Safeguard defenders, September 19, 2017
info@safeguarddefenders.com
Among the many revelations into the systematic repression of the human rights community to have come to light since the beginning of the 709 Crackdown have been accounts from those released about the access of police and state security to chat logs and emails, even communications and documents those people thought they had deleted.
This heightened awareness has certainly pushed the idea of taking digital security precautions in how to prevent sensitive information from falling into the hands of police in the event of detention. However, the focus of trainings and guidebooks is often directed in the wrong direction, namely on more advanced hacking and sophisticated intrusion. This continued focus on advanced threats actually has and will continue to harm human rights defenders’ safety. This is because it is not only nearly impossible to defend against such high level threats but that also in almost every case this is not the real threat. In the end, time is consumed trying to defend against a largely non-existent threat.
It is true that the capability of the Chinese Government concerning data forensics and hacking has developed like other aspects of the country, but those often limited resources are used against other bigger, and usually international, targets. On top of that, police and state security know well that the impunity with which they can act means that they have more direct, easier, access to whatever a human rights defenders’ computer or phone might hold; namely the use of direct threats, torture and intimidation against family, friends and loved ones. There are exceptions, but against these tools of repression, few people can stand up for long.
Real security must thus be based on the fact that a defenders’ computer and phone will be taken, and chances are that they will be forced to give up the information the police is after. The threat of torture or disappearance is sadly quite effective against even the best password or encrypted file. Any training and training material must be based on this reality. Digital security requires physical and behavioral changes in addition to passwords and applications.
The reality is also that digital security solutions that decrease the efficiency of our phones and computers are likely to be abandoned after time, regardless of the quality or number of trainings the rights defender or journalist has attended. Security solutions are only solutions if they are actually applied and maintained, something a lot of training material seems to gloss over when they offer solutions that are realistically not feasible for the majority of rights defenders.
Real security, that is sufficient and sustainable, can only come from finding the middle path, by focusing on real threats, while offering solutions that come from basic behavior rather than advanced technological solutions.
The newly released Practical Digital Protection self-study guide has been developed with these considerations in mind. It was developed over 12 months, together with journalists, lawyers, NGO workers and rights defenders across China, looking at their own experiences with security issues, detentions, interrogations and data forensic techniques applied by police and state security. The manual doesn’t only provide behavior-based solutions, but also real-life stories from defenders illustrating how their own best or worst case solutions have had a direct impact on how their technology has either been used against them, their partners, and coworkers, or prevented from being exploited by the State.
The following abridged story is one of several from the Practical Digital Protection manual.
A seasoned rights defense lawyer received a message on Telegram from a trusted colleague that the police had been asking questions about her and that she should expect to be detained or at least questioned. She had at this point already taken on many rights defense cases and worked with many other similar lawyers for several years. She was quite skilled in cybersecurity, having always been afraid police might detain her or take her computer and try to use her information against her. She rarely used WeChat, and never for work. She even knew how to use hidden encryption, not only to protect the data itself, but also to hide its very existence. Police can’t ask about what they don’t know exist she figured, correctly.
The information she had wasn’t just about her, but also about others. If this information fell into the wrong hands it didn’t just mean possible imprisonment for her, but for others. She had already been smart enough to realize that normal encryption would be of little help. If police knew what to ask for, she doubted that she would be able to resist for long, as she as a lawyer was well aware that the legal protections against torture and mistreatment in China are barely worth the paper they are written on.
When the police eventually detained her and placed her alone in a cell, to undergo more than a month of interrogations, they also seized her computer, several phones, and USBs.
After a few days in detention, she was very surprised when the police began to start each new day by showing her documents from her computer. She knew these documents had been stored in a hidden encrypted space that the police did not have access too, or even knew about. She was frantic each time the police produced one of these documents. These documents threatened to expose some of her sensitive rights defense work and provide evidence that would make it easy for the police to go after her clients or other lawyers she had worked with.
Before being detained she had agreed to a cover story with her colleagues who might also be detained. Some of the documents the police produced challenged their cover story, and severely increased hers and their risks.
The documents the police had were very random. Many of them were also just partial, a few pages of a larger document. How did they get these documents, she continued to wonder.
In the end, the police did not find the ‘smoking gun’ they were looking for, and even though she remains to this day under threat, having been released on ‘bail’, with police able to pick her up again any day they wish, the fact that most documents remained protected saved her.
