Promotion - White Paper


#1

Hi all,

here’s a proposal for a White Paper which we can use to approach funders and promote the tool in general. It’s a first draft, and I am hoping for tons of feeback so I can refine it :slight_smile: Please give some feedback until August 26. Watch out for two sections in italic please - while writing, I was not sure whether this is correct the way I put it. In general, I think this whole thing is a bit thin on the technical side, so I’d be especially grateful for input on that.

What is included in brackets will be footnotes in the actual document.

White Paper – enough

Introduction – What is enough?
enough is a platform for journalists, sources and human rights defenders to communicate privately and securely. It starts as a service offering the same functions and level of security as an online storage provider (such as DropBox, Google Drive etc.). From there, it can be upgraded progressively with more sophisticated measures, starting with 2FA up to an airgap machine dedicated to decrypting classified documents.

Mostly, its users will be journalists and civil society representatives who do not require the high-level security option, because the cloud option is simply “enough” for them. As they learn about more complicated techniques, enough adapts and upgrades to match their skills. In the long run, we want to contribute to a change in culture among journalists and enable them to use encrypted communication tools as a default.

A community of individuals provides support and hosting for enough. Organizations supporting investigative journalist or human rights defenders are welcome to join and get the help they need. Overall, we aim at strengthening principles and realities, which support a more transparent, fair and equal society based on democratic values and mutual respect among citizens.

The Problem
One of the major challenges in the digital era is the establishment of secure communication and data storing channels: in a continuously advancing process of digitalization, online communication becomes the norm. At the same time, the increasing access of governments and corporations on citizens’ personal data creates an imbalance in power and privacy significantly jeopardizing individual liberties. To safeguard civil liberties in the digital era, it is thus important to counterbalance these tendencies by developing and providing tools, which allow individuals to maintain control over their digital lives.

This concerns journalists, human rights defenders as well as their sources in a particular manner, as by default, they often operate on matters concerning breaches of civil liberties, democratic principles, human rights, abuse of power and other forms of misconduct. In addition, the lack of whistleblower protection measures and freedom of information laws puts sources, their lives and livelihoods at unnecessary risk, particularly when they share sensitive information (For more information on the relationship between encryption and the safeguarding of freedom of expression, please consider: United Nations Human Rights Special Procedures. Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, 2018 https://freedex.org/wp-content/blogs.dir/2015/files/2018/07/EncryptionAnonymityFollowUpReport.pdf).

Technical solutions offering the necessary privacy, such as encrypted channels, can significantly minimize these risks while at the same time allowing information to flow. However, in many cases, these actors lack the technical experience to apply these tools: Sources have no time to learn, and journalists are no technical experts. This is why they require an easy-to-use solution.

Proposed Solution
To respond to this situation, we propose the innovative communication platform enough. Based on open source technology and embedded within a decentralized, horizontal community, it offers journalists and human rights defenders a simple way of communicating and exchanging documents with their sources. It is modelled after more traditionally used, commercial technical solutions, thus providing a familiar user experience while guaranteeing independence in data management.
enough constitutes an effective entry point for journalists and activists to more secure communication, as it is similar to technological solutions they are used to work with on a daily basis. Additional options of the interface – beyond the reception of information from outside sources – include the possibility to store documents in an encrypted cloud system, as well as additional, but voluntary functions to enhance security and privacy.

Both of these features – an easy-to-use, familiarly designed data management platform combined with decentralized, encryption technology allowing increased and increasing levels of security – contribute to a general raise of awareness and better understanding of technical solutions to enhance privacy and data protection. enough underlines and reinforces the benefits of encryption measures, while at the same time demystifying their application. As a result, journalists and human rights defenders become more autonomous in digitally protecting their sources, the information they are handling and ultimately themselves. This is why enough – although facilitating the exchange of documents between sources and recipients – should not be understood as a leaking platform in the traditional sense, which by design depend on the hosting entity. Instead, enough is set up in a manner, which encourages autonomy in application as a final directive.

For sources, enough provides a simple platform to submit documents. The anonymous drop box system significantly enhances their personal security by safeguarding their identity.

How it works
Organizations or individuals who employ Enough will be provided with access to an open source data management service, which can be accessed through a web browser, a desktop client or via a smart phone app. The service can be hosted via institutional or private servers, or via the servers of the enough community. Depending on the users of enough – whether they be individuals or part of a consortium – the setup of the drop box is reasonably flexible.

Enough includes an instant messaging feature, which allows secure follow-up communication between journalist and source, based on encrypted technology.

The application for journalists:
At the base, enough works like any other commercial cloud service. In addition to that, it includes a function that allows to receive and access files which have been submitted from outside. Due to the open source nature of the cloud service provider, journalists maintain control over the files they store within enough. The risk of information being tracked is reduced to a minimum.

With increased understanding of the benefits of the service as well as familiarity with its technical implications and options, journalists may choose additional levels of security within their personal settings. These include Two Factor Authentication and other, more commonly used encryption methods. At the ultimate level, journalists may choose the option of introducing an airborne laptop, which allows them the use of the SecureDrop application, granting the highest level of security in receiving and storing files.

