NGO in a Box - Security Edition

ENCRYPTION TOOLS

As technology becomes an increasingly important tool for human rights activists and other organizations at risk, the security of their communications and of the information they collect remains vulnerable which further highlights the importance of encryption.

What is encryption? It is the art and science of scrambling data in such a way that only the intended party can read it. One of the most critical aspects of encryption is encrypting e-mail. This is especially true for those who are likely to become targets of surveillance and censorship.

What most people do not realise is that when you send information over the Internet (which is a public network), anybody can read it by making a little effort. Sending an e-mail is as private as sending a postcard through the mail, and encryption is like a sealed envelope for your e-mail. It makes your communication almost unreadable to anyone but the intended recipient.

While your computer or e-mail can never be 100 percent secure, any steps taken to encrypt the data are better than not encrypting it at all, because adversaries are likely to be routinely foiled by any level of encryption. And although encryption takes some extra time to set up, the added security is of great benefit.

Encryption not only protects your data and your communications, but it is also a method of authentication. You can digitally stamp press releases, e-mails, or any other document so that people are absolutely sure that it has come from you and that someone else did not send it pretending to be you (spoofing). There are ways that people can spoof documents if you are not using encryption technology so that a press release can look like it was issued by your organization. Such a spoof can be used to get a group of people all in one place at the same time so that they can be arrested or to get people to do something that they normally wouldn't do.

The GNU Privacy Guard (GnuPG)
enables people to securely exchange messages and to secure files with both privacy and strong authentication. GnuPG is a free software replacement for the PGP suite of cryptographic software. The basic GPG program has a command line interface, but there are various front-ends that provide it with a graphical user interface; we are including the GPGshell interfave on this disk (see below). Also GnuPG has been integrated into various email clients also with Thunderbird with the Enigmail plug-in (see the internet and communications tools section).

GPGshell
is a graphic interface that allows you to use the cryptographic software GnuPG in a easy and user friendly way. Its goal is encrypting/decrypting files and/or email messages, but also signing them ( or verify their sign ).

See also the following references:

• “Using Encryption and Digital Signatures”
• Descriptions in ngo@box manual “Chapter 8: Pretty Good Privacy”
• “The GNU Privacy Handbook” (version: French, Espaniol)
• “Breaking the code: What encryption means for the first amendment and human rights”
• “NetAction's Guide to Using Encryption Software”
• “Snake Oil-Warning Signs: Encryption Software to Avoid.pdf”

Steganography:

Steganography is the ability to hide information in such a way that one cannot tell it has been hidden. One option is to hide your message in a photograph. To the naked eye, it is just a photo, but, with appropriate software, you can reconstruct the original message. The program listed below is free, however we have included a few more programs on steganography in Miscellaneous Tools section. See also the following references:

• Steganography, Steganalysis and Cryptanalysis

4Hit Mail Privacy Lite
provides a quick and easy way of protecting your communications by hiding your text into an image. It combines hiding with a strong encryption method. Use any image on your PC - from a pleasant landscape to your latest birthday photo. HIT Mail supports a wide variety of image formats.

Back to the Index