You don’t know if someone is breaking into your system or leaking information. Without encrypted communications, physical security or privacy protocols, anyone can be accessing your files, reading your emails and manipulating your documents without your knowledge.
Your open communications can also put others at risk in places where politically motivated raids are more likely to happen. If you lock your doors, you should encrypt your files. It’s that simple.
Some software packages simply don’t do a good job, while others are honey pots. Honey pots lure you into using free and seemingly excellent software provided by the very people who want to spy on you. Still, there are reputable brands – just remember to investigate before you use it.
Firewalls prevent hackers from accessing your hard drive and network but, once you send a file into the internet, it is open to the world. You need to protect it before you send it.
It depends on your system and your activities, but generally everyone should have:
• A firewall;
• File encryption;
• Virus detection software;
• Secure back-up:
• Passphrases that can be remembered but not guessed;
• A hierarchy of access – everyone in the organization does not need access to all files;
• Consistency – none of the tools will work if you don’t use them all the time!
It is perfectly legal to use encryption in most countries of the world. However, there are exceptions. In China, for example, organisations must apply for a permit to use encryption, and any encryption technology on your laptop must be declared as you enter the country. Singapore and Malaysia have laws requiring anyone wishing to use encryption to report their private keys. India has some exceptions.
The Electronic Privacy Information Center (EPIC) provides an International Survey of Encryption Policy discussing the laws in most countries. This list was last updated in 2000.
Everyone should use encryption, because digital communications are inherently unsafe.
Digital technology is a benefit to human rights groups, allowing them easier communications, greater efficiency and more opportunities. However, with any benefits come certain dangers. Just because you wear a seat belt doesn’t mean you are expected to have an accident every time you drive. Driving in a more dangerous situation, such as a race, makes you even more likely to use a seatbelt, just to be safe.
Human rights workers are known targets of surveillance. Since unencrypted emails can be accessed and read by almost anyone, it is almost inevitable that your unencrypted emails will be accessed at some point. Your messages may already be monitored by your opponents and you will never know.
Even in this day and age, after decades of having the Internet, we are still surprisingly sending and receiving most of our e-mails and information insecurely through the World Wide Web. We’re still using most of the founding protocols and technologies that transfer data in what we call clear-text.
When in clear-text, your passwords and the data content can be captured on the local network you’re connected to, which is an even bigger problem when connected to a public Wi-Fi hotspot or Internet port. Additionally, the data could be captured and read by hackers or eavesdroppers during stops at servers when it’s moving through the Web.
See it for yourself
We discussed that many of the protocols we use today are unencrypted and aren’t secure for working with sensitive information. However, this might not get the point across as efficiently as actually seeing what an eavesdropper or hacker can see.
So if you’re curious, start by downloading a reassembler, such as the EffeTech HTTP Sniffer. Start capturing, browse the Web, and see how easy it is for someone to eavesdrop on unencrypted communications. You might also want to experiment with password sniffers, such as SniffPass.
“You have one identity,” Zuckerberg emphasized three times in a single interview with David Kirkpatrick in his book, “The Facebook Effect.” “The days of you having a different image for your work friends or co-workers and for the other people you know are probably coming to an end pretty quickly.” He adds: “Having two identities for yourself is an example of a lack of integrity.”
The May issue of the Minnesota Law Review has the papers from a 2009 symposium on cyberspace and the law. Here are some of the articles in this issue, courtesy of Concurring Opinions:
Jane E. Kirtley, Mask, Shield, and Sword: Should the Journalist’s Privilege Protect the Identity of Anonymous Posters to News Media Websites?, 94 Minn. L. Rev. 1478 (2010)
Paul Ohm, Probably Probable Cause: The Diminishing Importance of Justification Standards, 94 Minn. L. Rev. 1514 (2010)
Orin S. Kerr, Vagueness Challenges to the Computer Fraud and Abuse Act, 94 Minn. L. Rev. 1561 (2010)
Christopher Slobogin, Proportionality, Privacy, and Public Opinion: A Reply to Kerr and Swire, 94 Minn. L. Rev. 1588 (2010)
The Supreme Court has ruled that individuals posting comments on the Internet must be held to the same standards for criminal libel as writers in other forms of media.
GoSecure.com Blog
