Posts Tagged ‘digital security’

Ahmed Mansoor, MEA Laureate 2015, arrested in middle-of-the-night raid in Emirates

March 21, 2017

Ahmed Mansoor’s whereabouts are unknown © Martin Ennals Foundation

On 20 March, 2017, around midnight, Mr. Ahmed Mansoor was arrested at his home in Ajman, UAE, by a large team of the Emirates’ security forces. The Government has finally confirmed that it is holding him, but until today we don’t know where. The reasons for his arrest remain unknown but might be linked to a series of tweets he posted on Twitter in recent days, calling for the release of UAE human rights defender Osama Al-Najjar or to a letter that he signed, along with other activists in the region, calling for the release of all prisoners of conscience in the Middle East ahead of an Arab League Summit scheduled to be held in Jordan on 29 March 2017.

Following a massive crackdown on human rights defenders in the UAE in recent years, Ahmed Mansoor is today widely respected as the only independent voice still speaking out through his blog and Twitter account against human rights violations from inside the country. He was the Laureate of the Martin Ennals Award 2015. [https://humanrightsdefenders.blog/2015/10/07/the-link-to-the-full-mea-2015-ceremony-of-6-october/]. Mr. Mansoor has faced repeated intimidation, harassment, and death threats from the UAE authorities or their supporters, including arrest and imprisonment in 2011 following an unfair trial. Although pardoned and released later that year, the UAE authorities have arbitrarily imposed a travel ban on him. [https://humanrightsdefenders.blog/2015/09/15/fly-emirates-if-the-emirs-let-you/]

In August 2016 Ahmed Mansoor was at the centre of a hacking scandal involving Apple’s iOS operating system [https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/]

Sources:

UAE: alarm at middle-of-the-night arrest of leading human rights activist | Amnesty International UK

http://www.omct.org/human-rights-defenders/urgent-interventions/united-arab-emirates/2017/03/d24255/

International Women’s Day 2017: honoring, defending and watching women human rights defenders

March 8, 2017

International Women’s Day focuses on many different aspects of the struggle for the human rights of women. I have selected three special actions this year:

(1) a short piece honoring woman who are land rights defenders;

(2) a digital protection tool for women human rights defenders (Cyberwomen);

(3) a documentary film on how rape was made into a international war crime.

[Of course this blog has had many earlier posts on women human rights defenders: https://humanrightsdefenders.blog/tag/women-human-rights-defenders/ ] Read the rest of this entry »

WEBINARS on best practices for digitising documents in March 2017

March 7, 2017

Why digitise? Digitising your documents greatly improves access to your information, whether you are building an online public library to share documents related to corruption, or making documents searchable for your team. Digitisation also helps to preserve and protect important human rights information. Many defenders run the risk that malevolent groups seeking to destroy or confiscate witness testimony, evidence of abuse, and other sensitive information. Others run the risk of documents being subject to harmful storage conditions, such as humidity, insects, and rodents. These are just a few reasons for digitising your documents. However, figuring out the most efficient, affordable, and responsible way to digitise thousands of documents can be a daunting task especially for human rights defenders in the field.

  • When:
  • Where: ReadyTalk (use the access code 2458641 to join)
  • Who: Open to anyone who wants to learn more about digitizing documents

Whether you are a seasoned digitization expert or a human rights defender just starting to think about digitisation, this is a good occasion to learn and share.

If you are interested, please contact Kristin Antin at kristin@huridocs.orgHere is an example of a webinar hosted in January on managing contact information.

Source: Community Discussion: Best practices for digitising documents | HURIDOCS

Security Without Borders offers free security help to human rights defenders

January 10, 2017

Network World of 3 January 2017 carried an interesting piece on Claudio Guarnieri who launched Security Without Borders which offers free cybersecurity help to journalists, activists and human rights defenders.

For all the wonderful things that the internet has given us, the internet also has been turned into a tool for repression. Nation states have deep pockets and use the imbalance to their own advantage. Technology has been used “to curb dissent, to censor information, to identify and monitor people.” ..Billions of dollars have been poured into surveillance—both passive and active.”Sadly, electronic surveillance and censorship have become so commonplace that nowadays people can get arrested for a tweet. There are places were dissidents are hunted down, using crypto is illegal, where sites are blocked and even internet access can be cut off. “Those who face imprisonment and violence in the pursuit of justice and democracy cannot succeed if they don’t communicate securely as well as remain safe online.”

