[Ssc-dev] Access Prize 2014 submission

[Nathan of Guardian]

Just submitted the text below too:
https://www.accessnow.org/prize

It is due tomorrow, and I think we all forgot about it, so I decided to
just crank it out.

****

***What is your project, and how does it help the endpoint security of
human rights defenders in particular?*

InformaCam is the simplest, yet most secure, way to capture and share
photos and video from a smartphone, and transform them into visual
evidence for change. It addresses the need to provide better physical
security for journalists, activists and advocates using smartphones to
capture images of critical events, while also ensuring the impact they
hope to have is not thwarted by lack of trust in the evidence they
provide. InformaCam does this by providing comprehensive security from
the moment of capture (automatic on-device encrypted storage), through
the network transmision (integrated upload via Tor to Globaleaks or
SecureDrop servers), all way to the end recipient (PGP signing and
encryption of media and metadata). It includes a "Panic" feature to
quickly erase captured media or even the app itself. It also uses
cryptographic hashing techniques to provide a veriable chain of custody
as soon as the media is captured, greatly enhancing the trustworthiness
of the content. Finally, it uses the built-in sensor array in the
smartphone, to capture a rich set of data beyond the visible spectrum,
including environmental conditions (heat, light, altitude, heading,
gravity) and radio signals (wi-fi, bluetooth and cellular), and presents
this metadata in a beautiful searchable, web-based dashboard.

All of this complexity is packaged into a clean, simple Android
application and a powerful web-based dashboard and collection of
server-based tools, that is available today, in beta, for free to any
individual or organization to begin testing. You can view our beta
launch site and try the software yourself at
https://guardianproject.info/informa and visit our public testbed
dashboard at https://j3m.info

***What is the technology behind the project? We're interested in code,
bits, and platforms. Links to public code repositories are highly
encouraged.*

There are two primary aspects to the technology behind InformaCam, the
evidentiary and the comprehensive security.

First, is the evidentiary-side, which analyzes captured media, gathers
inputs from the sensor, and generates a manifest of information known as
the J3M ("gem"), or JSON Mobile Media Metadata. J3M is like "Exif" for
photos, but on steroids, using a modern, web-friendly format (Javascript
Object Notation), and with built-in cryptographic verification. Once the
J3M is generated for an InformaCam-captured photo or video, it is
invisibly embedded inside of the file itself, so that it can be travel
with the content even if it is uploaded to YouTube, Dropbox or sent via
email. You can learn more about it on this wiki page:
https://dev.guardianproject.info/projects/informacam/wiki/JSON_Mobile_Media_Metadata_(J3M)

The second aspect, the comprehensive security, has been touched on a
bit. It is end-to-end, from the click of the shutter, all the way to the
viewing of the file on a remote desktop computer. As photos and video
are captured using the InformaCam app, they are immediately imported
into a 256-bit AES encrypted IOCipher virtual disk. Each InformaCam user
is automatically provided a new, anonymous PGP key, safely stored in
IOCipher, that is used to encrypt and sign data, without the user having
to understand anything about how PGP works, or revealing anything about
their identity. The app offers a "secure share" option to any configured
InformaRepo via Tor Hidden Services, using a SOCKS proxy provided by
Orbot (Tor for Android). Rather then reinventing the wheel, InformaCam's
secure share process is fully integrated with the Globaleaks
whistleblowing system, and soon SecureDrop, as well, building upon the
strength of their security, workflow and developer communities.

InformaCam System Presentation:
https://docs.google.com/presentation/d/1V3kRDDg9eG95rRZPxP9BClgRffNs2l3u2QIo4WtqFvo/edit?usp=sharing
InformaCam Project Public Wiki:
https://dev.guardianproject.info/projects/informacam/wiki/Overview

InformaApp (default InformaCam end-user app for direct user or
rebranding/remixing): https://github.com/guardianproject/InformaApp
InformaCore (core engine for integration with other apps):
https://github.com/guardianproject/InformaCore
InformaRepo (web dashboard and secure ingest system):
https://github.com/guardianproject/InformaRepo

IOCipher (encrypted virtual disks for mobile apps):
https://github.com/guardianproject/iocipher
NetCipher (network proxying and hardening):
https://github.com/guardianproject/netcipher
CacheWord (secure password / key management):
https://github.com/guardianproject/cacheword

