Saturday, April 25, 2009

On computer security and underwear

There is an unsettling trend in Bangalore. Starting in January, groups of men started beating up women in the street, unprovoked. These men are vigilantes who intend to impose their view of Indian culture with their fists. They justified their action by saying the woman was not wearing the right clothes, not frequenting the right bar, or not speaking the right language.

My friends in Bangalore are members of a group that is rising awareness of the attacks with the public and with the police, as well as providing support to the victims. Their Pink Chaddi Campaign asked all women of India to send pink underwear to Shri Ram, the right-wing party member who sympathized with the thugs. And indeed, he received a truck-full of boxes of underwear. It was a powerful symbol that his views are refused by the people.

Now the violence has gone online. The Facebook group of the Pink Chaddi was hacked into, and the hacker defaced the page and ultimately deleted the group entirely. In order to stop the attacks, some computer wizs installed Linux on the only computer used to access the administrator panel of the group and changed all the passwords. But the attacks continued, suggesting that the hacker is making use of a security hole in the code implementing Facebook itself.

Despite many pleas, the administrators of Facebook have not taken any actions, whether to repair the group, to punish the perpetrator or to prevent further attacks. As far as they are concerned, the administrator password must have had been stolen and there is nothing they can do.

Building secure systems is already hard enough, even for the best programmers. But the story of the Pink Chaddi hack raises another issue. Designing a computer system so that the common case is secure enough is not sufficient. You need to be secure enough so that even political activists and investigative journalists are protected from retaliation. Personally, I may not be too concerned that emails can be read by anyone with access to any one routers on the way from my computer to its destination (emails are rarely encrypted.) Like most people, I can say that I have nothing to hide. However, I care deeply for the well-being of the journalists who bring me the news, and for the activists who help move my society forward.

No comments: