Digital Security and Privacy for Activists

Every person needs security and privacy. The work of civil society and human rights defenders and activists (Activists) makes this need even more pressing. Modern communication and information tools like mobile phones, digital cameras, computers and the Internet are increasingly part of everyday work. Thanks to them activists can now build an effective and globally targeted campaign with a few mouse-clicks. The Internet makes networking much easier especially with the presence of social networking websites, both for activists as well as other people. The growth in internet use unfortunately is being matched by increasing efforts by repressive governments to control it. Increasing number of countries openly declare their intention of filtering and blocking this information exchange as a way to protect morality, religious or political beliefs. The Internet was not designed with security and privacy in mind and unfortunately it offers easy ways to spy and censor the activities of its users. Tracing what information people post and read has become a habit for commercial firms (to increase profits) but more importantly also for governments (to maintain tight control over society). Government is particularly well positioned to perform this task in a very effective and complete way, having access at the exchange level to most of the communication channels like phones, the Internet, paper letters, financial exchanges carried out with banks and bank cards.

The spying on and censorship of the Internet is being carried on both in relation to reading web pages and posting information on them, sending/receiving emails and as well text or voice chatting (instant messaging and voice over IP - internet telephony). The ease with which digital information is gathered, stored for extended time and indexed makes it possible to relate all of the peaces of information to another making a more and more complete picture of a given person's or organisation's activities, preferences, partners, resources, etc. Another side of the same coin is the ability to publish information. How to by pass the censorship systems and post it so that it does not undermine your own security, post it in an anonymous way so that the censors would not know how to get back to the source, the author of the information.

2007 has seen an increasingly worrying level of co-operation between big U.S. companies like Microsoft, Google, Yahoo!, Skype and Cisco with oppressive governments like China or Iran to filter and spy on the internet. It has become essential for any user of this modern technology to understand the risks and effects of using it. If multinational companies continue to value profit and market expansion over ethical considerations and continue passing that ethical responsibility on others, soon we will have to assume that all our communications are spied on.

Another important aspect of digital protection is the physical security of your information. We are all storing more and more very private data in mobile or so called smart phones, palmtops/PDA's, digital cameras, external hard drives, USB pen-drives, CD/DVD's. Computer remember lots of information about what we did on it, which pages we have seen, etc. to help us work more efficiently. Lets add to this that it requires additional effort to get rid of the information from the computer as normal deleting and emptying the recycle bin does not make information disappear from the computer. Also, lots of information is lying around our office or is being dumped in the garbage as printed paper. All this information may become a threat if it falls into inappropriate hands. It is important to regain control over where and in what form our information is being stored. So we can be safe when we are carrying the laptop over the border, or if our equipment together with all this information is destroyed or stolen. It is essential that we do not undermine others or our own security and that we can resume work in short time.

However, the above concept may seem: difficult and may not seem intelligible easy or natural., Digital communication is a new, young aspect of reality. Something like a new language that we all have to master, like a strange new country where we have to create proper behavioural reactions in order to evolve and survive. Security is also not a product, it is not a pill that we will buy, swallow and feel secure from now on. It is a constantly changing set of circumstances, tools, ways of communicating, understanding and consciousness. We have to adapt to changing conditions. Security is also holistic process. You are as secure as the weakest link in the circle of actions and tools you are using. Thus you have to take care of your security from all sides, starting with the physical security of how your data is stored, through the security that you apply to your computer and other devices and ending up with the way you use the internet and other communications channels (phones, paper letters, financial activities, etc.)

But most importantly it is possible to increase your security. It is possible to take relatively simple actions and make a big change in the level of your security and privacy. In response to this task Front Line together with Tactical Tech and a number of other organisations created a project called Security Edition of NGO in a Box. It is a toolkit of peer-reviewed free and open-source software, materials and guides to provide digital security and privacy. Its aim is to simplify this complicated area and reduce the overwhelming choices often faced by people when trying to find solutions to their problems. Recommended software is reviewed, explained and accompanied by installation and user guides in multiple languages. Each tool is accompanied with clear explanations and tips written for the non-technical user. The whole toolkit is available online on the Internet – you can get it from the Front Line website. Toolkit is also available on a CD. The toolkit is currently available in French, Spanish, Arabic, Russian and English.

The toolkit covers a wide range of topics and skills that are essential to the modern activist, like:

1. Communicate, collaborate with someone in such a way that it can't be listened to
2. Ensure my information, files cannot be accessed without my permission
3. Prepare myself against data loss because of disaster, theft, confiscation or any other cause.
4. Bypass Internet censorship
5. Publish information anonymously.
6. Keep my computer healthy and functional
7. Increase physical protection for my data
8. Create and maintain good passwords
9. Destroy sensitive information
10. Internet and Mobile Phone safety and best practices

Reference:

• Front Line
• Security Edition of NGO in a Box
• Tactical Tech
• Reporters Without Borders
• The OpenNet Initiative
• Global Voices Advocacy

About author

Wojtek Bogusz is a digital security and information systems co-ordinator working with Front Line – Dublin based International Foundation for the Protection of Human Rights Defenders. You can contact him on email wojtek (AT) frontlinedefenders (DOT) org or also through the group email of Security Edition of NGO in a Box project: security (AT) ngoinabox (DOT) org