Over the past two decades, journalists and activists have become dependent on the internet and digital platforms for communications, organisation, and the amplification of their critical work. However, the open and accessible design of the internet also made it vulnerable, and those challenging authority and power need to practice digital security.
Training programs promoting digital security practices for activists and journalists exist. Still, conversations with human rights defenders and digital security practitioners suggest there are still significant gaps and challenges in ensuring that those defending democracy and human rights are safe from digital attacks.
Digital Security Requires Comprehensive Changes
The Ground Safe report from the Oxen Privacy Tech Foundation (OPTF) found civil society workers, human rights defenders and journalists are aware and concerned about their digital security. Even so, many feel they lack the knowledge and capacity to minimise their risks and stay safe online, expressing feelings of helplessness when faced with things like surveillance and online harassment.
The report calls for a change in approach to teaching digital security practice and creating secure technologies and strategies. The effectiveness of change-making and development work is increasingly linked to the ability to use and leverage digital tools and technologies. These very apps and services that make up the internet are now being targeted and weaponised to monitor and disrupt civil society activities, silence journalists and whistleblowers, manipulate public opinion, and oppress citizens.
Many digital security trainers are aware of these issues and find that implementing effective solutions is an ongoing challenge. While local communities are calling for more bottom-up approaches to digital security training, many initiatives and training programs are not sustainable or ongoing at the local level. Resources are available only in English, and curriculums are not localised effectively.
As well as calling for improved digital security training methodologies, the report also makes recommendations for secure tech developers, and for instilling organisational-level policies and practices on digital security.
The impacts of digital attacks
The report found four primary ways HRDs and their work are affected by digital attacks:
- Personal — Social media platforms and messaging app groups are being actively monitored, and those who perceived to be critical or adversarial of the political establishment experience hate speech and online threats that also incite physical violence by ‘doxxing’ or revealing the personal address details of those targeted.
- Reputational — Articles, research, commentary, and reports challenging policies or views of those in power are countered by waves of disinformation, often from sources that seem credible. These disinformation attacks cause confusion and lasting reputational damage.
- Legal — Cyber laws are being used to quash freedom of expression and pursue critical voices online — on social media and messaging app platforms. Posts deemed to break local content and censorship laws can result in arrests and other legal consequences.
- Infrastructure — Internet shutdowns and censoring specific platforms — such as Facebook — are a common tactic for disrupting organisation and preventing outside communication. The security of mobile phones and computers can also be compromised by increasingly sophisticated malware and phishing attacks.
Devices and platforms we use are increasing our vulnerability and not incentivising us to practice proper digital security. Low-cost mobile phones and laptops using old or outdated operating systems can be infected by malware and vulnerable to hacking.
WhatsApp and Facebook Messenger are the two most popular instant messaging apps. Software that leave users vulnerable to surveillance, account take over, and groups using them. People are slowly shifting to more secure messaging apps such as Signal. Many still continue to use WhatsApp because it is easier to use, more popular, and incorrectly perceived to be secure.
Social media platforms are increasingly used to monitor and attack those working in civil society. Our research found many used the same Facebook account for sharing work and personal related activities, potentially putting friends and family at risk. Most acknowledged online harassment was rampant on social media platforms but felt disempowered and weren’t sure what they could do about it.
The secure storage of sensitive information was a major challenge faced by many interviewees. The use of messaging apps to store documents was common, and Google Drive was also popular. The use of dedicated encryption tools such as Veracrpyt was extremely low, and many said they didn’t have any secure way to store their sensitive documents and data.
Mobile and telecommunications operators provide the gateway to the internet, and in many surveyed countries, they are subservient to the government, either because they are state-owned, or because they must comply with requests of authorities in order to operate. These requests can include surveillance of users, shutting down or blocking social media accounts, and tracking people’s mobile phone locations. Mobile operators also bundle Facebook and WhatsApp as part of low-cost packages, limiting the adoption and use of secure tools such as Signal.
Recommendations
The report’s recommendations focused on four key areas:
- Increase awareness of digital security threats and vulnerabilities — low awareness of actual threats and attacks created an “it won’t happen to me” attitude.
- Build secure tech tools and apps that work effectively — tech tools and apps should be localised, easily usable, and be tested in the contexts they’ll be used.
- Improve digital security training and practice — training design and methodologies need to improve, including adopting a localised bottom-up approach that is truly sustainable.
- Enhance organisation-level digital security practices — organisations must adopt procedures and policies in relation to digital security and donors should make digital security compliance a prerequisite to funding, in the same as financial compliance is.
Sam de Silva and Alex Linton contributed to the Ground Safe report.
Sorry, the comment form is closed at this time.