Adapting Secure File Storage Tools for Human Rights Defenders
Least Authority is committed to supporting privacy as a fundamental human right and to actively participate in making privacy-focused open-source tools available for everyone. In the case of human rights defenders, protecting their sensitive files—including reports, photos, videos, and other documentation—is a necessity, and at times, a matter of the personal safety of themselves and of those they seek to protect.
In early 2019, Least Authority received funding from the Open Technology Fund (OTF) to launch our pilot project, Organizational Deployment of Secure Distributed Storage with Tahoe-LAFS. This project aims to support human rights organizations with their particular needs for sharing and storing data safely and securely. Providing such organizations access to this type of technology enables them to share sensitive data via channels that are free of restrictions and surveillance.
Threat models for organizations who defend human rights and monitor and document abuses include protecting stored information on human rights workers’ devices or in transit between communicating parties, protecting information on organization infrastructure, and ensuring that services run by the organizations (both public and internal) are operational, updated, and secure.
Many human rights organizations have distributed teams that require collaboration through data sharing. These teams need to be able to work remotely, from any part of the world, while still being able to efficiently share documents and data in a secure and usable way.
Least Authority’s file storage tools include four main open-source pieces, integrated to form a comprehensive solution. They are:
- Tahoe-LAFS (Least Authority File Store) is a secure cloud-based file system. It can be set up as a decentralized, fault-tolerant, distributed file system.
- Gridsync is a cross-platform desktop application that provides a graphical user interface (GUI) for end users of Tahoe-LAFS, making the tool easy to use by technical and non-technical users alike.
- Magic Folders is a feature of Tahoe-LAFS that provides bidirectional synchronization between two computers.
- Magic Wormhole is a secure file transfer technology, that offers a way to get large files or directories from one device to another, without two parties needing to know each other’s identities, email or phone number.
In order to effectively adapt these tools for human rights organizations, we are learning from the expertise of people who know the day-to-day challenges and realities of the needs we are seeking to address.
Following our outreach about this pilot project, we identified several organizations that have been willing and interested in sharing with us how they work, what tools they currently use, and what challenges and gaps they face.
Through interviews, surveys, and user testing (and many, many sticky notes to organize the research data) we are gaining an understanding of the needs that human rights teams have for secure file storage. With this insight, we can iteratively improve our file storage tools and create documentation to achieve the goal of a free, open-source tool that can be used easily by human rights organizations around the world.
Abigail Garner is a project manager at Least Authority.