Security “is a precondition for privacy, which is the key enabler for freedom of expression.” He was not implying that the security should come from big firms, either, since big security businesses often need contracts with the government and are dependent on the national security sector. So, Guarnieri turned to the hacker community and launched Security Without Borders, which “is an open collective of hackers and cybersecurity professionals who volunteer with assisting journalists, human rights defenders, and non-profit organizations with cyber security issues.”

security without borders

The website Security Without Borders has a big red button labeled “Request Assistance.” Activists, journalists and human rights defenders are encouraged to reach out for help. The group of “penetration testers, malware analysts, developers, engineers, system administrators and hackers” from all walks of life offer cybersecurity help. We can assist with web security assessments, conduct breach investigations and analysis, and generally act as an advisor in questions pertaining to cybersecurity. As security services are often expensive to come by, SWB offers these services free to organizations and people fighting against human rights abuse, racism, and other injustices.

When requesting help, you are asked to give your name or organization’s name, an email address, a description of the work you do and what kind of help you need. Hackers and computer security geeks who support freedom of speech are also encouraged to reach out and volunteer their skills.

There is still on-going discussions on the mailing list on issues such as trust and where to draw the line for extending free help to specific groups. Security Without Borders is just getting off the ground, and will have to deal with some of the same problems that earlier efforts in this area face, see e.g:  https://humanrightsdefenders.blog/2016/08/25/datnav-new-guide-to-navigate-and-integrate-digital-data-in-human-rights-research/ and https://humanrightsdefenders.blog/2016/10/31/protecting-human-rights-defenders-from-hackers-and-improving-digital-security/

Sources:

Security Without Borders: Free security help for dissidents | Network World

http://motherboard.vice.com/read/hacker-claudio-guarnieri-security-without-borders-political-dissidents

Pakistani Digital activist Nighat Dad recipient of 2016 Human Rights Tulip

November 6, 2016

The 2016 Human Rights Tulip has been awarded to the Pakistani internet activist Nighat Dad stated the Dutch Ministry of Foreign Affairs today, 6 November 2016.

Human Rights Tulip
Human Rights Tulip Photo: Aad Meijer/Newsroom BZ

The Human Rights Tulip is an annual prize awarded by the Minister of Foreign Affairs to human rights defenders who take an innovative approach to promoting human rights. The prize consists of a bronze sculpture (see picture above) and €100,000, which is intended to enable recipients to further develop their work. [for last year’s award: https://thoolen.wordpress.com/2015/12/12/2015-human-rights-tulip-awarded-to-ira-mauritania/]

Human rights defenders are modern-day heroes,’ said minister Bert Koenders ‘Despite the many threats she has received, Nighat Dad continues to fight to improve adherence to human rights in Pakistan in a unique and innovative way. Ms Dad is a pioneer who is working to remove everyday obstacles to internet access, especially those that affect women.

Ms Dad is a staunch defender of digital rights and the importance of protecting women and girls and marginalised groups on social media. Mr Koenders hopes that this prize will serve as a gesture of support for the freedom of internet users, especially women. In 2012 Ms Dad founded the Digital Rights Foundation, which supports female internet users in the form of digital security training courses, public awareness campaigns and the newly created Cyber Harassment Helpline. Ms Dad’s approach enables her to reach women throughout Pakistan, including those in more remote areas of the country. She was awarded the Atlantic Council Digital Freedom Award 2016 and was among six ‘next generation leaders’ named by TIME Magazine last year.

Foreign minister Bert Koenders will present her with the prize on Saturday 10 December, Human Rights Day, in The Hague.

For earlier posts on the Tulip award: https://thoolen.wordpress.com/tag/tulip-award/

Source: Nighat Dad recipient of 2016 Human Rights Tulip | News item | Government.nl

http://www.dawn.com/news/1294671/pakistani-digital-rights-activist-nighat-dad-awarded-2016-human-rights-tulip-award

Protecting human rights defenders from hackers and improving digital security

October 31, 2016

Joshua Oliver on 14 October, 2016 interviewed for NY City Lens, Kim Burton of Access Now about the digital security dangers faced by human rights defenders. A recent example is what happened to Ahmed Mansoor [https://thoolen.wordpress.com/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/] but there are many other cases. The staff of the Digital Security Helpline offers free, 24/7 technical support and advice on digital security to activists, journalists, and human rights defenders around the world. It is a project of Access Now, an NGO that promotes human rights online. The interview ends with 3 simple practical steps that any person can do to improve their security.

Kim Burton, security education coordinator at Access Now, works on the digital security helpline.

Kim Burton, security education coordinator at Access Now, works on the digital security helpline.

What makes the kind of targeted digital threat that a human rights defender or an activist might experience different from the threats that ordinary users might face?

The goal is different. When you’re targeting the average individual often these campaigns are really large. They’ll be interested in getting a lot of cash. When someone’s trying to compromise a human rights defender or activist or journalist, it’s usually because they want that person’s information. They want that person’s contacts. They want to be able to intimidate that person so they stop doing the work that they’re doing.

