Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Disruption at the Intersection of Technology and Human Rights - Forbes

Collin Sullivan collins at
Wed Nov 14 10:13:45 PST 2012

Hash: SHA512

Hi Julian and Eugen,

I'm Collin, I work on Martus training and outreach at the Human Rights
Program at Benetech. I wanted to clarify a few concerns coming from the
Forbes piece. You're right to question cloud-based security, but Martus
is not a traditional cloud computing application--I'd hesitate to call
it a cloud application at all, really. Martus is a java desktop
application that encrypts information (stored as "bulletins,"
semi-structured rich documents) locally on the user's machine. The
encryption keys (RSA public-private key pairs used to encrypt
per-bulletin AES keys) stay on the user's computer, and in her
5-choose-2 secret-share backups.

The "cloud" part comes from our server network. The Martus application
replicates the ciphertext (through SSL) to a publicly-available server;
the servers replicate to each other so that each has a full copy of all
bulletins. Note that only ciphertext is ever stored on the servers,
unless a user chooses to publish
<> some of her data through
Martus--then the public data (and only the public data) is stored in
plaintext on the servers. It's up to the user to decide whether to make
any data public, and it's very easy to set Martus preferences such that
data will always be private and stored in ciphertext. And there are
never any keys stored out of the user's control.  

Martus users can share information securely through the network. Each
bulletin's author can authorize other users to read a given bulletin by
including the other user's key when the bulletin is saved. Again, the
keypairs are created and stored locally, and there is no web portal for
access to a Martus user's private bulletins.

Also mentioned in the Forbes piece, Martus comes with some wipe features
for the attacker-at-the-door use case. One is an account and data wipe,
the other is account/data wipe plus uninstall. These are designed to be
quick-erase features ("panic button" functionality, as it's been
called), with time constraints precluding overwriting the data several
times, and we're careful to explain this to users during trainings and
support. Of course, by using her backed-up key, the user can retrieve
her data whenever she needs to -- whether she's wiped the data, or had
her computer lost or stolen.

We first released the software in 2003, and it's in use by human rights
monitors all over the world. It runs in ten languages, including
Russian, Arabic, Thai, and a number of other non-latin-character
languages. There are over 250,000 bulletins saved in the server network.
Of course the software is available under the GPL, always has been, and
always will be.

Hope this helps. More info is available at
<>, and I'm happy to answer any questions.


- -- 
Collin Sullivan
Human Rights Program Associate
Benetech Human Rights Program

Email:     collin.s at
Skype:    collin.w.sullivan
GPG:     0x78657D4D - Technology Serving Humanity - Martus Human Rights Bulletin System - Human Rights Data Analysis Group

Julian Oliver:
> ..on Tue, Nov 13, 2012 at 10:50:04AM +0100, Eugen Leitl wrote:
>> On Mon, Nov 12, 2012 at 09:41:05PM -0800, Yosem Companys wrote:
>>> Look at Benetech’s development of Martus, a human rights database,
>>> based in the cloud with highly secure encryption and eraser technology
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you can cartwheel through the lasers while wearing the appropriate
3d printed
> face it's a snap. Just don't look down: Cloud computing is
high-altitude stuff..



More information about the liberationtech mailing list