Posts Tagged ‘encryption’

Anti-Censorship initiative with free VPN accounts for human rights defenders

July 15, 2020

On 14 July Business-Wire reported that the VPN company TunnelBear has partnered with NGOs to give away 20,000 accounts (these NGOs inlcude Access Now, Frontline Defenders, Internews, and one other undisclosed participant).

This program aims to empower individuals and organizations with the tools they need to browse a safe and open internet environment, regardless of where they live. The VPN provider is encouraging other NGOs or media organizations across the world to reach out if they too are in need of support. “At TunnelBear, we strongly believe in an open and uncensored internet. Whenever we can use our technology to help people towards that end, we will,” said TunnelBear Cofounder Ryan Dochuk.

TunnelBear’s VPN encrypts its user’s internet traffic to enable a private and censor-free browsing experience.

By undergoing and releasing independent audits of their systems, adopting open source tools, and collaborating with the open source community, TunnelBear has proven itself to be an industry leader in the VPN space and a valuable private sector partner within the internet freedom movement. Internews is happy to support TunnelBear in extending its VPN service to the media organizations, journalists, activists, and human rights defenders around the globe who can benefit from it,” said Jon Camfield, Director of Global Technology Strategy at Internews.

Contact: Shames Abdelwahab press@tunnelbear.com

See also: https://humanrightsdefenders.blog/2020/06/23/trump-now-starts-dismanteling-the-open-technology-fund/

https://www.businesswire.com/news/home/20200714005302/en/TunnelBear-Kicks-Anti-Censorship-Initiative-Free-Accounts-Activists

Trump now starts dismanteling the Open Technology Fund

June 23, 2020

Raphael Mimoun wrote in Newsweek of 22 June 2020 an opinion piece “Dictators are Besieging Internet Freedom—and Trump Just Opened the Gates”. It is a detailed piece but worth reading:

raph-m

Last week, the Trump administration started dismantling one of the US government’s most impactful agencies, the Open Technology Fund, which supports projects to counteract repressive censorship and surveillance around the world.

The Open Technology Fund, or OTF, is relatively new, founded in 2012 as a program of the government-backed Radio Free Asia. In 2019, it became an independent non-profit reporting to the US Agency for Global Media (USAGM). Since its founding, the organization has funded dozens of projects now part of the toolkit of millions of rights advocates and journalists around the world. But OTF is now under attack: the new leadership of USAGM, appointed just weeks ago, fired the leadership of all USAGM entities, including OTF, dismissed OTF’s independent and bipartisan board of directors, and is threatening to hollow out OTF altogether….

Many of those tools help those who most need it, where surveillance, censorship, and repression is most acute. Just last month, Delta Chat declined a request for user data from Russia’s communication regulator—because the security architecture developed with OTF support meant it did not have any data to handover. FreeWechat, which publishes posts censored by the Chinese government on the app WeChat, has been visited over 7 million times by Chinese-speakers. Dozens more OTF-funded tools enable millions to evade surveillance by autocratic governments and access the open internet, from Cuba to Hong Kong and Iran.

OTF’s work is critical to human rights defenders and journalists, but it brings privacy and security far beyond those groups. OTF only supports open-source projects, meaning that the code used must be available for anyone to view and reuse……….

But OTF’s work on internet freedom isn’t limited to funding technology development. The organization takes a holistic approach to internet freedom, providing life-saving training and capacity-building to groups directly targeted by cyberattacks, harassment, and violence: LGBTQI advocates in Indonesia, journalists in Mexico, civic activists in Belarus, or exiled Tibetan organizations. OTF also funds events bringing together researchers, technologists, policy-makers, and advocates. Those gatherings—whether global like the Internet Freedom Festival or focused on specific countries or regions like the Iran Cyber Dialogue, the Vietnam Cyber Dialogue, or the Forum on Internet Freedom in Africa–have been transformative. They have helped build a tight community in a space where trust is hard to achieve. Without such events, many of the projects, tools, and collaborations to circumvent censorship and counter surveillance would not exist.