What type of things might prompt someone to contact the helpline?

They could receive an unfriendly email that scares them, and so they’ll bring that email to us. With journalists it’ll be more about protecting information that they’re trying to move out of the country, or it can just be protecting their publishing while they’re online. Often when we get contacted it’s for people who have had their accounts actually hacked. Where the account is posting information that the owner did not post, or it’s completely defaced.

Can you describe the difference between the support that’s typically available for someone in a corporate or government environment with a digital security problem as compared to someone in a non-governmental organization working on human rights or activism?

I think one of the major things is just having someone to call. In a corporate environment they have either an IT group or a person or systems administrator. So you already know who to call. In NGOs [non-governmental organizations], often times, there isn’t an IT person at all. There’s not a systems administrator. The tech support is not available. And part of that is funding. Corporate environments are able to spend a lot more money on salaries, so they’re able to pay the tech people a lot more than they would get in the NGO space.

What can be the direct consequences to the people who are targeted by this kind of threat? 

Unfortunately people can die. That’s one of the things that we have to be aware of every day on the helpline. People do get killed for the information that they have out there. The other consequences are: people’s lives can be ruined, people can be imprisoned, people can have to leave countries, their families can be hurt. The stakes are very high.

Can you define what phishing is?

It’s those emails that say something like “You’ve won a million dollars, click here to receive.” Or something that is a little bit more scary, like “This is your co-worker, I need the password to this account.” It can get more targeted. But everyone receives these — this isn’t unique to the people that we work with. It’s just that the people that we work with might have a higher chance of receiving a more targeted phishing campaign.

What are three easy things people can do to improve their own digital security? 

Number one, always install software updates. Updates are often released to address security vulnerabilities; updating is your first line of defense.

Two, use unique, long, and strong passwords. If your password is leaked in one place, and you have used the same password somewhere else, that other account can be compromised as well. Avoid remembering each of these unique passwords with a password manager, like KeePassX or LastPass. Password managers keep your credentials in an encrypted database and assist you in generating unpredictable strings to use as sturdy logins.

Three, use two-factor authentication when available. Instead of only using a password to protect your account, two-factor requires another “factor” to log in. Like a bank that needs your card and PIN to withdraw from an ATM, you’ll need your password and something else (like a SMS text, generated code, or fingerprint) to access your account. All of the major email providers provide multi-factor authentication, as do many other accounts, like Amazon, Twitter and Facebook; look for it in your security settings.

see also: https://thoolen.wordpress.com/tag/digital-security/

Source: Protecting Activists from Hackers – NY City Lens

Apple tackles iPhone one-tap spyware flaws after MEA Laureate discovers hacking attempt

August 29, 2016

Ahmed Mansoor, the Laureate of the Martin Ennals Award 2015, was the target of a major hacking attempt. Fortunately it received global coverage on 26 and 27 August 2016 and Apple has immediately issued a security update to address the vulnerabilities. [For those with Iphones/Ipads, you may want to update your IOS software to 9.3.5!]


Ahmed MansoorImage copyrightAP – human rights defender Ahmed Mansoor

The flaws in Apple’s iOS operating system were discovered by Mansoor who alerted security researchers to unsolicited text messages he had received on 10 and 11 August. They discovered three previously unknown flaws within Apple’s code that meant spyware could be installed with a single tap. Apple has since released a software update that addresses the problem. The two security firms involved, Citizen Lab and Lookout, said they had held back details of the discovery until the fix had been issued.

The texts promised to reveal “secrets” about people allegedly being tortured in the United Arab Emirates (UAE)’s jails if he tapped the links. Had he done so, Citizen Lab says, his iPhone 6 would have been “jailbroken”, meaning unauthorised software could have been installed. “Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” said Citizen Lab. The researchers say they believe the spyware involved was created by NSO Group, an Israeli “cyber-war” company.

Text message
The spyware would have been installed if Mansoor had tapped on the links. Image copyright CITIZENLAB

For more on Mansoor: https://thoolen.wordpress.com/tag/ahmed-mansoor/

Sources:

http://www.bbc.com/news/technology-37185544

https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/  (from the researchers who identified the vulnerabilities. Good summary followed by full technical analysis)

http://www.dailymail.co.uk/sciencetech/article-3758671/Apple-boosts-iPhone-security-Mideast-spyware-discovery.html

DatNav: New Guide to Navigate and Integrate Digital Data in Human Rights Research

August 25, 2016

DatNav, a guide designed to help human rights defenders navigate and integrate digital data into your human rights research, was launched today.

