there are inherent risks with using a number you don’t have long term control of. If someone gains SMS or voice control of a phone number you use with Signal were to register that number with their own Signal device, you would no longer be able to communicate with that number, and someone else could impersonate you if your contacts blindly trust a new key fingerprint.

PC Magazine has a decent article covering VoIP options.

Below are some example procedures when using the following services, or modify them to fit your needs:

Landline

If your home or work has a landline phone number that can be called directly–no extensions to jump through–then you can register that number with Signal. This is ideal for journalists or lawyers who already have landline numbers that people already have in their phone books.

  1. Enter your landline phone number into Signal for registration.
  2. Click verify this device.
  3. Click call me instead.
  4. Open Whisper Systems will call your landline number and provide you an auditory verification code. Enter that code into Signal to verify.

Skype

Skype allows anyone to buy a phone number for $18 every 3 months or $60 every 12 months. Skype can’t receive SMS so you will need to install the desktop client onto your computer and be able to receive a Skype call.

  1. Enter your Skype phone number into Signal for registration.
  2. Click verify this device.
  3. Click call me instead.
  4. Open Whisper Systems will call your Skype number and provide you an auditory verification code. Enter that code into Signal to verify.

Google Voice

Google Voice is a great option for most people in the United States as long as you have a number you can forward calls to. Google will provide any US Gmail account a free, long term phone number. Voice has the added benefit of setting up voicemail which could be useful in case legacy phone calls attempt to call — you can let them know in voicemail to call back with Signal or RedPhone.

  1. Enter your Google Voice phone number into Signal for registration.
  2. Click verify this device.
  3. Open Whisper Systems will send a verification code to your Google Voice account via SMS. Enter that code into Signal to verify.

Twilio

Twilio allows anyone to register a voice and SMS number for $1 a month.

  1. Enter your Twilio phone number into Signal for registration.
  2. Click verify this device.
  3. Open Whisper Systems will send a verification code to your Twilio account via SMS. Enter that code into Signal to verify.

Operational security practices

Define a strict use case for your iPod for when certain groups of people ask. If you routinely travel, possibly through airport or border security, you don’t want to raise suspicion of your device. It is an iPod after all, people will have expectations that it is for listening to music. You may be coerced to provide access to the device to prove its legitimacy. Plan ahead.

  • If your iPod is for professional services (like law, journalism, etc) only certain groups of people, maybe clients, should be aware of your communications practices. Your organization may even make certain policy decisions like making it public information that you can be reached via Signal for secure communications.
  • If your iPod is for personal use, since you can’t risk connecting the iPod to computer systems to sync files, perhaps use it for photography and picture viewing.

Also:

  • Buy your iPod Touch in cash or at least in person.
  • Don’t risk infection or leave behind security certificates: do not connect your iPod into any computer system or automobile.
  • Only charge the iPod via wall charger or firewalled USB charger.
  • Don’t use any third-party apps that aren’t Signal. No Web browsing, social media, or email.
  • Keep the iPod physically safe — maybe even keep it in an actual safe when not in use.

Firewalled charging options:

Directions

Be aware that several privacy settings must be reconfigured once you upgrade to iOS 9. Review these settings once you update.

Set up your iPod:

  1. Connect to WiFi
  2. Disable location services
  3. Set Up as New iPod Touch
  4. Sign in, or Create an Apple ID
  5. Don’t use iCloud
  6. Don’t use Siri
  7. Don’t send Diagnostics

Configure your iPod:

  1. Settings > Bluetooth > Off
  2. Settings > Passcode Lock > Simple Passcode (Off – set an alpha-numeric passphrase)
  3. Settings > Passcode Lock > Erase Data (On)
  4. Settings > Privacy > Advertising > Limit Ad Tracking (On)
  5. Settings > Software Update > Download and Install

Set up Signal:

  1. Open the App Store
  2. Don’t install any new apps other than Signal.
  3. Search for an install “Signal – Private Messenger” by Open Whisper Systems
  4. Open Signal
  5. Enter the phone number that you’ve chosen to use (VoIP, landline, etc)
  6. Depending on how you need to verify Signal (SMS or call), perform that action (see examples above)
  7. If and when it asks, allow Signal to send notifications

Once Signal is installed:

  1. Settings > Notifications > Signal > Show on Lock Screen (Off)
  2. Signal > Settings > Privacy > Fingerprint (Tap to copy)

Libraries shouldn’t provide free Internet because it may be used by criminals

Libraries shouldn’t provide free Internet, it may be used by criminals. That’s the logic used by law enforcement in telling libraries, of all places, that Tor is not welcome in our society.

There are many problems with this logic and many problems with the information DHS intended to be facts.

