[cryptography] ICIJ's project - comment on cryptography & tools

Steven Bellovin smb at cs.columbia.edu
Thu Apr 4 17:28:07 EDT 2013


On Apr 4, 2013, at 4:51 PM, ianG <iang at iang.org> wrote:

> On 4/04/13 21:43 PM, Jon Callas wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> 
>> On Apr 4, 2013, at 6:27 AM, ianG <iang at iang.org> wrote:
>> 
>>> In a project similar to Wikileaks, ICIJ comments on tools it used to secure its team-based project work:
>>> 
>>>         "ICIJ’s team of 86 investigative journalists from 46 countries represents one of the biggest cross-border investigative partnerships in journalism history. Unique digital systems supported private document and information sharing, as well as collaborative research. These included a message center hosted in Europe and a U.S.-based secure online search system.  Team members also used a secure, private online bulletin board system to share stories and tips."
>>> 
>>>         "The project team’s attempts to use encrypted e-mail systems such as PGP (“Pretty Good Privacy”) were abandoned because of complexity and unreliability that slowed down information sharing. Studies have shown that police and government agents – and even terrorists – also struggle to use secure e-mail systems effectively.  Other complex cryptographic systems popular with computer hackers were not considered for the same reasons.  While many team members had sophisticated computer knowledge and could use such tools well, many more did not."
>>> 
>>> 
>>> http://www.icij.org/offshore/how-icijs-project-team-analyzed-offshore-files
>>> 
>> 
>> Thanks!
>> 
>> This is great. It just drives home that usability is all.
> 
> 
> Just to underline Jon's message for y'all, they should have waited for iMessage:
> 
> 
> 
>      "Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals.
> 
>      "An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, "it is impossible to intercept iMessages between two Apple devices" even with a court order approved by a federal judge.
> 
>      "The DEA's warning, marked "law enforcement sensitive," is the most detailed example to date of the technological obstacles -- FBI director Robert Mueller has called it the "Going Dark" problem -- that police face when attempting to conduct court-authorized surveillance on non-traditional forms of communication.
> 
>      "When Apple's iMessage was announced in mid-2011, Cupertino said it would use "secure end-to-end encryption." It quickly became the most popular encrypted chat program in history: Apple CEO Tim Cook said last fall that 300 billion messages have been sent so far, which are transmitted through the Internet rather than as more costly SMS messages carried by wireless providers.
> 
> http://news.cnet.com/8301-13578_3-57577887-38/apples-imessage-encryption-trips-up-feds-surveillance/
> 
> 
There's a long thread on Twitter (look for Julian Sanchez, @normative) on this, with comments from me, Matt Blaze, Nick Weaver, and others.  Also see Julian's blog post at http://www.cato.org/blog/untappable-apple-or-dea-disinformation



		--Steve Bellovin, https://www.cs.columbia.edu/~smb







More information about the cryptography mailing list