Thursday, June 11, 2015

Open Source Means Strong Security

“Your secure software is open source: doesn’t that make it less secure?”

This is a recurring question that we get at Benetech about Martus—our free, strongly encrypted tool for secure collection and management of sensitive information, built and provided by the Benetech Human Rights Program. It’s an important question for us and for all of our peers developing secure software in today’s post-Snowden environment of fear and worry about surveillance. We strongly believe not only that open source is compatible with digital security, but that it’s also essential for it.

Let me explain with the following analogy:

Think of encryption as a locked combination safe for your data. You may be the only one who has the combination, or you may entrust it to select few close associates. The goal of a safe is to keep unauthorized people from gaining access to its content. They might be burglars attempting to steal valuable business information; employees trying to learn confidential salary information about their peers; or a fraudster who wants to gain confidential information in order to perpetrate a scam. In all cases, you want the safe to keep your stuff secure and keep out unauthorized people.

Now, let’s say I’m choosing a safe for my valuables. Do I choose Safe Number One that’s advertised to have half-inch steel walls, an inch thick door, six locking bolts, and is tested by an independent agency to confirm that the contents will survive for two hours in a fire? Or, would I opt for Safe Number Two, where the vendor just tells me to trust them, my stuff is safe with them, but insists the design details of their safe is a trade secret? It could be the safe is made of plywood painted to look like metal in the catalog, and made from thin sheet metal. It might even be stronger than Safe Number One, but I have no idea if it is.

I know which one I’d choose!

Graphics representing "digital security," showing a lock on a background made of binary code.
License: CC0 Public Domain
Imagine I have the detailed plans and specifications of Safe Number One, sufficient to build an exact copy of that safe if I had the right materials and tools. Does that make Safe Number One less safe? No, it does not. The security of Safe Number One rests on two protections: the strength of the design and the difficulty of guessing my combination. Having the detailed plans helps me, or safe experts, determine how good the design is. It helps establish that the safe has no design flaws or a second “back door” combination other than my own chosen combination that opens the safe. Bear in mind that a good safe design allows the user to choose their own combination at random. Knowing the design should not at all help an attacker in guessing the random combination of a specific safe using that design.

Granted, there is no such thing as perfect security. Everyone so far that has advertised an uncrackable safe has been promising more than they can deliver. The goal of locking up your valuables is not to make them impossible to steal, but rather expensive to steal—whether in terms of money (better tools cost more), time, or the possibility of being sent to jail. The more you raise the cost of cracking a safe, the more secure your valuables are.

The point is this: knowing the specifications of a safe, and hence what it would take to crack it, doesn’t make it less secure. Knowing that the walls are half an inch thick might help a burglar know what tools are required to cut through a half inch of case hardened steel, but this knowledge doesn’t make it less costly to do so. Knowing the combination is designed to have millions of possibilities rather than hundreds discourages attackers who might try to guess your combination or try all of the possibilities. A well-designed safe with a hard-to-guess combination will discourage most attackers.

The analogy of the strong safe with an open design is directly applicable to secure software design. Just as with the safe, the security of a strongly encrypted software tool is not compromised by having its code openly available as open source. In fact, that the tool’s source code is open strengthens its security and, by extension, the safety and privacy of its users. If the code is public and freely available for review, then the end-users, their experts, and the open source community at large can verify that the software does exactly what it claims to do and that there are no “back doors.” In a world where hyper-surveillance is the norm, it is only natural that users insist on commitment to transparency by software developers. This is especially critical for human rights defenders, activists, journalists, civil society groups, and other social justice actors whose digital security and physical safety are closely linked.

It may seem a paradox that opening up the source code of secure software actually makes it more trustworthy. As toolmakers, though, our goal is not to keep the software design secret, but rather protect the confidentiality of the information entrusted to the software. As the safe analogy shows, the strength of security of software depends on the quality of design and the difficulty of guessing the password. With a strong, openly accessible design, the other key security element is encouraging users to choose long, strong, non-obvious passwords. The combination of a secure design and a good confidential password makes it unlikely that all but the most dedicated and well-resourced attackers will be able to access the confidential information stored in open source security software.

Just as the most secure safe will eventually yield to a dedicated assault from an expert with plenty of time and resources, secure software will also eventually yield to a similar assault. The goal of secure software is to raise the cost of such attacks to the point where attackers rarely bother you: they’ll attack your less secure neighbors!

At Benetech, we believe that collaboration and community best help deliver strong security. Here the open source approach to software development makes it easier to collaborate and incorporate existing important innovations. In the case of Martus, we didn’t have to re-implement cryptography libraries, as we used a strong open source one (Bouncy Castle). Likewise, we didn’t need to reinvent anonymity tools, as we integrated Tor into Martus. In this way, our users benefit from an entire community that supports their work with better digital security tools.