***What’s your track record, and who are you working with to make the
project happen?*

With funding and other support from Witness, ISC, the Knight News
Foundation, and the International Bar Association, we have brought the
project over the last eighteen months from a concept, to a full public
beta launch, ready for initial deployments and testing. Both Witness and
the International Bar Association are beginning deployments of devices
with the application on it, and running their own secure InformaCam
repositories. We are working with Benetech to integrate the technology
into their Martus human rights reporting system. We have built
relationships with the Rory Peck Foundation, Reportiers Sans Frontiers,
Small World News and other journalists support networks, to build
awareness and adoption of InformaCam in the global journalist community.
We are also working with a variety of other groups on applying the
technology to defend migrant workers (ensuring the receive just payment
for their hours worked), gather war crimes evidence, and fight against
child trafficking. The possible areas of work that can be impact by
having trustworthy and secure mobile media evidence gathering is broad.

The Guardian Project has over 2.5 million downloads of its mobile
applications, with over 500,000 active users. Our mobile security
software libraries, including SQLCipher for Android, are built into
software ranging from WeChat (300 Million+ users) to IBM mobile
enterprise solutiosn (Worklight suite). We develop and maintain Orbot
(Tor for Android), Orweb (privacy-oriented mobile browser), ChatSecure
(end-to-end encryption mobile messaging), GnuPG for Android, the Open
Secure Telephony Network (OStel.co) and more. We have a growing team of
developers, designers, trainers and coordinators working together around
the globe to build truly open, interoperable and secure next generation
solutions, that aim to move the entire industry forward.

***What are the risks? What do you need to make the project successful
in the long-term?*

We are at a critical point in the product lifecycle of InformaCam. The
technology is proven, we are in a stable beta, and we are ready for our
close-up. However, in the non-profit, open-source technology world,
there is very little funding for outreach, marketing and awareness
building. We also know how busy, overworked and stressed out most
journalists, human rights defenders and activists are. They are all now
(at this point) freaked out about how bad their own personal
communications security is, while likely feeling confused by all of the
snake oil being pushed their way. It is this noise that we need to cut
through, both to individuals and to the organizations that support them.
Our plan for using the prize money provides one approach to cutting
through the noise, while also actually helping real people in need.

In the long-term, we know the sustainability of the project depends upon
it becoming more than just a grant-funded program, and that it also will
require adoption beyond the human rights realm. We are developing income
generating programs that include selling complete InformaCam systems
with pre-configured secure mobile devices and servers, along with a
support contract to news organizations, humanitarian groups and more. We
are actively talking with Google, Samsung, venture capitalists, startups
and others, who have shown interest in our metadata formats, core engine
and approaches to evidentiary media verification. The insurance
industry, in particular, is one that this could be highly relevant to
from a commercial stand point, and we hope that a smartphone manufacture
or two might see "Witness Mode" as a unique diffentiator for their devices.

***How will you make use of the prize money? Details should be listed on
the specific items your project will use the $50,000 prize money,
whether it be features, developers, platforms, etc.*

1) Build our own "Verified Mobile Media" global journalist team (aka
"adopt-a-journalist"): We will select a team of ten freelance
journalists (through both a public and private process) to be provided
the necessary mobile hardware, training, travel funding and other
ongoing support, to become the most public, active users of our
InformaCam testbed system. In short, they will become part of the
InformaCam team, and we will make it worthwhile for them to do so. They
will be provided Galaxy S4 Zoom devices configured as "Secure Smart
Cameras", with full disk encryption, secure calling and messaging,
automatic Tor transparent proxying and more. They will be, with a few
exceptions, the most "full paranoid" journalists on the planet, and they
will love it.

2) Amp up our Outreach & Marketing: We will continue our social media
campaigns to educate the broader public about our "Metadata for Good!"
and "BELIEVE WHAT YOU SEE" concepts
(https://twitter.com/guardianproject/status/414090387507404800). We will
ramp up our efforts to educate major human rights, humanitarian and news
organizations about the need for comprehensive mobile "endpoint"
security. We will offer online training hangouts, free trial servers
deployment and tests devices and more.

3) Beta Bug Fixing, and Onward to Launch! - We will wrap up our public
beta, and move towards a final v1 launch of the Android app and
repository. This will fund our lead developer (Harlo Holmes), our
designer (Carrie Winfrey), and an assorted set of other team members.