A Reasonably Secure Future
Benetech’s Collin Sullivan on Operating Systems Empowering Human Rights Defenders to Defend Themselves
For the last five years, I’ve traveled around the world training human rights defenders to use software to more securely collect, store, and share sensitive data. The individuals and groups I work with face serious and complex digital threats that are difficult to detect. Some are aware of such threats and have taken precautions, while others are just gaining awareness and starting their search for solutions. To get a sense of where a specific audience fits on this spectrum, I often introduce the digital threat conversation by asking the room: “Show of hands: who here has a sticker covering their webcam?”
The webcam-sticker strategy is a small step anyone can take to empower themselves and reclaim agency from attackers, even if it’s a band-aid approach that doesn’t address the real risks implicated by a compromised webcam. If nothing else, webcam stickers are a useful reminder that computers may betray us, and that we may not be the only ones with access to the information our computers carry. Attacks that trick a person into visiting a website or opening a file that grants someone else access are increasingly common.
Back in 2014, I wrote about Remote Access Trojans (RATs) that were being used to target Tibetan activists. We were exploring how to improve endpoint security—that is, the security of the device itself, like a phone or laptop—to protect the sensitive data the Tibetans were collecting. Three years later, endpoint security, operational security, and privacy-focused operating systems remain the strongest practical defenses against compromise.
As malware becomes easier for state and non-state attackers to deploy, people who may be targeted need to take extra steps to protect themselves, their information, and the people who are implicated in that information. The fact is that malware vendors have and will continue to develop clever ways to trick people into executing malicious code. All widely-used operating systems are vulnerable (and the myth that Mac computers are more secure because they aren’t targeted is increasingly discredited).
Tails runs entirely in a computer’s Random Access Memory (RAM). It forces all network connections through Tor, software that routes a user’s internet traffic through an open network of relays to separate data identifying the user from data about the destination and content of the traffic, which makes it more difficult to identify and target the user. The computer’s RAM is wiped at shutdown to remove indications of use, and the Tails file system is reset on every boot, making it difficult for malicious programs to make your computer their home.
Qubes enables the user to isolate and compartmentalize different programs and connections, thereby limiting interaction and access. When downloading a file, for example, a Qubes user can open that file in an environment that does not have access to the computer’s file system or any network connections, thus protecting against infection, unauthorized access or connectivity.
Some of the features that make Tails and Qubes so useful are becoming available outside of those environments. Microsoft’s Hyper-V feature mimics some of Qubes’ functionality. The hardentools project (which is still being researched and is not yet recommended for use in risky situations) is a simple, creative, and potentially elegant way to minimize an attack surface. Still, these remain piecemeal responses where more comprehensive ones may be a better fit.
Unfortunately, Tails and Qubes are not yet widely adopted in the human rights field, partly because in the past this software has been difficult to use. Both systems have made impressive and encouraging strides in usability over the last few years. Installing and upgrading Tails has never been easier or smoother, and recent usability updates to Qubes have made it much easier to create and manage the various compartments (virtual machines).
Despite progress, we’re several important steps away from widespread Tails and Qubes adoption by human rights defenders. A path toward that future:
- OS developers (like QubesOS and Tails): Continue your march toward wider applicability and improved usability! Your efforts to date have improved your projects noticeably. In your usability improvement efforts, directly engage human rights defenders as a primary use case, learn and appreciate their needs and constraints, and stay abreast of the latest research on the attacks being used against them.
- Human rights defenders: Try these operating systems for your day-to-day computer usage. At the very least, use them for risky or sensitive work. As with all technology adoption, there will be a learning curve, but it will become easier to use over time. Be sure to send your feedback directly to the developers.
- Software developers: Does your software run on Qubes or Tails, or incorporate proxies or Tor services? Is your software designed for–or has it been adopted by—human rights defenders? Do your products encourage reasonable security practices among your users? Take steps to make sure your software clearly articulates the risks it poses for your users. If possible, design your software in a way that helps users assess their risks and make smart decisions about use.
- Funders: Support human rights defenders by funding sufficient training and post-training support on these operating systems and similar ones, including the very promising SubgraphOS. Include training-of-trainer curricula so expertise can be localized and spread organically. In addition, support human rights by funding Tails and Qubes to undertake long-term human rights defender-based usability research, rigorous defender-focused threat modeling, usability and accessibility updates, and translations.
And please: cover your webcam. See me for band-aids. I have extras.
Collin Sullivan is a Human Rights Program Associate at Benetech, a Silicon Valley-based nonprofit whose mission is to empower communities by creating scalable software solutions.