Only after her release, with time and access to information online did she figure out what had gone wrong. File Recovery program it read. With this, she would learn of something that even many of those skilled in Cybersecurity fails to understand, or if they do understand it, fails to realize how big of a threat it is.
Data, she realized, are like memories. They linger for a long time, and even when they begin to fade, it happens slowly, and only parts of it disappear. Data, once ‘deleted,’ she realized, is not actually deleted, but continues to lie on the hard drive, only not visible to the normal user. It’s all still there, until the space holding the data is filled up with something new. The fact that most of data was in an encrypted space didn’t always matter, as many of the documents she had produced over the years had been created on the desktop (outside the encrypted area), before being moved to the encrypted space (which leaves traces of the original). An act of laziness. Many documents had also been deleted over time, she like most thus assumed they were safe. It had been deleted after all.
So what had happened? All those documents that had been on her normal hard drive, once moved to the encrypted storage, were readily available to the police using File Recovery, easy to use programs available for free online. All they had to do was scan her hard drive in detail, and step by step pieces of old data long ago deleted could be put together. This is because the documents weren’t properly erased from her computer. But there are solutions. Programs such as CCleaner for example, securely delete files to make sure nobody can ever recover them. Understanding how data deletion really works, and making secure deletion part of a normal routine will drastically increase security.
Safeguard Defenders new practical digital protection manual (English and Chinese editions) can be found at practicaldigitalprotection.com.
In addition to the current Chinese- and English language editions, other editions are being produced in collaboration with Reporters Without Borders, with a Vietnamese and a Turkish edition coming this fall.
—————————————————
为中国的人权捍卫者寻找更有力的安全保障
随着709大抓捕的开始,中国政府对人权群体的系统性打压正式浮出水面,许多被释放的人权人士透露出警察和国安得以查看那些他们本来以为已经删除的聊天记录、邮件、和文件等。
此安全意识的提高必然衍生出当面临拘留时如何防止敏感的信息落入警方手中的数字安全预防措施。但是往往很多的培训和手册都将焦点放在错误的方向,换句话说就是更多的在介绍一些更高阶的破解或尖端的技术方案,这种持续将焦点放在高阶威胁的方式实际上对人权捍卫者的安全有害。不仅仅因为他们不太会面临到如此高级别的威胁,也在于大部分所列举的高阶威胁其实并不是真正的威胁。到最后,时间都耗在了和大量不存在的威胁上较劲。
