Re: [liberationtech] Disruption at the Intersection of Technology and Human Rights - Forbes

6 Jul 2018

      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Julian and Eugen,

I'm Collin, I work on Martus training and outreach at the Human Rights
Program at Benetech. I wanted to clarify a few concerns coming from the
Forbes piece. You're right to question cloud-based security, but Martus
is not a traditional cloud computing application--I'd hesitate to call
it a cloud application at all, really. Martus is a java desktop
application that encrypts information (stored as "bulletins,"
semi-structured rich documents) locally on the user's machine. The
encryption keys (RSA public-private key pairs used to encrypt
per-bulletin AES keys) stay on the user's computer, and in her
5-choose-2 secret-share backups.

The "cloud" part comes from our server network. The Martus application
replicates the ciphertext (through SSL) to a publicly-available server;
the servers replicate to each other so that each has a full copy of all
bulletins. Note that only ciphertext is ever stored on the servers,
unless a user chooses to publish
<https://martus.ceu.hu/servlet/SimpleSearch> some of her data through
Martus--then the public data (and only the public data) is stored in
plaintext on the servers. It's up to the user to decide whether to make
any data public, and it's very easy to set Martus preferences such that
data will always be private and stored in ciphertext. And there are
never any keys stored out of the user's control.  

Martus users can share information securely through the network. Each
bulletin's author can authorize other users to read a given bulletin by
including the other user's key when the bulletin is saved. Again, the
keypairs are created and stored locally, and there is no web portal for
access to a Martus user's private bulletins.

Also mentioned in the Forbes piece, Martus comes with some wipe features
for the attacker-at-the-door use case. One is an account and data wipe,
the other is account/data wipe plus uninstall. These are designed to be
quick-erase features ("panic button" functionality, as it's been
called), with time constraints precluding overwriting the data several
times, and we're careful to explain this to users during trainings and
support. Of course, by using her backed-up key, the user can retrieve
her data whenever she needs to -- whether she's wiped the data, or had
her computer lost or stolen.

We first released the software in 2003, and it's in use by human rights
monitors all over the world. It runs in ten languages, including
Russian, Arabic, Thai, and a number of other non-latin-character
languages. There are over 250,000 bulletins saved in the server network.
Of course the software is available under the GPL, always has been, and
always will be.

Hope this helps. More info is available at martus.org
<https://www.martus.org/>, and I'm happy to answer any questions.

Cheers,
Collin

- -- 
Collin Sullivan
Human Rights Program Associate
Benetech Human Rights Program

Email:     collin.s@benetech.org
Skype:    collin.w.sullivan
GPG:     0x78657D4D

https://www.benetech.org - Technology Serving Humanity
https://www.martus.org - Martus Human Rights Bulletin System
https://www.hrdag.org - Human Rights Data Analysis Group

Julian Oliver:
...
..on Tue, Nov 13, 2012 at 10:50:04AM +0100, Eugen Leitl wrote:
...
On Mon, Nov 12, 2012 at 09:41:05PM -0800, Yosem Companys wrote:
...
http://www.forbes.com/sites/skollworldforum/2012/11/12/disruption-at-the-int...
...
Look at Benetechbs development of Martus, a human rights database,
based in the cloud with highly secure encryption and eraser technology
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you can cartwheel through the lasers while wearing the appropriate
3d printed
face it's a snap. Just don't look down: Cloud computing is
high-altitude stuff..
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJQo99YAAoJEN3b1xdSAv8h5FcP/1kBSuXGZJcyvSD6qvIUfKKp
w9ckp2Hs6exfY1zghhw0oL1+fpRzfhP3uoj06vUtv6jOSYkyH8s7lZATylMy0La7
vnJOlM21/r0pdc/kh4QZKgZBmgchSdWMiO+RnGEXSWtfpzidJ3uT4Zx9ip/p6MLa
PnNqywKCyACd8CKYnx5ESVbWXW/764PDnwEn+biCYDdEoMUsNXsW9so40ritwEdt
S7Pm4rl6rAklzHRdeiMpSBhx165cszlZjrPmEkRQRbQmbelhsXkPR4kJ+gEgljlr
TDQ2iO46MgUViwHH47KkvsGV+sj24BbhrilPrgptxkIoANWiHD8J9Omt5+/Txffu
FwzNKD07wk/10BwFgjYnvGviSJyH+c+no1TvIHBLRsLgV2/LeC4nFwRe7uSYT48L
vPD6b3qCT3O8sWkTpOqMHFiRrqtEE7Lfjn1N6ymmqrUxIOOuoQY0K63Do6zHvemW
PT8NQFlsoqJIAC26dGJAi2xIcch1kvpds2ORijnf/4M5vvPjYa2vNDv+9L6np9AO
5l87XACiDO5A6AWujdpz55ZfLa6lMcuJycTXgxzu/tsKif41A30pBQnDi6k3TY3M
J+zhJOQ9WE5DAl8CKDFIPmInWg3dGJcakwj7T9ZxjRFeaPmOSjWyz+BBOIdrpGAu
GDG5zb1MzBAhaeLLR7ZH
=z3vc
-----END PGP SIGNATURE-----

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE