Monday, July 16, 2007

Crackdown on the NexGen

I guess that all this was inevitable. The crackdown on our next generation of political activists has begun. Although the Malaysian authorities made their move against Nathaniel Tan (Nat) several days ago, I did not blog about it as I didn't want to blab off before getting more information.

It made the news yesterday, in an article on TheStar. According to the article, Nat is a PKR information bureau staff and webmaster and has been remanded for four days to facilitate investigations under the Official Secrets Act. He is suspected to have in his possession, classified documents linked to the Deputy Internal Security Minister's alleged involvement in corruption.

Although he is the same age as me, he has managed to accomplish much in his life. According to JeffOoi, Nat is a Harvard graduate who has the heart of a volunteer. He had served on humanitarian missions to East Timor, Sierra Leone and Aceh. This is a guy who isn't fazed by the hardships of war zones. Hopefully, that will come in handy when dealing with the hospitality of our local police.

From his sister's blog, he seems to be holding up well in remanded custody. He's said that the cops have "mostly been very nice to him (interrogation room is another story la) except one or two people have pushed him around a leetle bit" [sic]. He is also being very cautious with what he says during questioning and that's a smart thing to do. It doesn't help to dig a deeper hole, now that he's already in one.

From her blog, it would seem that some of the officers at the cyber crimes unit, spend their time in the office playing computer games. I'm not too certain of the capabilities of these people but I certainly hope that Nat was smart enough to have taken necessary precautions with his data. According to earlier reports, he was asked to bring his computer with him when the police came to escort him away.

This brings me to the issue of data protection. If the classified documents are in soft copy, I would have expected the government to use strong encryption to protect all it's sensitive documents. Encryption technology these days are so cheap and easy to use. GnuPG is an open source version of PGP and can be used to both sign and encrypt documents using high grade cryptographic keys under a public key scheme.

By using public keys, the government can easily distribute documents without fear of interception. Only the intended receipient can open up a document that has been encrypted under this scheme. In addition, the document can be signed so that any tampering can be immediately detected. This is particularly important for transmitting documents through email as the protocols used to transfer emails transmit entirely in clear text. When the Net was first conceived, everyone was honest and good.

As for Nat, I'm hoping that he has on the fly encryption (OTFE) enabled on his computer. TrueCrypt is an open source solution for this. This technology transparently intercepts all data transfers between the harddisk and memory to transparently encrypt and decrypt all data. In a situation where a computer is taken away for forensic investigation, it is essentially impossible to retrieve any incriminating documents from the harddisk without the suspect's cooperation (i.e. beating the password out of the suspect). It's just another additional hurdle that the authorities need to cross to get at any evidence.

Actually, this is important to do even if he has nothing to hide from the law. With notebook computers out selling desktops worldwide, it would be fairly common to misplace a computer with hundreds of gigabytes of potentially personal data, which may include personal banking details and many private emails, photographs and videos. So, it's actually important for everyone to encrypt their data. In the event that a computer goes missing, the other party would only get at the machine, not the data.

Anyway, I certainly hope that this stranger, comes out of this situation fine. It's his baptism by fire and he thinks so too, saying that both Anwar and TianChua have gone through worse. It's important to practise safe computing!

PS: There has to be some sort of technology link in this blog. It's afterall, supposed to be a technical blog!

PPS: I wonder who does all these opposition posters. They're quite poorly done.

No comments: