28C3 - Version 2.3.5
28th Chaos Communication Congress
Behind Enemy Lines
Speakers | |
---|---|
Herr Urbach | |
willowbl00 |
Schedule | |
---|---|
Day | Day 4 - 2011-12-30 |
Room | Saal 3 |
Start time | 11:30 |
Duration | 01:00 |
Info | |
ID | 4707 |
Event type | Lecture |
Track | Hacking |
Language used for presentation | English |
Feedback | |
---|---|
Did you attend this event? Give Feedback |
Your Disaster/Crisis/Revolution just got Pwned
Telecomix and Geeks without Bounds on Security and Crisis Response
Software is becoming more and more important in organizing response to all kinds of crises, whether that means activists responding to an unjust government or aid workers helping with the aftermath of a disaster. Security often isn't the first thing people think about in these situations -- they have work to get done, just like the rest of us, and many of these tools are built in the heat of the moment. In a crisis, a lack of security can make a small disaster into a big one. In this talk, we'll look at real world experiences of the security and privacy problems in the field, and how to fix them, at both large and small levels.
People are using technology to try to save the world, whether in the disaster response world, or in activist or revolutionary work. Many of the people involved are not technologists. Many of the people building tools for these situations do not understand security. This is a problem because: Privacy issues for disaster response Creepy uncle Creepy government agency Gaming the aid process with crowdsourced reports Activists and revolutionaries are subject to direct attack, coercion, harrassment, etc. A few problems: People are using generic tools that don't provide the guarantees they need People are writing special-purpose tools without understanding the problem People are writing tools which intentionally subvert their users People don't understand the problems they're causing with how they use tools To fix this: Build specialist tools with a deep understanding of the real problems Get the help you need to make tools secure Ask for help Help disaster/activist ICT projects if you know your security Build security into generic tools, even if you're not planning on revolutionaries using them, because you never know when you're going to need to overthrow a government on twittter. Learn/teach about security and what it takes to use existing tools well Build a security culture in your organization