Download - Communications security for journalists
![Page 1: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/1.jpg)
Communications security for journalists
Ian BrownHidden Footprints Ltd.
![Page 2: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/2.jpg)
Introduction A rough guide to the Internet and
cryptography Secure Web-based e-mail Pretty Good Privacy – PGP Securing phone calls Traffic analysis Freedom
![Page 3: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/3.jpg)
The Internet All data – e-mail, Web pages, files –
is sent using the Internet Protocol (IP)
This chops up information into small ‘packets’ that can flow by many routes across the Internet
Web and mail servers can be anywhere on the Internet
![Page 4: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/4.jpg)
Internet surveillance Packets can be monitored at many
points – from you to ISP, on their network, en route to destination
Servers can also monitor messages, Web pages visited, etc.
Even your PC is vulnerable
![Page 5: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/5.jpg)
Cryptography Fundamental technology to protect
information Data is encrypted and decrypted using
secret “keys” Public-key cryptography uses a pair of
keys: one public, one private You can also digitally sign information In common use as SSL
![Page 6: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/6.jpg)
Secure e-mail Messages travel through your ISP’s
mail server, and wait at the recipient’s ISP until collected
Encryption should be end-to-end PGP most commonly used
![Page 7: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/7.jpg)
An encrypted message
![Page 8: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/8.jpg)
Secure Web mail Even if accessed using SSL,
messages still sit unprotected at most Web mail servers like Hotmail
Hushmail runs Java applet on your computer than encrypts end-to-end if your correspondent also uses the service
![Page 9: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/9.jpg)
![Page 10: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/10.jpg)
Secure phone calls Starium
producing Palm-sized voice encryptor
Automatically protects calls to other Starium users
$699
![Page 11: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/11.jpg)
Traffic analysis Starium and PGP don’t hide who you
are talking to, and when This leaves a nasty trail for
investigators to follow to both of you RIP allows relatively easy access to
traffic logs Also reveals Web sites you have
visited
![Page 12: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/12.jpg)
Web server logs17:gateway1.gsi.gov.uk - - [08/May/2000:11:42:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 22993617:gateway1.gsi.gov.uk - - [08/May/2000:11:43:14 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/msg01632.html HTTP/1.0" 200 494417:legion.dera.gov.uk - - [08/May/2000:15:37:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00195.html HTTP/1.0" 200 686917:horde.dera.gov.uk - - [09/May/2000:09:21:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00946.html HTTP/1.0" 200 332317:horde.dera.gov.uk - - [09/May/2000:10:33:23 +0100] "GET /staff/I.Brown/archives/ukcrypto/ HTTP/1.0" 200 511820:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:22 +0100] "GET /staff/I.Brown/pimms/index.html HTTP/1.0" 200 35320:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:23 +0100] "GET /staff/I.Brown/pimms/toc.html HTTP/1.0" 200 138320:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:24 +0100] "GET /staff/I.Brown/pimms/bottle.gif HTTP/1.0" 200 949920:gateway.bradford.gov.uk - - [06/Jun/2000:08:42:09 +0100] "GET /staff/I.Brown/archives/ukcrypto/0399-0699/msg00663.html HTTP/1.1" 200 42720:gatekeeper.bournemouth.gov.uk - - [08/Jun/2000:00:42:40 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00002.html HTTP/1.0" 21:mail.braintree.gov.uk - - [16/Jun/2000:11:18:06 +0100] "GET /staff/I.Brown/archives/ukcrypto/1199-0100/msg00266.html HTTP/1.0" 200 366122:wp.eris.dera.gov.uk - - [13/Jul/2000:11:24:42 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00508.html HTTP/1.0" 200 426522:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:16 +0100] "GET /staff/I.Brown/archives/ukcrypto/l HTTP/1.0" 404 24422:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:25 +0100] "GET /staff/I.Brown/archives/ukcrypto HTTP/1.0" 302 41122:gatekeeper.bournemouth.gov.uk - - [16/Jul/2000:08:24:10 +0100] "GET /staff/I.Brown/archives/ukcrypto/1198-0299/msg00293.html HTTP/1.0" 6:shadow.dera.gov.uk - - [05/Apr/2000:14:18:32 +0100] "GET /staff/i.brown/archives/ukcrypto/old/msg00112.html HTTP/1.0" 200 76986:proxy.hullcc.gov.uk - - [05/Apr/2000:16:50:21 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00014.html HTTP/1.0" 200 37257:Bouncer.nics.gov.uk - - [11/Apr/2000:10:31:17 +0100] "GET /staff/i.brown/archives/ukcrypto/1198-0299/msg00138.html HTTP/1.0" 200 43817:gateway1.gsi.gov.uk - - [11/Apr/2000:12:33:18 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 1423897:gateway1.gsi.gov.uk - - [11/Apr/2000:14:35:19 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 1426747:gtfw1.doh.gov.uk - - [12/Apr/2000:11:13:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00245.html HTTP/1.0" 200 47147:gtfw1.doh.gov.uk - - [12/Apr/2000:11:14:33 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00234.html HTTP/1.0" 200 4811
![Page 13: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/13.jpg)
Freedom from ZeroKnowledge Systems can provide content and traffic analysis protection over the Internet
Automatically reroutes your traffic through the encrypted Freedom network
Works best with support at both ends
![Page 14: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/14.jpg)
Freedom
![Page 15: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/15.jpg)
Marked files and messages Be very careful about keeping
original messages and files from sources
They contain all sorts of hints that may lead back to their sender
Fingerprints may have been subtly inserted
Use secure delete; remember backups
![Page 16: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/16.jpg)
E-mail trails
Messages are full of clues about their origins
![Page 17: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/17.jpg)
Tracing IP addresses
![Page 18: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/18.jpg)
Conclusions Communications security is
difficult! Traffic data may be more
important than content Security software will get better Legal environment may get worse
![Page 19: Communications security for journalists](https://reader033.vdocuments.mx/reader033/viewer/2022061223/54c4192d4a7959223b8b456b/html5/thumbnails/19.jpg)
Links
http://www.pgp.com/http://www.hushmail.com/http://www.starium.com/http://www.freedom.net/http://www.cs.ucl.ac.uk/staff/I.Brown/