DatNav is the result of a collaboration between Amnesty InternationalBenetech, and The Engine Room which began in late 2015 culminating in an intense four-day writing sprint facilitated by Chris Michael and Collaborations for Change in May 2016. Based on interviews, community consultations, and surveys the researchers found that in the vast majority of cases, human rights defenders were not using the tools. Why? Mainly, human rights researchers appeared to be overwhelmed by the possibilities.

DatNav - Digital Data in Human Rights Research

Still, integrating and using digital data in a responsible way can make a huge and important difference to human rights research. Acquiring, disseminating and storing digital data is also more in reach. DatNav is about navigating these new possibilities.

In May 2016, the 3 NGOs gathered a group of experts to create a guide to help address this problem, and created the foundations of DatNav. Nearly 70 key members of the human rights tech and data community, representing nearly 40 different organisations from around the world, played key roles in the creation of DatNav.

This is just the beginning. If you’re interested in taking the guide forward, whether to inform strategy in your work, to train others, or through translations, or adaptations of the content, the organizers would like to hear from you. The content is all CC-BY-SA licensed and remixes of the content are more than welcome. We’re in initial talks to release an Arabic translation of DatNav, and we’d like to carry out others, too.

Download the DatNav pdf

You can sign up for The Engine Room’s newsletter to be notified of new updates and releases.

To find out more about the project or give feedback, you can send an email. You can also reach out on Twitter @zararah and The Engine Room @EngnRoom.

 

Source: DatNav: New Guide to Navigate and Integrate Digital Data in Human Rights Research | The Engine Room

New travel guide “Cyber security policy for human rights defenders” issued by GPD

May 20, 2016

On 18 May 2016 Global Partners Digital (GPD) issued a new entry in its series of ‘Travel Guides to the Digital World‘: Cybersecurity Policy for Human Rights Defenders.

Just as a travel guide introduces tourists to the customs, language and geography of a foreign land, the series aims to equip human rights defenders with the information needed to navigate complex areas of internet-related policy from a human rights perspective. Previous guides in the series have focused on internet governance and digital surveillance. The latest entry,  shines the spotlight on an emerging, and increasingly crucial domain – and aims to fill a conspicuous gap. For while much valuable work has already been done on cybersecurity, there are currently few resources for human rights defenders on this issue.

A few years ago, cybersecurity was a word most likely to evoke dreary office trainings on password protection. Today, it is a top priority of states worldwide. 72 countries now have live national cybersecurity strategies, and 102 have National Computer Incident Response Teams (CIRTs). It remains however, a contested, elastic and shifting term which can cover a seemingly endless range of different issues, situations, and policy measures.

In spite of this, human rights defenders have so far been notable for their absence in cybersecurity policymaking spaces. Without the crucial scrutiny they provide, important decisions are being taken without any consideration for their broader implications on the enjoyment of basic human rights, including the right to freedom of expression, access to information, and privacy. The guide hopes in a small way to address this trend by helping human rights defenders to find their bearings and gain a solid grasp of the institutions, actors and issues at stake.

A few words on structure. In conceptualising the guide, an immediate challenge was the sheer range of definitions available within cybersecurity. We’ve tried to resolve this by grouping issues into three broad categories –  information security, cyber crime and cyber conflict – but we recognise that these overlap. Human rights defenders need to be active not only in challenging the impact of cybersecurity policies, but in reshaping its very meaning, which is why definition is a key focus of the guide.

The guide concludes with a list of recommendations, which are by no means prescriptive or comprehensive, but which hopefully offer some useful starting points for strategic engagement from a human rights perspective.

[GPD are a small team based in Shoreditch in London working with civil society groups, governments, international institutions and businesses to protect and promote human rights values online. Much of its work is carried out with partner organisations in the global South. Global Partners Digital started off in 2005 as Global Partners and Associates (GPA) which was set up to work in the areas of democracy, governance and human rights. As a team within GPA, it initially worked on human rights and traditional media issues. Since then, its work in this field has developed substantially. With the unprecedented growth of the internet and mobile phone technologies – and the challenges and opportunities that these bring – GPD have become increasingly focused on human rights and digital communications. Thus the rebranding as Global Partners Digital in 2013.]

see also: https://thoolen.wordpress.com/2014/06/05/new-book-on-internet-policy-and-governance-for-human-rights-defenders/

Source: Introducing GPD’s new travel guide to cybersecurity policy for human rights defenders | Global Partners Digital

On-line training course for better protection of human rights defenders

April 9, 2016


With this short video clip, the Brussels-based NGO Protection International announces that one can now register for the online course “Security and protection management for human rights defenders and social organisations”mainly addressed to NGOs, social organizations and persons interested in the security work for HRD, their organizations and/or communities. The main aim is for human rights defenders to develop various skills, capacities and strategies to allow them to improve the level of security and protection, both for themselves and also for the people they work with. Read the rest of this entry »