See also: https://www.theverge.com/2020/6/23/21300424/open-technology-fund-usagm-circumvention-tools-china-censorship-michael-pack

https://www.newsweek.com/open-technology-fund-trump-dismantling-1512614

European Parliament votes to restrict exports of surveillance equipment

January 22, 2018

Members of the European Parliament have voted to curb export of surveillance equipment to states with poor human rights records, following mounting evidence that equipment supplied by companies in Europe has been used by oppressive regimes to suppress political opponents, journalists and campaigners. MEPs in Strasbourg agreed on 17 January to extend EU export controls to include new restrictions on the export of surveillance equipment, including devices for intercepting mobile phones, hacking computers, circumventing passwords and identifying internet users. The proposals also seek to remove encryption technologies from the list of technologies covered by EU export controls, in a move which aims to make it easier for people living in oppressive regimes to gain access to secure communications which can circumvent state surveillance.

Dictators spy on their citizens using EU cyber-surveillance. This must stop. The EU cannot contribute to the suffering of courageous activists, who often risk their lives for freedom and democracy,” said MEP Klaus Buchner, European Parliament rapporteur. “We are determined to close dangerous gaps in the export of dual-use goods and call on member states to follow suit.”

The proposed changes to the EU dual use export control regime are likely to face opposition from the defence industry and governments, as the European Parliament, and the European Commission prepare to negotiate their implantation with Europe’s 28 member states.

European technology companies, including UK firms, have supplied equipment that  has been used for arresting, torturing, and killing people in Iran, Egypt, Ethiopia, and Morocco, according to the European Parliament. An investigation by Computer Weekly revealed that the UK government had approved export licences to Gamma International (UK) to supply mobile phone interception equipment, known as IMSI catchers, to Macedonia, when the regime was engaged in a massive illegal surveillance operation against the public and political opponents.

And the UK’s largest arms manufacturer, BAE Systems, has exported equipment capable of mass internet surveillance to countries that campaigners say regularly commit human rights abuses, including Saudi Arabia, Qatar, Oman, Morocco and Algeria. An overwhelming majority of MEPs supported reforms to the EU’s export control regime, which will require member states to deny export licences if the export of surveillance technology is likely to lead to a serious impact on human rights in the destination country. The proposed changes, backed by 571 votes to 29 against, with 29 abstentions, will impose tough requirements for EU governments.

Member states will be required to assess the likely impact of surveillance technology on citizens’ right to privacy, freedom of speech, and freedom of association, in the destination country before they grant  export licences – a significant step up from current levels of scrutiny.

The proposed rules contain safeguards, however, that will allow legitimate cyber-security research to continue. Companies exporting products that are not specifically listed will be expected to follow the OECD’s “due diligence” guidelines, if there is a risk they could support human-rights violations.

Improved transparency measures will require member states to record and make data on approved and declined export licences publicly available, opening up the secretive global trade in surveillance technologies to greater public scrutiny.

http://www.computerweekly.com/news/252433519/European-Parliament-votes-to-restrict-exports-of-surveillance-equipment

HURIDOCS not too worried about the theft of its computers – read why

December 11, 2015

huridocs-logo-transparent-240x58Last weekend, HURIDOCS office in Geneva and the office of an ally organization were burglarized; two of its desktop computers were stolen. Computers were the only stolen items at both offices, but it’s not possible to say whether the theft was specifically for information stored on the hard drives or just for the computers themselves. Either way, it states confidently in a message that they have not experienced a data breach, because both computers were encrypted and locked with strong passwords. They also didn’t lose any data, because it’s safely stored in Casebox. Here’s how to protect your information and yourself, critical for human rights defenders, in case of physical computer theft:

