In today’s globalised, super-interconnected 2.0 world, information flows in all directions – whether we like it or not. We exchange information daily via telephone, E-mail, text message, Skype, facebook, pictogram, linkedIn… the list goes on. Yet just as communication platforms have increased exponentially, so has access to information (personal or public). Indeed, information exchange today is not just a two-way conversation between sender and receiver, but instead an open conversation that passes through Internet servers, hubs and the mysterious ‘Cloud’.
As any organisation working in the 21thcentury, but particularly one invested in the protection of human rights defenders, the staff of Protection International take very seriously the consequences of such free-flowing information on the safety of the colleagues and human rights defendersthey work with.
This is why on 16-17 September 2014, the PI Brussels staff put down their laptops, mobile phones, i-pads, tablets, i-watches… etc., and held a two-day “Training on Digital Security.” For PI, this training was part of an ongoing security training process, englobing not only online security, but also developing protection tools, capacities and security plans for human rights defenders, their organisations and communities.
The goal of the training was twofold: first to introduce digital security risks to new staff at Protection International’s Brussels office. Then, old and new staff discussed and developed together strategies, tools and tactics to affront these digital risks. “In today’s constantly changing cyber environment, it is important for PI to periodically assess the security of its communication channels used internally and with local partners, and repeatedly test and ensure the effectiveness of the tools we teach human rights defenders.” noted Claudia Lotzwig, a PI colleague having already participated in the training twice.
Oriented by Chapter 10 of PI’s Facilitation Guide, “Information Management and Digital Security,” PI colleagues began by mapping out what types of information they store and exchange and then identified which types of data could be sensitive. The initial realisation of just how much information is left ‘exposed’ in daily communications put the Brussels staff at unease: “When working with human rights defenders, diffusing information is essential and at times live-saving,” reflected PI Communications Officer Kelly Hendricks, “this training makes you realise however that confidential information, when not shared securely, could be putting those same defenders at high risk!”
“Still, the solution is not to just stop communicating altogether. Instead, a careful digital security strategy comprising security tactics must be developed.”
For PI’s Brussels staff, this strategy comprises first some simple tactics to reduce vulnerabilities in digital security: such as making passwords stronger and not allowing the Internet browser to save passwords automatically. Then, the strategy integrates essential tools and software that staff continually develop, improve and then relay in the organisation’s Facilitator’s Guide. A major source of these tools and software come from Security in-a-box, a collaborative effort of the Tactical Technology Collective and Front Line Defenders which offers how-to guides to implementing digital security software. The strategy also relies on Digital First Aid Kits from the Association for Progressive Communication and Digital Defenders, which outline specific risk scenarios and provides guidance on immediate measures to remedy the situation.
To learn about creating a security plan in areas beyond the World Wide Web, please consult PI’s Facilitation Guide.
Photos courtesy of PI and Flickr/Computer Lock & Key.