2 Years of Open Privacy
11 Feb 2020
Two years ago, on February 11th 2018, we officially incorporated the Open Privacy Research Society. Since then we’ve grown so much as an organization. We now have 8 board members, and 4 staff members, multiple open source projects, an office and, most importantly, an active and amazing base of supporters who enable us to do our important work - researching and developing privacy enhancing technologies focused on those people and communities that need them most.
To celebrate our 2nd year anniversary I would like to invite you to review some of the amazing work that you helped support in 2019 - and once again ask for your help and support to help us continue our mission in 2020.
Disclosing Critical Cryptographic Flaws in E-voting in Switzerland and Australia
In March, our Executive Director, Sarah Jamie Lewis along with Vanessa Teague (University of Melbourne), and Olivier Pereira (UCLouvain) published details of critical vulnerabilities impacting evoting systems in Switzerland and Australia. These vulnerabilities were soon confirmed by the vendor Scytl, resulting in an emergency patch being installed during an election in New South Wales, and a “temporary” suspension of evoting offerings by Swiss Post.
In June the Swiss Federal Council, citing these disclosures, delayed the introduction and evoting as an official option, and shortly after SwissPost announced that it would not be offering its system for use in the October federal elections (despite having offered it in previous elections).
Just as math can protect the speech of the marginalized from the powerful, it can also be used to prove to everyone that power is not working as it claims.
Speaking math to power works.
Building on Cwtch
At the end of our 2018 year we delivered the first alpha version of Cwtch. This was met with great excitement and enthusiasm from the wider community, attracting a number of volunteers who have contributed code, bug reports, testing, translations and documentation.
Throughout 2019 we have been pushing this alpha version forward, improving the experience on Android, and introducing a first cut of managing multiple anonymous identities.
This push will continue in 2020. We recently hired a staff designer to develop a cohesive user experience for Cwtch (more on that coming soon). Research and development remains a top priority as this is a space where many unsolved problems remain - however - we expect 2020 will be the year where the technologies developed for Cwtch will start making their way out of the research cycle, and into applications that people can download and use.
Exposing Breaches of Patient Healthcare Records Across Vancouver (and beyond)
In September we publicly disclosed the existence of a breach that exposed the sensitive medical information of patients being admitted to hospitals across the Greater Vancouver Area. Patient medical records were being broadcast, unencrypted, by hospital paging systems, and these broadcasts were trivially interceptable by anyone in the Greater Vancouver Area.
Shortly after the disclosure we received an update from Vancouver Coastal Health acknowledging the breach and taking steps to minimize the impact of the breach.
In December we received a response to our Freedom of Information request demonstrating that Vancouver Coastal Health did not act decisively on our original disclosure (in November 2018), and instead only took the breach seriously when we contacted a journalist 9 months later. We also learned that several other health authorities may be breaching patient data in similar ways. We are still awaiting the results of an OIPC investigation into this data breach. For more information please consult our full disclosure timeline.
OP:Sec
Since our inception, the OP:Sec program has allowed Open Privacy staff to contribute their technical security knowledge and experience directly back to the communities we serve. In addition to our regular 1:1 free consultations, in 2019 we assisted a sex worker support & advocacy organization in responding to an incident of white supremacist harassment, helped improve their organizational security, and worked with individual staff to help secure their online presences.
The nature of our OP:Sec work makes it simultaneously one of our most-rewarding and least-public activities. In 2020 we will seek to expand the program to make it more accessible and better able to create pillars of digital safety knowledge within our community. To accomplish this, we’ll be creating an OP:Sec Council to direct our research and oversee the creation and dissemination of evidence-based materials informed directly by the unique challenges faced by sex worker and queer communities interacting with technology. This will be a major undertaking and interested potential funders are urged to contact Erinn directly to find out more about our plans.
In Closing
With those in mind, today we are launching our fundraising campaign for 2020. Last year we raised 60% of our $300,000 goal. This year we are aiming to get over that line.
We believe the work that we do is important, necessary and critical to realizing the dream of a world free from oppression, surveillance and censorship. Please help us continue our mission by pledging today to support us through Patreon or donate to us directly via Bitcoin, Monero or Zcash.