here’s a proposal for a White Paper which we can use to approach funders and promote the tool in general. It’s a first draft, and I am hoping for tons of feeback so I can refine it Please give some feedback until August 26. Watch out for two sections in italic please - while writing, I was not sure whether this is correct the way I put it. In general, I think this whole thing is a bit thin on the technical side, so I’d be especially grateful for input on that.
What is included in brackets will be footnotes in the actual document.
White Paper – enough
Introduction – What is enough?
enough is a platform for journalists, sources and human rights defenders to communicate privately and securely. It starts as a service offering the same functions and level of security as an online storage provider (such as DropBox, Google Drive etc.). From there, it can be upgraded progressively with more sophisticated measures, starting with 2FA up to an airgap machine dedicated to decrypting classified documents.
Mostly, its users will be journalists and civil society representatives who do not require the high-level security option, because the cloud option is simply “enough” for them. As they learn about more complicated techniques, enough adapts and upgrades to match their skills. In the long run, we want to contribute to a change in culture among journalists and enable them to use encrypted communication tools as a default.
A community of individuals provides support and hosting for enough. Organizations supporting investigative journalist or human rights defenders are welcome to join and get the help they need. Overall, we aim at strengthening principles and realities, which support a more transparent, fair and equal society based on democratic values and mutual respect among citizens.
One of the major challenges in the digital era is the establishment of secure communication and data storing channels: in a continuously advancing process of digitalization, online communication becomes the norm. At the same time, the increasing access of governments and corporations on citizens’ personal data creates an imbalance in power and privacy significantly jeopardizing individual liberties. To safeguard civil liberties in the digital era, it is thus important to counterbalance these tendencies by developing and providing tools, which allow individuals to maintain control over their digital lives.
This concerns journalists, human rights defenders as well as their sources in a particular manner, as by default, they often operate on matters concerning breaches of civil liberties, democratic principles, human rights, abuse of power and other forms of misconduct. In addition, the lack of whistleblower protection measures and freedom of information laws puts sources, their lives and livelihoods at unnecessary risk, particularly when they share sensitive information (For more information on the relationship between encryption and the safeguarding of freedom of expression, please consider: United Nations Human Rights Special Procedures. Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, 2018 https://freedex.org/wp-content/blogs.dir/2015/files/2018/07/EncryptionAnonymityFollowUpReport.pdf).
Technical solutions offering the necessary privacy, such as encrypted channels, can significantly minimize these risks while at the same time allowing information to flow. However, in many cases, these actors lack the technical experience to apply these tools: Sources have no time to learn, and journalists are no technical experts. This is why they require an easy-to-use solution.
To respond to this situation, we propose the innovative communication platform enough. Based on open source technology and embedded within a decentralized, horizontal community, it offers journalists and human rights defenders a simple way of communicating and exchanging documents with their sources. It is modelled after more traditionally used, commercial technical solutions, thus providing a familiar user experience while guaranteeing independence in data management.
enough constitutes an effective entry point for journalists and activists to more secure communication, as it is similar to technological solutions they are used to work with on a daily basis. Additional options of the interface – beyond the reception of information from outside sources – include the possibility to store documents in an encrypted cloud system, as well as additional, but voluntary functions to enhance security and privacy.
Both of these features – an easy-to-use, familiarly designed data management platform combined with decentralized, encryption technology allowing increased and increasing levels of security – contribute to a general raise of awareness and better understanding of technical solutions to enhance privacy and data protection. enough underlines and reinforces the benefits of encryption measures, while at the same time demystifying their application. As a result, journalists and human rights defenders become more autonomous in digitally protecting their sources, the information they are handling and ultimately themselves. This is why enough – although facilitating the exchange of documents between sources and recipients – should not be understood as a leaking platform in the traditional sense, which by design depend on the hosting entity. Instead, enough is set up in a manner, which encourages autonomy in application as a final directive.
For sources, enough provides a simple platform to submit documents. The anonymous drop box system significantly enhances their personal security by safeguarding their identity.
How it works
Organizations or individuals who employ Enough will be provided with access to an open source data management service, which can be accessed through a web browser, a desktop client or via a smart phone app. The service can be hosted via institutional or private servers, or via the servers of the enough community. Depending on the users of enough – whether they be individuals or part of a consortium – the setup of the drop box is reasonably flexible.
Enough includes an instant messaging feature, which allows secure follow-up communication between journalist and source, based on encrypted technology.
The application for journalists:
At the base, enough works like any other commercial cloud service. In addition to that, it includes a function that allows to receive and access files which have been submitted from outside. Due to the open source nature of the cloud service provider, journalists maintain control over the files they store within enough. The risk of information being tracked is reduced to a minimum.
With increased understanding of the benefits of the service as well as familiarity with its technical implications and options, journalists may choose additional levels of security within their personal settings. These include Two Factor Authentication and other, more commonly used encryption methods. At the ultimate level, journalists may choose the option of introducing an airborne laptop, which allows them the use of the SecureDrop application, granting the highest level of security in receiving and storing files.
The application for sources:
Sources access the application via a simple link, which can be made available via the website of the journalist, consortium or NGO they wish to contact. There, files they wish to share can be uploaded to the respective enough application. This allows them to share relevant information immediately and securely via an encrypted channel, without going through an intermediary stage.
Furthermore, the landing page introduces sources to other secure channels, such as Signal or Wire, and invites them to contact their addressees via these applications as well if required.
The Enough Community
A horizontal community of volunteers sustains enough. The individuals who constitute this community have different professional backgrounds, but are united by the aim to promote freedom of expression through the empowerment of journalists, human rights defenders and their sources.
The enough community is the main developer and promoter of the service, provides advice on its use as well as technical support in application and self-hosting. For independent journalists who do not have a server of their own at their disposal, it provides the necessary infrastructure to employ the tool.
The community is organized in a decentralized, horizontal manner, distributing authority equally. To ensure that members interact in a well-defined, respectful and sustainable way that allows creative collaboration, it has established a Code of Conduct (https://enough.community/blog/2018/07/22/code-of-conduct/), which governs any interaction between members and users.
Benefits – Immediate and long term
enough offers a number of short- and long-term benefits. First, it provides a simple, easily applicable leaking tool, which allows documents to be shared securely. In an environment where whistleblowers cannot yet rely on the protective measures they merit, this is an important contribution to the facilitation of their activities, which can benefit the whole of society.
Secondly, enough encourages journalists to become more aware of technical solutions that not only protect their sources, but ultimately themselves and their work. The straightforward interface of the application invites users to employ additional features on a daily basis, such as the possibility to store documents. The encrypted and decentralized nature of the tool makes journalists and human rights defenders less prone to attacks from the outside.
At the same time, enough contributes to a changed perception of encryption technology, and demystifies its application. By doing so, the tool leads users to become more tech-savvy and aware of the potential of technical solutions in facilitating their work. In the long-run, the tool thus feeds into to a change in culture regarding the perception of encryption technology as something reserved for experts. Ultimately, journalists become experts in the technical solutions to protect their sources by default.
Finally, enough strengthens free speech and freedom of information as vital features of a meaningful discourse in democratic societies. In a response to increasing limitations of these values on a political level, it constitutes an empowering bottom-up approach for citizens to exercise their right to freedom of expression.