[Ssc-dev] Access Prize 2014 submission

Wed Jan 15 14:19:31 EST 2014

Thanks for putting this together, Nathan.  This team's work is certainly in
the right space, or also as certainly of the right caliber.

David M. Oliver | david at g <david at olivercoady.com>uardianproject.info |
http://g <http://olivercoady.com>uardianproject.info | @davidmoliver | +1
970 368 2366

On Tue, Jan 14, 2014 at 10:13 PM, Nathan of Guardian <
nathan at guardianproject.info> wrote:

> Just submitted the text below too:
> https://www.accessnow.org/prize
>
> It is due tomorrow, and I think we all forgot about it, so I decided to
> just crank it out.
>
> ****
>
> ***What is your project, and how does it help the endpoint security of
> human rights defenders in particular?*
>
> InformaCam is the simplest, yet most secure, way to capture and share
> photos and video from a smartphone, and transform them into visual
> evidence for change. It addresses the need to provide better physical
> security for journalists, activists and advocates using smartphones to
> capture images of critical events, while also ensuring the impact they
> hope to have is not thwarted by lack of trust in the evidence they
> provide. InformaCam does this by providing comprehensive security from
> the moment of capture (automatic on-device encrypted storage), through
> the network transmision (integrated upload via Tor to Globaleaks or
> SecureDrop servers), all way to the end recipient (PGP signing and
> encryption of media and metadata). It includes a "Panic" feature to
> quickly erase captured media or even the app itself. It also uses
> cryptographic hashing techniques to provide a veriable chain of custody
> as soon as the media is captured, greatly enhancing the trustworthiness
> of the content. Finally, it uses the built-in sensor array in the
> smartphone, to capture a rich set of data beyond the visible spectrum,
> including environmental conditions (heat, light, altitude, heading,
> gravity) and radio signals (wi-fi, bluetooth and cellular), and presents
> this metadata in a beautiful searchable, web-based dashboard.
>
> All of this complexity is packaged into a clean, simple Android
> application and a powerful web-based dashboard and collection of
> server-based tools, that is available today, in beta, for free to any
> individual or organization to begin testing. You can view our beta
> launch site and try the software yourself at
> https://guardianproject.info/informa and visit our public testbed
> dashboard at https://j3m.info
>
> ***What is the technology behind the project? We're interested in code,
> bits, and platforms. Links to public code repositories are highly
> encouraged.*
>
> There are two primary aspects to the technology behind InformaCam, the
> evidentiary and the comprehensive security.
>
> First, is the evidentiary-side, which analyzes captured media, gathers
> inputs from the sensor, and generates a manifest of information known as
> the J3M ("gem"), or JSON Mobile Media Metadata. J3M is like "Exif" for
> photos, but on steroids, using a modern, web-friendly format (Javascript
> Object Notation), and with built-in cryptographic verification. Once the
> J3M is generated for an InformaCam-captured photo or video, it is
> invisibly embedded inside of the file itself, so that it can be travel
> with the content even if it is uploaded to YouTube, Dropbox or sent via
> email. You can learn more about it on this wiki page:
>
> https://dev.guardianproject.info/projects/informacam/wiki/JSON_Mobile_Media_Metadata_(J3M)
>
> The second aspect, the comprehensive security, has been touched on a
> bit. It is end-to-end, from the click of the shutter, all the way to the
> viewing of the file on a remote desktop computer. As photos and video
> are captured using the InformaCam app, they are immediately imported
> into a 256-bit AES encrypted IOCipher virtual disk. Each InformaCam user
> is automatically provided a new, anonymous PGP key, safely stored in
> IOCipher, that is used to encrypt and sign data, without the user having
> to understand anything about how PGP works, or revealing anything about
> their identity. The app offers a "secure share" option to any configured
> InformaRepo via Tor Hidden Services, using a SOCKS proxy provided by
> Orbot (Tor for Android). Rather then reinventing the wheel, InformaCam's
> secure share process is fully integrated with the Globaleaks
> whistleblowing system, and soon SecureDrop, as well, building upon the
> strength of their security, workflow and developer communities.
>
> InformaCam System Presentation:
>
> https://docs.google.com/presentation/d/1V3kRDDg9eG95rRZPxP9BClgRffNs2l3u2QIo4WtqFvo/edit?usp=sharing
> InformaCam Project Public Wiki:
> https://dev.guardianproject.info/projects/informacam/wiki/Overview
>
> InformaApp (default InformaCam end-user app for direct user or
> rebranding/remixing): https://github.com/guardianproject/InformaApp
> InformaCore (core engine for integration with other apps):
> https://github.com/guardianproject/InformaCore
> InformaRepo (web dashboard and secure ingest system):
> https://github.com/guardianproject/InformaRepo
>
> IOCipher (encrypted virtual disks for mobile apps):
> https://github.com/guardianproject/iocipher
> NetCipher (network proxying and hardening):
> https://github.com/guardianproject/netcipher
> CacheWord (secure password / key management):
> https://github.com/guardianproject/cacheword
>
> ***What’s your track record, and who are you working with to make the
> project happen?*
>
> With funding and other support from Witness, ISC, the Knight News
> Foundation, and the International Bar Association, we have brought the
> project over the last eighteen months from a concept, to a full public
> beta launch, ready for initial deployments and testing. Both Witness and
