Because foreign journalists have been virtually banned from Syria during the uprising against Bashar al-Assad's regime, news coverage has relied heavily on citizen journalists and international reporters working with sources inside the country. Syrians who communicate with foreign news media run the risk of being threatened, detained, tortured, or even killed.
Journalists and bloggers in authoritarian countries have their work cut out thwarting governments that try to restrict their writing and reporting. The last thing they need to worry about is the provider of their publication platform helping authorities with censorship or surveillance. Cue the Global Network Initiative (GNI), a voluntary grouping of Internet companies, freedom of expression groups, progressive investors, and academics.
When journalists make enemies in high places, they become vulnerable to the powers those figures wield. One such power is the state's capacity to wiretap and obtain personal records from communications companies. From Colombia's phone-tapping scandal to last year's case of Gerard Davet--a Le Monde reporter whose phone records were obtained by the French intelligence service in apparent violation of press freedom laws--state surveillance has a long history of being misused against reporters.
As we've reported before, there's strong evidence that forces with widespread access to Iran's internet infrastructure have been engaged in large-scale surveillance of https traffic in July and August, certainly of Google traffic, and perhaps many more websites, including Facebook and Yahoo!
If you used the Internet in Iran during this period you should, at the very least, change your passwords, and log out, then log back into, any services you use.
A fuller explanation of what happened, and what to do about, written in Farsi, is available from Google's Persian Blog. "DigicomV" on YouTube has also posted some Farsi-language videos explaining the attack.
Thanks to Katrin at MobileActive for these links.
"The freedom of the press and the lie of the state." The headline Thursday in the influential newspaper Le Monde was bound to make a big splash. While President Nicolas Sarkozy was basking in the glory of his Libyan intervention and celebrating the virtues of democracy, the French "paper of record" was denouncing the dark side and the dirty tricks of his government.
In August, Google introduced a new, if rather obscure, security feature to its Chrome web browser, designed to be triggered only under extreme circumstances.
If you were talking to Google's servers using the web's secure "https" protocol, your browser makes a number of checks to ensure that you are really talking to Google's servers. Like an overly obsessive bouncer, the new code double-checks the identity of any supposed Google site against a Chrome-only list of valid Google identities hardwired into the browser.
Three Chinese writers who have spent time in prison for articles published online are suing California-based Cisco Systems Inc., according to international news reports. The suit accuses the company of providing information and technology to Chinese authorities that facilitated the writers' detentions--allegations that Cisco flatly denies. Chinese security officials have already interrogated one of the plaintiffs, according to his lawyer. Will the case against Cisco protect him and others in China from further repercussions?
by Danny O'Brien
For the past decade, those who used the Internet to report the news might have assumed that the technological edge was in their favor. But online journalists now face more than just the standard risks to those working in dangerous conditions. They find themselves victims of new attacks unique to the new medium. From online surveillance of writers through customized malicious software to "just in time" censorship that can wipe controversial news sites off the Internet at the most inconvenient moment, the online tools to attack the press are getting smarter and spreading further.
Facebook is rolling out a a new feature starting today: its users now have an option in their account settings that will protectively encrypt all their Facebook activity as it travels over the Internet. Flipping the switch won't change much about how you use Facebook, but you'll see Facebook web addresses will always start with "https": and no-one between Facebook's servers and your own computer will be able to see what you say and do on the service.
This is a significant step for protecting journalists who use the social networking site for communication or publishing. We've had reports on attacks on journalists, notably in Iran, that depended on intercepting communications on Facebook. Turning on https will make such surveillance - by rogue governments, ISPs or common criminals - far harder. Additionally, censorship that attempts to block individual Facebook pages (rather than Facebook as a whole) will be difficult to implement.
The system behind https encryption isn't perfect. The recent password-stealing attack on Facebook and Gmail in Tunisia was designed to beat encrypted communications. Many states, include those with poor track records in protecting Internet users' security, could use their access to "certificate authorities" to intercept encrypted communications without that attack being obvious. But these attacks require far more technical complexity than current strategies, and there are solutions already being worked on by browser manufacturers.
You do still have to turn the feature on to get the benefit. (It's listed as "Secure browsing" under "Account security".) An important next step for Facebook would be to do as Google did with Gmail, and enable encryption for everybody, by default. That's a big step, however, and one that could take some time.
Hopefully, Facebook will continue down the secure path, and that other companies like Yahoo!, whose unencrypted email and messaging services are still woefully vulnerable to spying, follow their lead.