From Julia Angwin’s ProPublica article:

DHS spokesman Shawn Neudauer said the agent was simply providing “visibility/situational awareness,” and did not have any direct contact with the Lebanon police or library. “The use of a Tor browser is not, in [or] of itself, illegal and there are legitimate purposes for its use,” Neudauer said, “However, the protections that Tor offers can be attractive to criminal enterprises or actors and HSI [Homeland Security Investigations] will continue to pursue those individuals who seek to use the anonymizing technology to further their illicit activity.”

When the DHS inquiry was brought to his attention, Lt. Matthew Isham of the Lebanon Police Department was concerned. “For all the good that a Tor may allow as far as speech, there is also the criminal side that would take advantage of that as well,” Isham said. “We felt we needed to make the city aware of it.”

This is the logical slippery slope:

  1. Tor traffic is part malicious. We must ban it.
  2. Internet traffic is part malicious. We must ban it.
  3. Human activity is part malicious. We must ban it.

Does Tor have a statistically significant amount of criminal activity? It might, if roughly 2% of traffic is considered statistically significant.

“Think back to the Internet in the late 80’s, early 90’s. We heard that the Internet was for child-molesters, money laundering, drug dealing and pornography. ‘Who would want to use this Internet thing? It’s only bad!’ That’s where the deep web is now.”

Using the Internet was a scary proposition at one point in history. Tor has a lower adoption rate comparatively because most people haven’t found a value motive for it. Slowly but surely, people found a use for the Internet, despite some of our law makers (leaders?) missing out.

Every person connecting to the Internet at home using a Wi-Fi access point is using a technology called Network Address Translation. NAT translates your personal computer’s IP address into a publicly routable one that has the effect of distancing its users from more specific, attributable metadata. Police aren’t up-in-arms over NAT because it’s a transparent process and used by almost every person using the Internet. However, it’s not like special interest groups haven’t tried to make it illegal:

A simple ban on devices capable of concealing communication would make a wide range of multi-purpose tools illegal. Widely-used home networking equipment could be banned because it often includes “network address translation” (NAT) and firewall features that incidentally conceal the origin and destinations of Internet communication.

Like NAT, Tor is fundamentally a security tool. Tor provides physical anonymity to vulnerable populations by separating an Internet user from their associated metadata. A progressive government would have different value motives. A progressive government would be asking how we can support Tor users and further ask why Tor is needed in the first place. DHS is about stopping politically defined evil doers, not about security, and therefore is regressive when it comes to solutions that also happen to support statistically trivial malice.

Tor sits on a fine line between perceived use and actual use. A lot of people won’t safeguard their privacy because of the notorious logical fallacy and blockage of “nothing to hide, nothing to fear.” At one point in history, a lot of people were opposed to using toothpaste just like a lot of people were opposed to using condoms. But over time, people learned about the factual uses of fluoride and the long term benefits of not contracting sexually transmitted diseases. It’s just something that you have to do to safeguard yourself from potential harm.

nothing_to_hide

Criminals still have the right to free speech, right? Do we take away the free speech rights of non-criminals because criminals get to write books?

Tor has been popularized as something notorious and even something that can’t be trusted. We can thank educational ineptitude and regressive media. Journalists working in extremely regressive nations who rely on Tor to protect their life understand the value of Tor. People who lambaste Tor are not those people, they are people who have time to invent false causality based on financial facts.

Tor is a complex, technical system that empowers socially acceptable progress. Sometimes technical people have presumptions about Tor. Sometimes Tor gets in the way of what someone gets paid to do and we hear about it in technically and socially regressive ways. If your capacity for understanding Tor stops at the opinions of these people, then maybe you should ignore your tendency to accept what other people say and learn for yourself. Read the Tor specification. Watch the abundant amount of YouTube videos where Tor developers and security trainers are providing [meaningful, factual, applicable] information.

I hope that libraries around the world, who appreciate technologies that increase access to information, understand the net-benefit and cause-and-effect relationship between anonymity, self education, free speech, and a free press.

Seattle continues “business as usual” trend when deploying surveillance systems

This post was read to the attendees of September 2015’s Community Technology Advisory Board (meeting minutes).


A few months ago I raised concern at CTAB about connected cars technology — about the need to be informed about the technology’s capability — because Seattle residents will not be informed if Seattle government and Seattle leaders are not informed.

Today, Crosscut reporter David Kroman published an article titled, Seattle installs new system to track individual drivers which concerns a related hardware identification tracking system. There are a few problems I have with Seattle’s interpretation of what it considers a “surveillance system” and how it’s unable to safeguard its residents from intrusive surveillance technology even in light of Seattle’s recently adopted privacy principles.

Let’s look at some of the facts of this tracking system:

Seattle government, including its CTO, does not consider this to be a surveillance system despite the manufacturer calling it a tracking system. History proves that tracking systems easily become surveillance systems, just look at our cell phone network.

