Re: [liberationtech] Mexico's most vulnerable reporters lack digital security skills

That's incredible. I honestly did not know any of this. Drug lords in the Middle East aren't half as terrifying. With this kind of terrifying landscape, what accessible technology could possibly secure the communications of Mexican journalists against not only interception, but against their own future torture and other such ancillary, surrounding threats that may be borne from using encryption? This situation is so awful that we security people should add it to our repertoire of absolutes ("will this survive NSA intervention?" "will this survive Mexican drug cartel intervention?") They really add to the threat landscape by being not only more unbridled and omnipotent than a bad regime, but not even subject to the smallest shred of responsibility in terms of governance and stability. Even the worst governments still are. I don't know what on earth Mexican journalists are supposed to do when confronted with such an absurd threat landscape. NK On Wed, Feb 27, 2013 at 1:42 AM, Ryan Gallagher <ryan@rjgallagher.co.uk>wrote:

On 27 February 2013 00:01, Eva Galperin <eva@eff.org> wrote:

...

I'm not sure that I would support ranking drug cartels as a less technologically sophisticated threat than the government in Mexico.

Very much agree, Eva. If I were working out of Mexico it would be under the assumption that the cartels could, if they really wanted to, obtain the same info that is available to law enforcement agencies and/or government officials via the use of surveillance tech.

Mexico has a fairly sophisticated surveillance infrastructure. Since at least 2006 it has has apparently operated a Verint mass monitoring system that can intercept "virtually any wired, wireless or broadband communication network and service," and this system has since been upgraded with the help of the US government: http://www.nextgov.com/technology-news/2012/04/state-department-provide-mexi...

Mexican authorities also have access to other tools, such as spy trojans: http://www.slate.com/blogs/future_tense/2012/08/03/surveillance_technology_i...

And as Bloomberg Businessweek reported in 2011: "Recent killings indicate the cartels are taking the new online tactics seriouslyband that the activists may have miscalculated in counting on nicknames and IP addresses for protection....the U.S. firm Stratfor and security experts in Mexico warned that, with so many government officials on the take, the cartels likely have access to the military-grade tracking technology used by the Mexican government. In at least one case, according to journalist Valdez, the Sinaloan cartel hired a hacker to hunt down a government informant." http://www.businessweek.com/magazine/mexicos-drug-war-takes-to-the-blogosphe...

Best,

Ryan

...

While there isn't a lot of evidence that drug cartels have used technologically sophisticated means to track down anonymous/pseudonymous bloggers and journalists, corruption is sufficiently widespread that if my life depended on it, I would assume that the drug cartels could have access to the same information that the government has through bribery and threats.

There are circumstances in which I would support the use of Cryptocat by Mexican journalists (and it's certainly an improvement over sending messages in the clear, which many Mexican journalists are doing) but transmitting information which you would like to keep secret from drug cartels is probably not one of them.

************************************************ Eva Galperin Global Policy Analyst Electronic Frontier Foundation eva@eff.org (415) 436-9333 ex. 111 ************************************************

...

Hi, At Cryptocat we are developing an easy to use instant messaging tool

On 2/25/13 1:36 PM, Nadim Kobeissi wrote: that

...

is available in 34 languages. It encrypts all of your conversations, preserves your privacy and works in your browser.

If you are a Mexican journalist and your opponent is not highly skilled in information technology intelligence (not a government, but a drug cartel) then you should try Cryptocat. It does not leave a record of conversations anywhere and does not transmit anything in the clear.

Get Cryptocat here: https://crypto.cat Make sure to read the warnings on the site to get familiar with the app's limitations.

NK

On Mon, Feb 25, 2013 at 10:13 PM, Brian Conley < brianc@smallworldnews.tv>wrote:

...

Hi Kyle,

I've been developing a tool called StoryMaker for journalists and citizen journalists.

It's private/secure by design, so ideal for this use case.

There is a 10 lesson curriculum in mobile digital safety, and the app itself that could all be translated into Spanish. Then perhaps the app and/or curriculum might be used to educate and assist them in their work?

https://www.transifex.com/projects/p/storymaker/language/es/

Resources 20-29 + 210 are the digital safety lessons.

cheers

brian

On Mon, Feb 25, 2013 at 1:04 PM, Kyle Maxwell <krmaxwell@gmail.com> wrote:

...

I'm curious how the infosec community, particularly those of us who speak and write Spanish, can assist in helping Mexican activists and journalists. I understand that a large portion of that community actively exchanges data on Twitter; any pointers would be appreciated.

Feel free to contact me off-list if desired.

On Mon, Feb 25, 2013 at 1:02 PM, G.W. Schulz <gwschulz30@gmail.com> wrote:

...

> "Most Mexican journalists and bloggers reporting on highly sensitive > topics (such as crime, corruption, violence and human rights issues) do not > fully understand the risks and threats they face when they use digital and > mobile technology, even though the topics they cover make them even more > vulnerable, a new survey by Freedom House and the International Center for > Journalists finds."

http://ijnet.org/stories/mexicos-most-vulnerable-reporters-lack-digital-secu...

...

-- Kyle Maxwell [krmaxwell@gmail.com] http://www.xwell.org Twitter: @kylemaxwell -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

--

Brian Conley

Director, Small World News

http://smallworldnews.tv

m: 646.285.2046

Skype: brianjoelconley

-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE