2.3 Security
Human rights organizations often work in countries where there are people who might be interested in seizing the valuable information that the organization gathers. Thus an information management system can make the information more vulnerable to theft or destruction by concentrating the information on a hard disk. Electronic information is more vulnerable than the corresponding paper for two reasons. 1) Electronically represented information is smaller and more concentrated than paper, and thus easier to carry off. 2) Electronic information is easier to copy, and thus removing unauthorized versions of the data is easier. In this section I will very briefly introduce a few ideas relevant to computer security. All of these ideas are covered in more detail in a subsequent volume in this series that treats data security and authentication issues.
The most central security problem for a human rights organization is how to protect information on a computer's hard disk in such a way that the organization can access the information, but that unauthorized users cannot. The technical issues involved in building a security system of this kind are complicated, and no system is foolproof. However, each organization can protect itself from the most common kinds of attacks on their information by protecting the physical security of the computers on which the information is stored. The physical security of the computers and the protection of internal data is called internal security.
There are other security issues relevant to human rights organizations. In particular, when human rights groups use the Internet to send or receive information, unless they use very strong encryption software, they should be aware that their communications can be read by people who have access to the computers used by the organization's Internet service provider. Sending a electronic mail message is like sending a postcard. This problem is called communications security.
Furthermore, Internet communications can be intercepted, or faked altogether. That is, a received message may or may not have originated from the electronic mail address in the header the recipient sees. The message may have been tampered with en route between the sender and the receiver. That is, the receiver cannot determine whether the message is authentic.
Finally, by sending a message, an organization has shown to anyone who can intercept any part of the message that the organization is communicating with the recipient. Every part of the transmitted message has both the address of the recipient and the return address of the sender. Thus by studying the pattern of communications from the human rights organization, a person can determine with whom the organization corresponds. This kind of attack is called traffic analysis.
Security, authenticity, and traffic analysis are the crucial problems an organization faces in electronic communications. All three problems are soluable, but the organization must be willing to be disciplined: they must develop security routines and use them for all of their correspondence. As I mentioned above, both communications issues and internal security issues will be covered in a later volume, due in the first quarter of 1997.