确实,中国政府在数据取证和破解上就如这个国家其他方面的能力般得到了很大的进步,但是这些有限的资源通常都用在其他更大、更国际化的目标上。更重要的是,警察和国安有更好的办法对付,也就是更直接和容易的办法—-进入一个他们已经拿到手上的人权捍卫者的电脑或手机,用直接的威胁、酷刑或对朋友和爱人进行恐吓。有人能够撑住,但面临这些压迫的手段,很少人能够支撑很长时间。
真正的数字安全应该是基于人权捍卫者的电脑或手机被没收后,当面临被警察强迫交出密码或信息的情况。很不幸就算是设置了最强的密码并且加密了文件,用酷刑和强迫失踪的威胁手段通常都能轻易破解掉。任何培训或培训手册也必须基于这个现实。数字安全除了必要的强力密码和程序外,还要有操作习惯和行为的改变。
另一个现实是降低我们使用电脑和手机效率的数字安全解决方案往往可能随着时间的推移而被放弃,不管这些人权捍卫者或律师们参加过的培训次数和质量。安全解决方案只有在被真正用到和持续的情况下才能被叫做解决方案,但很多的解决方案对于多数的维权人士来说都并不实用也不具备可持续性。
内容充分且具有可持续性的真正的数字安全,只可能来自于找到中间点,通过将焦点放在真正的安全威胁上,然后基于基础的操作行为来提供解决方案,而不是高阶的技术性解决方案。
最新发布的数字安全自学式实用手册就是基于这些考量而制作的。这本手册的制作花费了12个月,结集了来自中国各地的记者、律师、NGO工作者和人权捍卫者,通过深入他们自身面临的安全问题、被拘留、审讯和被警察和国安用到数据取证的技术而来的经验。这本手册不仅仅提供基于操作行为的解决方案,同时也加入了来自捍卫者们的真实故事,描述他们在数字安全的技术操作中做出的最正确或糟糕的解决方案是如何对他们自己或同事造成直接的正面或负面影响的。
下面的节选故事就来自数字安全实用手册中的多个故事之一。
一位经验丰富的维权律师收到她信任的同事的Telegram消息,提到警方盘问了很多与她有关的问题,同时提醒她可能会被拘留或至少被讯问。她接手过许多维权案件,也和很多其他类似的律师合作过多年。她对于数字安全非常在行,因为总是在担心警方可能将她拘留,或是没收她的电脑而试图从中找到一些对她不利的信息,所以她几乎不用微信,至少是从不会在工作中用到。她还知道如何使用隐藏加密,不仅仅用来保护数据,更是隐藏这个加密盘本身的存在。她认为这样警察就无从问起他们根本都不知道是否存在的程序。
她所掌握的不仅仅只有她自己的信息,也有他人的。如果这些信息落入错误的人手里,就意味着不仅仅她自己可能入狱,也包括其他人。她非常清楚的知道普通的加密根本起不到多大作用,一旦警方找到讯问的入口,她无法确定自己能够坚持抵抗多长时间,她自己就是一名律师,太清楚在中国对禁止酷刑和虐待的法律保护远远不及条款上所写的那样有价值。
当这一天终于来了,警察来带走了她,将她单独关押在某个地方,进行长达一个多月的审讯,他们同时也没收了她的电脑、手机和USB。
在几天的关押后,她非常讶异于警察开始每天向她出示一点从她的电脑里面找到的文件,她记得这些文件都被存在硬盘的加密空间内,而且警方也完全没有进入硬盘的密码,每一次当警察拿出一份新的文件时她都感到焦虑,这些文件危及到她做过的一些敏感案件的曝光,也相当于给警方提供更便利的打击她的客户和其他一起工作的律师的证据。
在被带走之前,她已经和其他可能会被带走的同事协商了好了掩饰说辞,其中一些被警方找到的文件和她的说辞背道而驰,大大的增大了他们的风险。
警方找到的文件都很随机,多数的文件都只有一部分,比如来自大word文档中的几页,她始终想不通,他们到底是怎么得到这些文件的。
后来,因为警方并没有找到他们想要找到的“确凿证据”,尽管这样,她也没有获得真正的自由,她被取保候审,也就是警方可以在任何他们想要的时候再次带走她。不过总的来说还是因为大部分被保护的文件没被找到的情况救了她。
在她被释放之后的日子,通过在网上搜索信息,最后才终于弄清到底是哪里出了问题。是文件恢复程序让警方能够时不时的找到一些零碎的文件。因为自己的亲身经历,使得她又如狼似虎的去学习这个连很多在数字安全方面很厉害的人都不明白的东西,或者说就算他们明白,但也忽略了这能带来多大的威胁。
她后来了解到,数据就如记忆,它们停留的时间很长,甚至在它们开始消失时,也消失的很慢,只有其中的一部分消失掉。数据一旦被“删除”,并不意味着被真正的删除了,它会继续躺在硬盘里,只是不会出现在一般的用户眼前。但它一直都在那儿,一直到这个数据所在的位置被新的东西填满。事实上光是将大部分的数据都存在加密空间内其实还不够,因为过去的多年里她的很多文件都是先创建在了桌面(也就是在加密空间之外),后续才将它们转移到加密空间的(这样原来的文件则会留下痕迹)。这其实是一种偷懒行为,一直以来删除的很多文件,她如其他的很多人一样以为会安全,以为它们都已经被删掉了。
所以会怎么样呢?所有那些在普通硬盘内存在过的文档,一旦被转移到加密空间,就意味着准备好被警方用网上随便都能免费下载的文件恢复程序,他们只需要用程序仔细扫描硬盘,一步步的找出删除的旧数据,然后将他们拼凑起来。这是因为那些文件并没有完全的从她的电脑中被清除。不过对此是有解决方案的。如程序CCleaner,可以安全的删除文件,并确保他人无法恢复已删除的文件。了解数据删除的运行原理,确保删除成为工作的常规动作将大大的提升安全性。
Safeguard Defenders 的最新数字安全实用手册目前有英文版和中文版,可以在网站 practicaldigitalprotection.com 下载。
除了目前的中文和英文版手册之外,其他的版本由无国界记者与Safeguard Defenders联合制作,越南版和土耳其版将在今年秋天面世。
———————————————–
Also from Safeguard Defenders:
What to Make of the Explosive New WeChat and QQ Spying Revelations? September 10, 2017
Leave a Reply