The application for sources:
Sources access the application via a simple link, which can be made available via the website of the journalist, consortium or NGO they wish to contact. There, files they wish to share can be uploaded to the respective enough application. This allows them to share relevant information immediately and securely via an encrypted channel, without going through an intermediary stage.

Furthermore, the landing page introduces sources to other secure channels, such as Signal or Wire, and invites them to contact their addressees via these applications as well if required.

The Enough Community
A horizontal community of volunteers sustains enough. The individuals who constitute this community have different professional backgrounds, but are united by the aim to promote freedom of expression through the empowerment of journalists, human rights defenders and their sources.
The enough community is the main developer and promoter of the service, provides advice on its use as well as technical support in application and self-hosting. For independent journalists who do not have a server of their own at their disposal, it provides the necessary infrastructure to employ the tool.

The community is organized in a decentralized, horizontal manner, distributing authority equally. To ensure that members interact in a well-defined, respectful and sustainable way that allows creative collaboration, it has established a Code of Conduct (https://enough.community/blog/2018/07/22/code-of-conduct/), which governs any interaction between members and users.

Benefits – Immediate and long term
enough offers a number of short- and long-term benefits. First, it provides a simple, easily applicable leaking tool, which allows documents to be shared securely. In an environment where whistleblowers cannot yet rely on the protective measures they merit, this is an important contribution to the facilitation of their activities, which can benefit the whole of society.

Secondly, enough encourages journalists to become more aware of technical solutions that not only protect their sources, but ultimately themselves and their work. The straightforward interface of the application invites users to employ additional features on a daily basis, such as the possibility to store documents. The encrypted and decentralized nature of the tool makes journalists and human rights defenders less prone to attacks from the outside.

At the same time, enough contributes to a changed perception of encryption technology, and demystifies its application. By doing so, the tool leads users to become more tech-savvy and aware of the potential of technical solutions in facilitating their work. In the long-run, the tool thus feeds into to a change in culture regarding the perception of encryption technology as something reserved for experts. Ultimately, journalists become experts in the technical solutions to protect their sources by default.

Finally, enough strengthens free speech and freedom of information as vital features of a meaningful discourse in democratic societies. In a response to increasing limitations of these values on a political level, it constitutes an empowering bottom-up approach for citizens to exercise their right to freedom of expression.


#2

This is a great start! Here is an edited version:

White Paper – enough

Introduction – What is Enough?

Enough is a platform for journalists, sources and human rights defenders to communicate privately and securely. It starts as a service offering the same functions and level of security as an online storage provider (such as DropBox, Google Drive etc.). From there, it can be upgraded progressively with more sophisticated measures, starting with 2 Factor Authentication (2FA) up to an airgap machine dedicated to decrypting classified documents.

Mostly, its users will be journalists and civil society representatives who do not require the high-level security option, because the cloud option is simply “enough” for them. As they learn about more complicated techniques, Enough adapts and upgrades to match their skills. In the long run, the goal is to contribute to a change in culture among journalists and enable them to use secure communication tools that better protect their privacy.

A community of individuals provides support and hosting for Enough. Organizations supporting investigative journalist or human rights defenders are welcome to join and get the help they need. Members of the community aim at strengthening principles and realities, which support a more transparent, fair and equal society based on democratic values and mutual respect among citizens.

The Problem

One of the major challenges in the digital era is the establishment of secure communication and data storing facilities. In a continuously advancing process of digitalization, online communication becomes the norm and involves an increasing number of intermediaries. At the same time, the increasing access of governments and corporations on citizens’ personal data creates an imbalance in power, significantly jeopardizing individual privacy. To safeguard civil liberties in the digital era, it is thus important to counterbalance this trend by developing and supporting tools to allow individuals to maintain control over their digital lives.

This concerns journalists, human rights defenders as well as their sources in a particular manner, as by default, they often operate on matters concerning breaches of civil liberties, democratic principles, human rights, abuse of power and other forms of misconduct. In addition, the lack of effective whistleblower protection measures and freedom of information laws puts sources, their lives and livelihoods at unnecessary risk, particularly when they share sensitive information (For more information on the relationship between encryption and the safeguarding of freedom of expression, please consider: United Nations Human Rights Special Procedures. Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, 2018 https://freedex.org/wp-content/blogs.dir/2015/files/2018/07/EncryptionAnonymityFollowUpReport.pdf).

Technical solutions offering the necessary privacy, such as encrypted channels or data storage solutions that do not require an intermediary, can significantly minimize these risks while at the same time allowing information to flow. However, in many cases, there is a lack of the technical expertise to apply these tools: Sources have no time to learn, and journalists are no technical experts. They need solutions tailored to their needs and unencumbered by details that are not directly relevant to them.

Proposed Solution

To respond to this situation, we propose the communication platform Enough. Based on Free Software technology and developped by a decentralized community, it offers journalists and human rights defenders a way of communicating and exchanging documents with their sources. It is offers the same features as well known commercial technical solutions (DropBox, Google Drive, etc.), thus providing a familiar user experience. And it also removes the need for an intermediary which guarantees independence in data management.
Enough constitutes an effective entry point for journalists and activists to more secure communication, as it is similar to technological solutions they are used to work with on a daily basis. Additional options of the interface – beyond the reception of information from outside sources – include the possibility to store documents in an encrypted cloud system, as well as additional, but voluntary functions to enhance security and privacy.

