Text: Caryn Mladen and Robert Guerra, Directors of Privaterra
While a growing number of human rights organizations now rely on the Internet for collecting and spreading information, as well as for communicating with members, many groups are not aware of the dangers lurking in the virtual depths. Activists working hard to secure human rights might actually be jeopardizing their cause, as well as the individuals they are trying to protect, when they leave information unprotected, or transmit communications without security.
Low cost solutions
At the same time, the activists who are aware of the perils, and who recognize the importance of securing information and communications often feel helpless and believe they lack necessary funds or expertise to implement digital security technology. Most organizations cannot even afford sufficient basic computers and software. What's an under-funded organization to do?
Perhaps surprisingly, it's relatively simple and inexpensive to put a few layers of protection between your organization and spying eyes. Encryption software for communications and data can be downloaded for free online, and developers of retail software and hardware are often willing to negotiate low cost solutions for human rights activists. Certain non-governmental organizations, NGOs, are specifically dedicated to providing the technological expertise needed to help activists obtain, install and use the necessary tools.
Protecting your data
Typically, threats posed to digital files and communications fall into three main categories: loss, espionage and modification.
Loss can occur through theft - a raid, for instance - or destruction, such as by violence or a computer virus. Activists can prepare for all possibilities by using disk encryption and proper backup safely stored in a separate location. Disk encryption is a method of “locking out” anyone without the “key” (or password) to a file, a folder or an entire hard drive. The stolen information is thus rendered useless to thieves. Some disk encryption tools allow you to hide files so they do not even appear on the disk – until they are called up and decrypted.
Activists are also subject to the standard vulnerabilities of computers. One organization preparing for a high profile court case discovered a virus had destroyed all its data. Without proper backup, the group not only lost months of work, but also significant credibility. Under these circumstances, it may be impossible to reconstruct crucial evidence taken fresh from witnesses. Proper backup ensures you will be able to regain access to your information quickly and easily if your files are stolen or destroyed.
Locking out spies
Espionage can occur through hacking, or spies inside the organization. Avoiding leaks of important information through internal espionage requires a clear hierarchy of keys and passwords to limit access to sensitive information.
The threat of digital external espionage can be reduced through a variety of methods. Many people don't realize email communications are stored on their Internet service provider, ISP’s, servers. This means that ISP staff, or anyone pressuring the ISP to provide access to information, can read your email. Even without the compliance of ISPs, email can be hacked.
Communication encryption software, such as Pretty Good Privacy, PGP, translates messages into indecipherable code readable only by the intended recipient after decryption with the receiver's key. Activists should remember to encrypt all communications, since encrypting only sensitive materials will alert watchers to clamp down whenever encryption activity increases.
Firewalls limit access to information contained on a single computer connected to the Internet, or to a series of such computers connected through a network. Firewalls also serve a dual purpose by informing users when unauthorized outsiders are attempting to access the network.
Be alert to changes
Modification occurs when communications are intercepted, then changed and sent on. The receiver is unaware of the interference, and may, to his or her peril, follow the new information. Digital signatures can avoid this problem through message authentication. The sender signs any communication with a key, and the receivers open it with their own keys. The quality of the communication is judged either “good” or “bad,” indicating if the communication has been modified. This red flag stops the receiver from taking potentially dangerous actions and alerts both parties to the fact that their communications have been compromised.
Infringement - putting yourself in harm's way
Using software without a license can be more dangerous than many NGOs are aware of. For while software companies usually will want to avoid the bad publicity of pressing charges against a human rights organization, copyright infringement remains a legal sword of governments. Oppressive governments can use illegally copied software as an excuse to impose fines, penalties and even imprisonment on the activists. Activists can avoid this problem by negotiating low cost licenses from software companies, or by using open source software such as Linux operating system or StarOffice application suite, which are available free online.
Use it
Regardless of the scope or location of your organization, privacy and security technology is a necessity. Banks, corporations, military organizations and governments use privacy and security technology -- human rights organizations and NGOs must take the same precautions. Electronic vulnerability leads to personal vulnerability. Fortunately, there is technology available to protect you and your cause. It's up to you to use it.
Visit the links below to learn more, and try to assess your organization's vulnerabilities.
Privaterra, an ongoing project of Computer Professionals for Social Responsibility (CPSR), is a non-profit charitable organization working with recognized human rights organizations, as well as software companies and high tech professionals to enhance the safety of human rights workers and those they protect. For more information, contact Privaterra at privaterra@privaterra.org.
Other organizations that focus on these issues:
* AAAS - Science and Human Rights program
* The Association for Progressive Communications
* Center for Democracy and Technology
* Electronic Privacy Information Center (EPIC)
* The Martus Human Rights Bulletin System
* The Association for the Study and Promotion of Security and Democracy (SEDEM) (Guatemala NGO)