ARE YOU AWARE that the recording device on your smartphone can be activated remotely and record sensitive conversations? And that the webcam on your PC can film inside your office without you knowing?
For most people, debates about the snooping NSA and GCHQ are little more than great material for a chat down the pub, but for human rights defenders around the world, digital security is synonymous with personal security. For a gay rights campaigner in Honduras or a trade unionist in Colombia, safety from interception of communications or seizure of data can be the difference between freedom or imprisonment, life or death.
Digital surveillance has been described as “connecting the boot to the brain of the repressive regime”. Governments are developing the capacity to manipulate, monitor and subvert electronic information. Surveillance and censorship is growing and the lack of security for digitally stored or communicated information is becoming a major problem for human rights defenders in many countries.
By hacking into the computer system of a human rights organisation, governments or hostile hackers can access sensitive information, including the details of the organisation’s members and supporters. They can also install spyware or viruses to monitor or disrupt the work of the organisation.
One of the best-documented cyber attacks on an NGO was the hacking of the Political Prisoner’s Solidarity Committee, a Colombian human rights organisation. The organisation’s email account was hacked and used to send malicious viruses and spam messages, and all employee work email accounts were deleted.
The hacked email account was also used to send threatening emails to a member of the organisation based in a different region. Their offices were broken into and the hard disk of one computer was stolen and replaced with a faulty one. Spyware was found on the computer used to maintain the organisation’s website; this recorded all the information on the computer and sent it via the internet to an unknown location. This cyber attack also coincided with a wave of anonymous phone calls and direct threats to staff members.
In this digital age how can human rights defenders make sure their online communications and their data are safe and that they are not putting themselves or colleagues in danger?
This is where Front Line Defenders is able to give practical help. With a security grant from Front Line Defenders, the Political Prisoner’s Solidarity Committee installed a new secured server and router, and upgraded their whole computer security system. We also organised a workshop on digital security for all the members of their organisation.
This was useful for a seriously at-risk organisation. But there are effective steps all of us can take to stay safe. Most of us have a computer or laptop and most have a password. That password is probably a cat’s name or a daughter’s name – which can be broken in about 10 seconds. Simply by changing your password to a longer one which combines upper case, lower case and digits makes the password virtually unbreakable and is a simple, first step to improve your online security.
Recent revelations have shown that even encrypted communications that were previously thought to be secure have been built with deliberately included “back doors”, so that organisations like the NSA and GCHQ can access information that people think is secret. One protection against these built-in weaknesses is to use open-source software – this is software not provided by a big-name company like Microsoft or Apple, but one in which the workings of the software are made available for all to see, so that any such intended weakness in the encryption would be spotted and exposed by the global community of digital security experts.
Even if authorities or malicious hackers can’t see what you’re communicating, it can still be possible for them to see when you communicate and with whom. The Tactical Technology Collective has said, “If you use a computer, surf the internet, text your friends via a mobile phone or shop online – you leave a digital shadow.” If you want to find out the size of your digital shadow, and more importantly want to know what you can do about it, visit their award-winning website myshadow.org.
Security in-a-box is a collaborative effort of the Tactical Technology collective and Front Line Defenders. It was created to meet the digital security and privacy needs of advocates and human rights defenders, but can also be used by members of the public. Security in-a-box includes a how-to booklet which addresses a number of important digital security issues.
It also provides a collection of Hands-on Guides, each of which includes a particular freeware or open source software tool, as well as instructions on how you can use that tool to secure your computer, protect your information or maintain the privacy of your internet communication.
When we started our Digital Security Programme we only ran one or two trainings per year. Now we are organising workshops on digital security all over the world, sometimes in secret locations for human rights defenders from countries where even to use the word “encryption” in an email would bring you under the eagle eye of the security services.
Electronic communication enables human rights defenders to network and cooperate as never before but survival depends on having a clear understanding of the risks involved and the need for a well thought-out digital security strategy.
Mary Lawlor is the founder and Executive Director of Front Line Defenders.
From the 9–11 of October, Front Line Defenders will be hosting the 7th Dublin Platform for Human Rights Defenders in Dublin Castle. Bringing together 130+ at-risk human rights defenders from 85 countries. As part of a broader agenda, the Dublin Platform will provide a full day of intensive training in digital security followed up with one-to-one digital security clinics. The digital security training provided by Front Line Defenders is based on a manual called Security in-a-Box, which is available online, and it covers everything from secure passwords and protecting your email to mobile and social-media security.
To embed this post, copy the code below on your site
have your say