> the International Bar Association are beginning deployments of devices
> with the application on it, and running their own secure InformaCam
> repositories. We are working with Benetech to integrate the technology
> into their Martus human rights reporting system. We have built
> relationships with the Rory Peck Foundation, Reportiers Sans Frontiers,
> Small World News and other journalists support networks, to build
> awareness and adoption of InformaCam in the global journalist community.
> We are also working with a variety of other groups on applying the
> technology to defend migrant workers (ensuring the receive just payment
> for their hours worked), gather war crimes evidence, and fight against
> child trafficking. The possible areas of work that can be impact by
> having trustworthy and secure mobile media evidence gathering is broad.
>
> The Guardian Project has over 2.5 million downloads of its mobile
> applications, with over 500,000 active users. Our mobile security
> software libraries, including SQLCipher for Android, are built into
> software ranging from WeChat (300 Million+ users) to IBM mobile
> enterprise solutiosn (Worklight suite). We develop and maintain Orbot
> (Tor for Android), Orweb (privacy-oriented mobile browser), ChatSecure
> (end-to-end encryption mobile messaging), GnuPG for Android, the Open
> Secure Telephony Network (OStel.co) and more. We have a growing team of
> developers, designers, trainers and coordinators working together around
> the globe to build truly open, interoperable and secure next generation
> solutions, that aim to move the entire industry forward.
>
> ***What are the risks? What do you need to make the project successful
> in the long-term?*
>
> We are at a critical point in the product lifecycle of InformaCam. The
> technology is proven, we are in a stable beta, and we are ready for our
> close-up. However, in the non-profit, open-source technology world,
> there is very little funding for outreach, marketing and awareness
> building. We also know how busy, overworked and stressed out most
> journalists, human rights defenders and activists are. They are all now
> (at this point) freaked out about how bad their own personal
> communications security is, while likely feeling confused by all of the
> snake oil being pushed their way. It is this noise that we need to cut
> through, both to individuals and to the organizations that support them.
> Our plan for using the prize money provides one approach to cutting
> through the noise, while also actually helping real people in need.
>
> In the long-term, we know the sustainability of the project depends upon
> it becoming more than just a grant-funded program, and that it also will
> require adoption beyond the human rights realm. We are developing income
> generating programs that include selling complete InformaCam systems
> with pre-configured secure mobile devices and servers, along with a
> support contract to news organizations, humanitarian groups and more. We
> are actively talking with Google, Samsung, venture capitalists, startups
> and others, who have shown interest in our metadata formats, core engine
> and approaches to evidentiary media verification. The insurance
> industry, in particular, is one that this could be highly relevant to
> from a commercial stand point, and we hope that a smartphone manufacture
> or two might see "Witness Mode" as a unique diffentiator for their devices.
>
> ***How will you make use of the prize money? Details should be listed on
> the specific items your project will use the $50,000 prize money,
> whether it be features, developers, platforms, etc.*
>
> 1) Build our own "Verified Mobile Media" global journalist team (aka
> "adopt-a-journalist"): We will select a team of ten freelance
> journalists (through both a public and private process) to be provided
> the necessary mobile hardware, training, travel funding and other
> ongoing support, to become the most public, active users of our
> InformaCam testbed system. In short, they will become part of the
> InformaCam team, and we will make it worthwhile for them to do so. They
> will be provided Galaxy S4 Zoom devices configured as "Secure Smart
> Cameras", with full disk encryption, secure calling and messaging,
> automatic Tor transparent proxying and more. They will be, with a few
> exceptions, the most "full paranoid" journalists on the planet, and they
> will love it.
>
> 2) Amp up our Outreach & Marketing: We will continue our social media
> campaigns to educate the broader public about our "Metadata for Good!"
> and "BELIEVE WHAT YOU SEE" concepts
> (https://twitter.com/guardianproject/status/414090387507404800). We will
> ramp up our efforts to educate major human rights, humanitarian and news
> organizations about the need for comprehensive mobile "endpoint"
> security. We will offer online training hangouts, free trial servers
> deployment and tests devices and more.
>
> 3) Beta Bug Fixing, and Onward to Launch! - We will wrap up our public
> beta, and move towards a final v1 launch of the Android app and
> repository. This will fund our lead developer (Harlo Holmes), our
> designer (Carrie Winfrey), and an assorted set of other team members.
>
>
>
> _______________________________________________
> Ssc-dev mailing list
>
> Post: Ssc-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/ssc-dev
>
> To Unsubscribe
>         Send email to:  Ssc-dev-unsubscribe at lists.mayfirst.org
>         Or visit:
> https://lists.mayfirst.org/mailman/options/ssc-dev/david%40guardianproject.info
>
> You are subscribed as: david at guardianproject.info
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/ssc-dev/attachments/20140115/e90ba81f/attachment.html>