Both of these features – an easy-to-use, familiarly designed data management platform combined with decentralized, encryption technology allowing increasing levels of security – contribute to a general raise of awareness and better understanding of technical solutions to enhance privacy and data protection. Enough underlines and reinforces the benefits of encryption measures, while at the same time demystifying their application. As a result, journalists and human rights defenders become more autonomous in digitally protecting their sources, the information they are handling and ultimately themselves. This is why Enough – although facilitating the exchange of documents between sources and recipients – should not be understood as a leaking platform in the traditional sense. Instead, it is set up in a manner, which encourages autonomy and learning new security concepts.

For sources, Enough provides a simple platform to submit documents. The anonymous drop box system significantly enhances their personal security by safeguarding their identity.

How it works

Organizations or individuals who employ Enough will be provided with access to an Free Software data management service, which can be accessed through a web browser, a desktop client or via a smart phone app. The service can be hosted via institutional or private servers, or via the servers of the Enough community. Depending on the users of Enough – whether they be individuals or part of a consortium – the setup of the drop box is reasonably flexible.

The application for journalists

At the base, Enough works like any other cloud storage service. It also includes a function that allows to receive and access files which have been submitted anonymously. Due to the Free Software nature of the cloud service provider, journalists maintain control over the files they store within Enough. The risk of information being tracked is reduced.

With increased understanding of the benefits of the service as well as familiarity with its technical implications and options, journalists may choose additional levels of security within their personal settings. These include Two Factor Authentication, End to End encryption, .Tor Hidden Services etc. At the ultimate level, journalists may choose the option of introducing an airgap machine to decrypt documents, granting the highest level of security and a requirement for SecureDrop.

The application for sources

Sources access the application via a single web page, which is linked from the website of the journalist, consortium or NGO they wish to contact. There, files they wish to share can be uploaded. This allows them to share relevant information anonymously and securely via an encrypted channel.

The Enough Community

A horizontal community of volunteers sustains Enough. The individuals who constitute this community have different professional backgrounds, but are united by the aim to promote freedom of expression through the empowerment of journalists, human rights defenders and their sources.

The Enough community is the main developer and promoter of the service, provides advice on its use as well as technical support in application and self-hosting. For independent journalists who do not have a server of their own at their disposal, it provides the necessary infrastructure to employ the tool.

The community is organized in a decentralized, horizontal manner, distributing authority equally. To ensure that members interact in a well-defined, respectful and sustainable way that allows creative collaboration, it has established a Code of Conduct (https://enough.community/blog/2018/07/22/code-of-conduct/), which governs any interaction between members and users.

Benefits – Immediate and long term

Enough offers short- and long-term benefits. First, it provides a simple, easily applicable leaking system, which allows documents to be shared securely. In an environment where whistleblowers cannot yet rely on the protective measures they merit, this is an important contribution to the facilitation of their activities, which can benefit the whole of society.

Secondly, Enough encourages journalists to become more aware of technical solutions that not only protect their sources, but ultimately themselves and their work. The interface invites users to employ additional features on a daily basis, such as the possibility to store their own documents and share them with colleagues. The encrypted and decentralized nature of the tool makes journalists and human rights defenders less prone to attacks from the outside.

At the same time, Enough contributes to a changed perception of encryption technology, and demystifies its application. By doing so, the tool leads users to become more tech-savvy and aware of the potential of technical solutions in facilitating their work. In the long-run, the tool thus feeds into to a change in culture regarding the perception of encryption technology as something reserved for experts. Ultimately, journalists become familiar with the technical solutions that are best suited to protect their sources.

Finally, Enough strengthens free speech and freedom of information as vital features of a meaningful discourse in democratic societies. In a response to increasing limitations of these values on a political level, it constitutes an empowering bottom-up approach for citizens to exercise their right to freedom of expression.


#3

For the record, here is the next iteration of the white paper, with modifications from @veronika & Sarah & myself. I think we need a tool for collaborative editing: the wiki feature of discourse is not good enough for that kind of document.

White Paper_MASTER.odt (27.4 KB)
White Paper_MASTER.pdf (46.5 KB)


#4

For the record here is the current PDF version of the document.

WhitePaper_final.pdf (281.3 KB)


#5

@veronika this looks great :clap: :sparkles: A few minor edit suggestions are below:

  • s/or data storage solutions/or data storage/
  • s/well-known commercial technical solutions/well-known solutions/
  • s/drop box system significantly enhances/drop system significantly enhances/
  • s/the setup of the drop box is reasonably flexible/the setup is reasonably flexible./ (the entire setup is flexible, not just the anonymous drop)
  • remove /There, files they wish to share can be uploaded./
  • s/to protecting their sources and ultimately their work./to protecting their sources and their work./

#6

And here is the final version :tada:

WhitePaper_final.pdf (280.5 KB)


#7

A revised and improved version for archive:

White Paper_MASTER.odt (84.9 KB)