The major funders of technology for human rights groups have concluded that open source software is more trustworthy for the activists they want to support. Some of them, like the Open Technology Fund, are actively encouraging their grantees to have their software audited by third party experts, and funding those audits.

With greater transparency, accountability, independent verifiability, and collaboration comes stronger security. The open source way moves us all towards that goal.

This article originally appeared on under a Creative Commons Attribution-ShareAlike 4.0 International License.   

Monday, June 08, 2015

Are You Passionate about Technology and Social Good? Benetech Needs You!

Guest post by Betsy Beaumon, President, Benetech

We are seeking visionary leaders to join Benetech in applying technology to advance the rights of disadvantaged people around the world. Technology is playing an ever larger role in increasing respect for human rights and delivering better services, and we have two rare opportunities to lead world-class tech-for-good programs. Benetech is hiring new Vice Presidents for our Global Literacy and Human Rights programs.

You are the leader we are looking for if you see the combination of social good and businesslike management as the answer to pressing problems throughout the world. You are someone who dreams about using your management and leadership skills and love of technology for social impact, exceeding the bounds of what a regular for-profit business can do.

You’ve come to the right place: Benetech.

We are Silicon Valley’s deliberately nonprofit software company. Benetech is organized as a nonprofit, but run like a business. Our goal is not to make gobs of money, it’s to make maximum social impact while breaking even. We use technology today to help hundreds of thousands of students with disabilities succeed in school, as well as help human rights activists around the world document abuses and seek justice. Our Benetech Labs is busy looking for the next tech social enterprises that could make similar global impact.

We operate at the intersection of technology and social impact, and therefore our ideal candidates will demonstrate these dual interests and experiences. Whether you are a nonprofit leader with a track record of using technology to improve outcomes, or a for-profit tech leader with a history of commitment to social justice organizations, we want to see a commitment to both sides. To be successful, our leaders have to be bilingual in speaking tech and social good.

The Vice President of Human Rights will lead the work of the Benetech Human Rights Program, harnessing the power of technology to meet the pressing needs of advocates and human rights defenders to securely gather, store, and appropriately report sensitive data. The technology and training Benetech provides keep human rights defenders safe and have become critically important in larger efforts to pursue reform, seek justice, and begin the process of reconciliation. As one of our partners from an LGBT group in Uganda noted last year, “If it isn’t documented, it didn’t happen.” We must help ensure that every report of abuse is a tool for justice.

The Vice President of Global Literacy leads Benetech’s biggest program, standing at the confluence of some of the most active and rapidly evolving fields: digital content, EdTech, domestic and international education, and user-centered design. Our Bookshare service is the world’s largest online library of accessible ebooks for people with disabilities, serving over 350,000 users in 60 countries. This leader also provides the vision, leadership, and partnerships for a number of our Benetech Labs projects, including our DIAGRAM Center for accessible STEM, and our latest work on 3D printing in education, museums and libraries. Our dream is that every person on the planet with a disability that gets in the way of reading will have access to the content they need for education, employment, and full social inclusion. Along the way, we expect to drive innovations that will make learning better for all students around the world.

Working for Benetech is hugely rewarding, but not necessarily in a monetary sense. You have to feel strongly that the karmic rewards tip the balance to join a social enterprise. So if you are driven to make a real difference from a leadership position, at the unique intersection of technology and social change—and you are willing to work on delivering maximum social good—then we want to hear from you. Check out our job postings and apply now!

This post originally appeared on Benetech's Blog.

Friday, June 05, 2015

Proud Father and Husband: Concert in Palo Alto

Every once in a while, the Beneblog features something of personal importance to me.

I'm very excited (and proud) about an exciting concert coming up soon in Palo Alto. My daughter, Kate Fruchterman, will be returning briefly to the area the evening of June 17th to give a concert.  Kate will be heading to Europe this fall to sing professionally in Italy for the Turin Opera Company, as the winner of one of three Opera Foundation Scholarships.

As I said at the Skoll World Forum this year after hearing Monica Yunus, the famous opera singer and daughter of leading social entrepreneur Muhammad Yunus, Kate is another proof point of the proposition that geeky social entrepreneur dads can have beautiful opera singer daughters. 

Singer in a black dress and pearls smiling and leaning against a cinder block wall.
Kate Fruchterman, soprano

But, there's more!  The accomplished pianist Virginia Fruchterman (who I happen to be married to) will be the main accompanist at the concert at St. Mark's Church.  In addition, Lauren Osaka, flautist, and Phil Kadet, the NYC-based jazz pianist and composer, will also be playing with Kate.  

Full disclosure: there is a suggested $20 donation for adults at the door, which will help Kate as she journeys to Italy. Feel free to spread the word to people in the Bay Area!