SDOT is free to pursue infrastructure improvements without approval from the city council and even called this project “business as usual”. (quote: Adiam Emery, an Intelligent Transportation System Engineer with SDOT)

The public was not brought into the conversation before the deployment of this tracking system.

A privacy impact assessment was not performed.

The tracking system records when and where a hardware identifier exists including personal cars, personal cell phones, and markers such as speed, distance, and behavior are analyzed.

Seattle does not receive raw data and Acyclica claims they do not store raw data despite there being no audit of such a system.

Washington state supreme court recently unanimously passed a bill restricting the use of Stingrays and other surveillance devices that mimic cell towers because of the privacy implications.

The tracking system is something that was already in place and its privacy invasive capabilities were later upgraded to include these wireless surveillance mechanisms.

This data is collected 24/7/365 including of nearby homes and work places that are within reach of monitored intersections.

The data is transmitted to a third party but we do not know if the data is encrypted at rest before it is transmitted or if the transmission is encrypted.

SDOT Public Information Officer Norm Mah:

the city receives no raw data from the readers, which they say means it cannot trace information back to individuals or individual devices. Mah compared it to a bar code on a baseball ticket: The system knows you’re there, but not who you are. The data fed into the readers is “scrubbed,” meaning it’s analyzed and aggregated into a lump of useful information, absent of discrete data-points.

The metaphor is wrong and the explanation is not a truthful representation of reality. We do not carry baseball tickets with us everywhere we go, 24/7, and have them scanned, repeatedly, every time we drive through a street intersection. The public knows that American businesses do not have the ability to keep collected data safe from governments, be it the American government or the Chinese.

It would appear that employees of Seattle put demands before history. Do not forget that in 1943, Census released Japanese Americans’ data. Seattle has no business collecting and tracking Seattle residents physical location data and handing it over to third parties because they cannot control the use of that data once its collected.

ACLU-WA encryption evangelism internship proposal

Goal

Further the use of FOSS encryption technologies within Washington legal and journalism circles.

Tor

Tor relay and Tor exit relay adoption by organizations because of resources and stability. EFF “Tor Challenge” is unsuccessful at gaining long-term relays because they are focused on individuals that are largely not focused or lack stable resources. ACLU-WA support could happen in three ways: write to local organizations who are likely to
deploy a Tor relay, provide written education or in-person training, and create public reports on successes and failures. Supporting Tor supports human rights work 24/7/365, globally.

HTTPS and StartTLS

Many organizations who require privacy lack website/service transport security. Focusing on specific types of organizations, such as law firms and news agencies, would benefit the public and overall Internet health. HTTPS is critical for keeping private specific pages and forms visited in addition to any transmitted information. StartTLS is critical for keeping entire emails confidential. In light of recent developments in Texas [1], it would be timely to push Washington state legal policy organizations to adopt similar rules. The “Let’s Encrypt” project has been pushed out to November 16th, 2015 [2] — it would be great to have 2 months to start an ACLU-WA parallel initiative (focused on law firms and news agencies, for example) when it launches in order to benefit and enhance the initial press.

TextSecure, RedPhone, & Signal

While HTTPS and StartTLS are important for public and private communication, mobile apps can greatly strengthen inter-org privacy. Classic telephony and SMS communications are insecure. The Open Whisper Systems ecosystem uses state of the art encryption, is scalable, and is free and open source software. Purchasing 5th gen iPod Touch devices is a small cost for law firms and allows lawyers to register their work phone number with Signal. Doing so would let anyone with their regular work phone number to leverage end-to-end encryption instead. No wiretaps, no SS7 tracking, no IMSI catcher tracking, and no baseband or SIM card vulnerabilities that are inherent with any cellular device.

SecureDrop

Whistleblowing is a critical part in a democracy by keeping the public informed and organizations accountable. SecureDrop, by Freedom Press Foundation, is a powerful tool that allows anyone to leak information to targeted organizations. SecureDrop has been around for 2 years and is largely used by news agencies. That being said, a very small fraction of news agencies support SecureDrop which creates two problems: overall diversity and market diversity. Overall, there are too few options in terms of trusted organizations for whistleblowers to choose from. If a specific person who has access to specific information is only comfortable providing information to a specific organization or person, but secure a whistleblowing platform does not exist, nothing will get leaked. Similarity, if only news agencies support secure
whistleblowing platforms, other NGOs who might be better equipped to handle response will not get leaks. ACLU-WA could work with Freedom Press Foundation to focus on evangelizing SecureDrop to NGOs.

Conclusion

It is ethics and education apathy that is preventing people from adopting FOSS security systems that provide privacy. It is one thing to be apathetic in our personal lives, but it is not acceptable in professions that demand privacy in order to keep people safe.

1 http://ridethelightning.senseient.com/2015/07/when-must-lawyers-ethically-encrypt-data-texas-answers.html

2 https://letsencrypt.org/2015/08/07/updated-lets-encrypt-launch-schedule.html