No 32, January 2008 Digital Security and Privacy for Activists An introduction - by Wojtek Bogusz, Front Line Email, Internet, web posting, text messaging, phone calls – all of these make activism easier, but for many living in highly restrictive states, they also make it ever more precarious. During 2008, each CSW Monthly Bulletin will feature a special column examining Digital Security and Privacy for Activists. This will provide hints and advice on how to make your use of the Internet and communications safer and more secure. The column will be edited by members of the project “Security Edition of NGO in a Box”. In this month’s column Wojtek Bogusz from Front Line provides a general overview and introduction to the issues activists and other should think about when considering greater digital security. Every person needs security and privacy. The work of civil society and human rights defenders and activists (activists) makes this need even more pressing. Modern communication and information tools like mobile phones, digital cameras, computers and the Internet are increasingly part of everyday work. Thanks to them activists can now build an effective and globally targeted campaign with a few mouse-clicks. The Internet makes networking much easier, especially with the presence of social networking websites. The growth in internet use, however, is unfortunately being matched by increasing efforts by repressive governments to control it. The Internet was not designed with security and privacy in mind and so it permits easy ways to spy and censor the activities of its users. Tracing what information people post and read has become a habit for commercial firms (to increase profits) but more importantly also for governments (to maintain tight control over society). Governments are particularly well positioned to perform this task as they can easily have unrestricted access to most communication channels such as phones, the Internet, paper letters, and financial exchanges carried out through banks and credit cards. More and more countries are now openly declaring their intentions to filter and block the exchange of information as a way to protect morality, religious or political beliefs [5]. The surveillance and censorship of the Internet is being carried out both in relation to tracking who reads and posts information on web pages, as well as sending and receiving emails and even text or voice chatting (instant messaging and voice over IP - internet telephony). The ease with which digital information is gathered, stored for extended period of time and indexed makes it possible to relate all the various pieces of information making a more and more complete picture of a person's or organisation's activities, preferences, partners, resources, etc. Another side of the same coin is the ability to freely publish information. For activists living in highly restrictive countries, it is important to know how to bypass censorship systems and post information so that it does not undermine their own safety, as well as how to post it in an anonymous way so that the censors cannot identify or track the author of the information [6]. Recent years have seen an increasing and worrying level of co-operation between big U.S. companies like Microsoft, Google, Yahoo!, Skype and Cisco with oppressive governments like China and Iran in order to filter and spy on the Internet. It has become essential for any user of this modern technology to understand the risks and effects of using it. If multinational companies continue to value profit and market expansion over ethical considerations and continue passing that ethical responsibility onto others, soon we will have to assume that all our communications are spied on. For example, Yahoo! handed over emails to the Chinese government, leading to the arrests of a number of journalists. Some countries also censor queries in search engines and messages in instant messaging services, such as Google, Yahoo!, and Microsoft MSN. Another important aspect of digital protection is the physical security of your information. We are all storing more and more very private data in mobile or so called smart phones, palmtops/PDA's, digital cameras, external hard drives, USB pen-drives, and CD/DVD's. Computers remember an abundance of information about what we did, which pages we have seen, and so on, to help us work more efficiently. Let’s add to this that normal deleting and emptying of the recycle bin does not make information disappear from the computer, it requires additional effort to totally rid your computer of the information. Also, a lot of information is lying around our offices or is being dumped in the garbage as printed paper. All this information may become a threat if it falls into inappropriate hands. It is important to regain control over where and in what form our information is being stored, particularly if we consider carrying a laptop over the border, or the possibility that our computers together with all our information could be destroyed or stolen. It is essential that we do not undermine our own or others’ security, and that we can resume work quickly. We are seeing cases of activists in Iran, Russia and other countries where computers are confiscated and scanned for sensitive information. The results of those scans are then used by police during subsequent interrogations. The above concepts may not seem intuitive, easy or natural. Digital communication is a new aspect of our reality. Almost like a new language we all have to master, or like a strange new country where we have to develop certain behaviours in order to evolve and survive. Security is also not a product - it is not a pill that we will buy, swallow and feel secure. It is a constantly changing set of circumstances, actions, tools, decisions, ways of communicating, understanding and consciousness. We have to adapt to changing conditions. Security is also a holistic process. You are as secure as the weakest link in the circle of actions and tools you are using. Thus you have to take care of your security from all sides, starting with the physical security of how your data are stored, through to the security that you apply to your computer and other devices, in addition to the way you use the internet and other communications channels (phones, paper letters, financial activities, etc.) But most importantly, it is possible to increase your security. It is possible to take relatively simple actions and make a big change in the level of your security and privacy. In response to this task Front Line [1] together with Tactical Tech [3] and a number of other organisations created a project called the Security Edition of NGO in a Box [2]. It is a toolkit of peer-reviewed free and open-source software, materials and guides to provide digital security and privacy. Its aim is to simplify this complicated area and reduce the overwhelming choices often faced by people when trying to find solutions to their problems. Recommended software is reviewed, explained and accompanied by installation and user guides in multiple languages. Each tool is accompanied with clear explanations and tips written for non-technical users. The whole toolkit is available online on the Front Line website. The toolkit is also available on a CD. The toolkit is currently available in French, Spanish, Arabic, Russian and English. Over the next few months, the CSW Monthly Bulletin will feature a column on Digital Security, covering each of the topics in the toolkit, including: 1. Preventing eavesdropping on your communications; 2. Ensuring your information or files cannot be accessed without your permission; 3. Preparing yourself against data loss due to disaster, theft, confiscation or any other cause; 4. Bypassing Internet censorship; 5. Publishing information anonymously; 6. Keeping your computer healthy and functional; 7. Increasing physical protection for your data; 8. Creating and maintaining good passwords; 9. Destroying sensitive information; 10. Internet and mobile phone safety and best practices. References: [1] Front Line: www.frontlinedefenders.org [2] Security Edition of NGO in a Box: http://security.ngoinabox.org [3] Tactical Tech: www.tacticaltech.org [4] Reporters Without Borders: www.rsf.org [5] The OpenNet Initiative: www.opennet.net [6] Global Voices Advocacy: http://advocacy.globalvoicesonline.org Author: Wojtek Bogusz is a digital security and information systems co-ordinator working with Front Line - International Foundation for the Protection of Human Rights Defenders, based in Dublin, Ireland. You can contact him on email wojtek@frontlinedefenders.org or through the group email of the Security Edition of NGO in a Box project: security@ngoinabox.org
|