  1. Lock your computer with a strong and unique password. All passwords should be strong and unique, but perhaps even most importantly for your computer itself. Simple passwords are more easily hacked by ‘brute force’ (guessing until success), seen by someone glancing as you type, or determined from camera footage (that’s why Snowden typed his passwords under a blanket in Citzenfour). There are some good tips for better passwords.
  2. Safeguard all passwords. Do not keep your passwords written on paper near your computer. A multitude of secure passwords will be impossible to keep in mind, so we recommend using a password manager like KeePassX instead; KeePassX also rates the strength of your passwords.
  3. Consistently lock your screen when you step away. Theft can happen very quickly and obviously, unexpectedly. Encrypt your hard drive. If it’s encrypted, no one else can read it. Check your settings in Filevault on Mac and Bitlocker or Veracrypt on Windows.
  4. Regularly back up your encrypted hard drive to another location. If your computer is stolen, you’ll still have all of your information. If you use a password manager like KeePassX, your backup will include a locked file containing all of your passwords. To further protect yourself against privacy breaches and malicious threats, we also recommend to: Scan your hard drive for viruses at least once a week with updated antivirus software like Sophos or Avast.
  5. Update your computer’s operating system and all critical software as soon as updates become available. These updates are often to better protect you from breaches. Set up two-factor authentication and two-step verification on all critical accounts like email, social networks, Apple ID, and shared workspaces. Change your passwords often.

HURIDOCS conclusion: If you’ve taken the above steps and your computer is stolen, you won’t need to worry about your data being stolen along with it. We strongly recommend all human rights defenders take these precautions.

 

https://www.huridocs.org/2015/12/steps-to-protect-your-data-computer-theft/

Bahaa Nasr teaches cyber security to Syrian opposition against their digital enemies

February 10, 2015

Forbes of 2 February 2015 carries an interesting piece by Thomas Fox-Brewster about Bahaa Nasr, a man who “Is Teaching Syrians To Defend Themselves Against Their Many Digital Enemies“.

After a description of recent attacks on opposition forces of the Syrian regime, the article – which does not distinguish a lot between human rights defenders and armed opposition – states that those under attack are in need of better cyber awareness. “That’s where Bahaa Nasr comes in. He runs Cyber Arabs, which provides digital security training not only for Syrians but for activists, human rights defenders and journalists across the Arab world.

Bahaa Nasr of Cyber Arabs - AP Photo/Bilal Hussein

Syria, of course, has been a strong focus of our work in the past years due to the multitude of risks CSO [civil society organization) activists are facing there. While originally the main threat came from the regime and from groups like the SEA, now there is more and more concern about extremist groups like ISIS also resorting to cyber attacks,” he tells me over encrypted email.

He notes one of the most common techniques is social engineering, as the opposition has come to realise. But there are also targeted malware attacks, such as those allegedly launched by ISIS.

Then there are cruder methods at play in Syria’s information war. “Checkpoints are also a problem in many places where they often confiscate computers and mobile phones and thus gain access to data and accounts and new entry points for social engineering attacks,” Nasr adds.

He claims Cyber Arabs has helped around 500 activists, journalists, human rights defenders and citizen journalists from 17 Arab countries. At least 200 were from Syria. Training takes place in person and online, covering general digital hygiene: recognising and avoiding phishing attacks or social engineering attempts, good password practices, learning about different kinds of malware and how to improve the security of social media accounts. Cyber Arabs also teaches use of tools tailored for people’s needs, including secure email and instant messaging, and encryption. There’s an Android app to help stay up to date on the latest threats in the region too.

Nasr has been working closely with a range of influential groups, including Citizen Lab, a research collective based in Toronto, which focuses on digital attacks on activists. John Scott Railton, a member of Citizen Lab, described Cyber Arabs’ work as simply “amazing”. With such help available to Syrians, it’s hoped they won’t suffer from smart online offensives on their systems as they try to bring an end to a horrific, protracted war.”

This Man Is Teaching Syrians To Defend Themselves Against Their Many Digital Enemies.