Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Privacy, data protection questions

Rich Kulawiec rsk at
Fri Mar 22 15:50:37 PDT 2013

On Fri, Mar 22, 2013 at 09:58:17AM -0500, Andrew Haeg wrote:
> We're in the late prototype phase for Groundsource<>,
> a mobile data collection and engagement platform -- designed for
> journalists, researchers, NGO's and others to use to gather first-hand
> knowledge. We've used the prototype to validate the need for the
> platform, and now privacy & data protection have moved front and center as
> we ramp up for a beta phase later this spring/summer.
> We've had some early discussions with the Tor Project about protecting
> journalists using the platform in countries with repressive regimes (down
> the road). We're also looking into using Wickr for encrypting
> communications. In the short term, we need advisors who can help guide our
> decisions around privacy and personal data collection & protection.

Ok.  Here's some advice.  You're not going to like it. ;-)  Sorry.
But better now than later, when lives are on the line.

I'd like to ask you to open a web browser and use your favorite
search engine to search for:

		mobile malware epidemic
		smartphone malware
		android malware
		windows phone malware

and similar.

Then I'd like you to explain how you propose to keep all those mobile
phones secure in the face of routine malware, let alone targeted and
custom malware crafted by hostile governments who would very much like
all those journalists and researchers and NGOs you mentioned to STFU
because they're saying and reporting and doing things those
governments find...disturbing.

Forget all the other security and privacy issues for a moment (some of
which I touched on in a previous list message [1]): how, EXACTLY, do you
propose to keep those phones from being infested just like a gazillion
other phones already are or will be real soon now?

Because once those endpoints are compromised, all the crafty routing and
anonymization and encryption layers you could possibly put in place aren't
going to matter very much.  And those endpoints WILL be compromised
(probably much sooner than you think) because they're going to be in the
hands of journalists and researchers and NGOs, *not* in the hands of
paranoid clueful paranoid diligent (did I mention paranoid?) geeks.

Oh, sure, someone sufficiently knowledgeable, cautious, etc.
can probably keep *one* phone secure.  Just like someone with those
qualities might be able to keep a single Windows system secure.  There are
people on this list who are capable of both of those things.  But dozens?
Hundreds?  Thousands?  Being carried around all over the place by
their owners?

There's not a chance in hell.  None.  This is not a solved problem in
computing.  Nor is there even a hint of a twitch of a notion of a
suggestion of a whisper that it will be solved anytime soon.

It's not even solved for people who've stacked the deck in their favor
(e.g., those who have the luxury of centralized control) let alone for
those who are allowing end users to connect their own.  And most of them
aren't painting big targets on their chests, they're just caught up in
the general crossfire...unlike *your* users, who are self-nominating to be
on the business end of some very serious attention from some very determined,
clueful and nasty people -- people who probably *already* have been
working on building or buying custom malware for phones because of course
that's what any prudent adversary with sufficient resources would be
doing just about now.

Yeah, okay, so I'm making the point at your expense, and I don't really
mean to do that, so I'll make it in the more general case: look, people,
unless you can produce a plan -- and more than that, a plan that's been
proven in the field to work -- for keeping, let's say, a population of, oh,
a thousand independent scattered phones free of malware, then you CAN'T
deploy your whizbang singing dancing smartphone app because it's going to
be promptly undermined.  Any government worthy of the term "oppressive"
is going to 0wn each and every phone of interest and is going to install
trackers, spyware, keystroke loggers, and whatever else occurs to them,
and you're not going to stop them.  At best, you might figure out that
this is happening after-the-fact and remediate some of them...until they
go back out in the field and get infested again.  Lather, rinse, repeat.

Not to put too fine a point on it (but I suppose I will anyway):

	If someone else can run arbitrary code on your computer,
	it's not YOUR computer any more. [2]

The phone may be in a journalist's hand or it may be in a researcher's
pocket, but it's not theirs.  *Not any more*.

Which means that your liberation app, the one that you designed and
developed and sweated over, the one that your user is trusting to
send and receive sensitive information, the one that's connecting
to a backend through umpteen layers of encryption and obfuscation
and misdirection and now running on the government's phone.



[2] I'm probably quoting somebody.  But I don't know who.

More information about the liberationtech mailing list