This essay discusses security design options for a problem faced by a newspaper company. National newspaper would like to conceal their activities regarding to publish government’s sensitive information. For months, national newspaper is going to do research involving many allies like government whistle-blower, international collaborator, and other resources. Therefore, the teams who responsible to this issue may need a suggestion about security design between them. They are going to exchange a large volume of data and use communication system between journalists and resources.
Besides prerequisite a strong secure communication system, newspaper company also concerns about confidentiality of work-in-progress stored inside their local storage. They may want to apply secure inventory management to store data securely until it is published. They may give different privileged among their staffs to access their data. They should prevent “a snake in the grass” that probably leak their asset to government, and only trust to small group of people.
This essay will further talk about two main things, how to build secure communication system and how to manage secure inventory management. The thing that should be considered first is the threat. The threat would most probably come from government, who has powerful capability as an adversary. This essay also discusses what kind of threat system can be handled.
Most country has its intelligence agencies that doe some secrets activities in order to keep secure their country. Some of them achieve it with mass-surveillance program that now is widely known by public. In India, government owns Centralized Monitoring System (CMS) program that able them to collect data, capture emails, listen phone conversation, and tracking search engine from its citizens . Russia has programs called SORM (System for Operative Investigative Activities) built in mid- 1980. SORM-I is able to eavesdrop telephone communication, including network, SORM-II is able to monitor Internet communication and voice over IP, and SORM-III collecting data from any media .
US and UK’s mass-surveillance programs, which has famously become headline of several newspaper recent days, are gathering Internet traffic not only from local citizens but also worldwide . US’s capabilities are powerful with PRISM as well as UK’s with its Tempora. Since snowden-leaks issued recently, there are several articles in web that discuss how those programs work technically. This essay will take US and UK surveillance model as a reference to build threat models for this newspaper company. Identification of threat capability in this essay is limited with what that has been leaked by whistle blower, and those that has been written in media. It doesn’t cover if government still has top-secret technology that has not been published.
As it has been mentioned before, United Kingdom has its Tempora as a mass-surveillance program....