Communications security for journalists

Ian BrownHidden Footprints Ltd.

Introduction A rough guide to the Internet and

cryptography Secure Web-based e-mail Pretty Good Privacy – PGP Securing phone calls Traffic analysis Freedom

The Internet All data – e-mail, Web pages, files –

is sent using the Internet Protocol (IP)

This chops up information into small ‘packets’ that can flow by many routes across the Internet

Web and mail servers can be anywhere on the Internet

Internet surveillance Packets can be monitored at many

points – from you to ISP, on their network, en route to destination

Servers can also monitor messages, Web pages visited, etc.

Even your PC is vulnerable

Cryptography Fundamental technology to protect

information Data is encrypted and decrypted using

secret “keys” Public-key cryptography uses a pair of

keys: one public, one private You can also digitally sign information In common use as SSL

Secure e-mail Messages travel through your ISP’s

mail server, and wait at the recipient’s ISP until collected

Encryption should be end-to-end PGP most commonly used

An encrypted message

Secure Web mail Even if accessed using SSL,

messages still sit unprotected at most Web mail servers like Hotmail

Hushmail runs Java applet on your computer than encrypts end-to-end if your correspondent also uses the service

Secure phone calls Starium

producing Palm-sized voice encryptor

Automatically protects calls to other Starium users

$699

Traffic analysis Starium and PGP don’t hide who you

are talking to, and when This leaves a nasty trail for

investigators to follow to both of you RIP allows relatively easy access to

traffic logs Also reveals Web sites you have

visited

Web server logs17:gateway1.gsi.gov.uk - - [08/May/2000:11:42:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 22993617:gateway1.gsi.gov.uk - - [08/May/2000:11:43:14 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/msg01632.html HTTP/1.0" 200 494417:legion.dera.gov.uk - - [08/May/2000:15:37:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00195.html HTTP/1.0" 200 686917:horde.dera.gov.uk - - [09/May/2000:09:21:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00946.html HTTP/1.0" 200 332317:horde.dera.gov.uk - - [09/May/2000:10:33:23 +0100] "GET /staff/I.Brown/archives/ukcrypto/ HTTP/1.0" 200 511820:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:22 +0100] "GET /staff/I.Brown/pimms/index.html HTTP/1.0" 200 35320:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:23 +0100] "GET /staff/I.Brown/pimms/toc.html HTTP/1.0" 200 138320:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:24 +0100] "GET /staff/I.Brown/pimms/bottle.gif HTTP/1.0" 200 949920:gateway.bradford.gov.uk - - [06/Jun/2000:08:42:09 +0100] "GET /staff/I.Brown/archives/ukcrypto/0399-0699/msg00663.html HTTP/1.1" 200 42720:gatekeeper.bournemouth.gov.uk - - [08/Jun/2000:00:42:40 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00002.html HTTP/1.0" 21:mail.braintree.gov.uk - - [16/Jun/2000:11:18:06 +0100] "GET /staff/I.Brown/archives/ukcrypto/1199-0100/msg00266.html HTTP/1.0" 200 366122:wp.eris.dera.gov.uk - - [13/Jul/2000:11:24:42 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00508.html HTTP/1.0" 200 426522:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:16 +0100] "GET /staff/I.Brown/archives/ukcrypto/l HTTP/1.0" 404 24422:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:25 +0100] "GET /staff/I.Brown/archives/ukcrypto HTTP/1.0" 302 41122:gatekeeper.bournemouth.gov.uk - - [16/Jul/2000:08:24:10 +0100] "GET /staff/I.Brown/archives/ukcrypto/1198-0299/msg00293.html HTTP/1.0" 6:shadow.dera.gov.uk - - [05/Apr/2000:14:18:32 +0100] "GET /staff/i.brown/archives/ukcrypto/old/msg00112.html HTTP/1.0" 200 76986:proxy.hullcc.gov.uk - - [05/Apr/2000:16:50:21 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00014.html HTTP/1.0" 200 37257:Bouncer.nics.gov.uk - - [11/Apr/2000:10:31:17 +0100] "GET /staff/i.brown/archives/ukcrypto/1198-0299/msg00138.html HTTP/1.0" 200 43817:gateway1.gsi.gov.uk - - [11/Apr/2000:12:33:18 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 1423897:gateway1.gsi.gov.uk - - [11/Apr/2000:14:35:19 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 1426747:gtfw1.doh.gov.uk - - [12/Apr/2000:11:13:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00245.html HTTP/1.0" 200 47147:gtfw1.doh.gov.uk - - [12/Apr/2000:11:14:33 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00234.html HTTP/1.0" 200 4811

Freedom from ZeroKnowledge Systems can provide content and traffic analysis protection over the Internet

Automatically reroutes your traffic through the encrypted Freedom network

Works best with support at both ends

                                       

Freedom

Marked files and messages Be very careful about keeping

original messages and files from sources

They contain all sorts of hints that may lead back to their sender

Fingerprints may have been subtly inserted

Use secure delete; remember backups

E-mail trails

Messages are full of clues about their origins

Tracing IP addresses

Conclusions Communications security is

difficult! Traffic data may be more

important than content Security software will get better Legal environment may get worse

Links

http://www.pgp.com/http://www.hushmail.com/http://www.starium.com/http://www.freedom.net/http://www.cs.ucl.ac.uk/staff/I.Brown/