Posts Tagged ‘Security-in-a-box’

Mobile phone security for human rights defenders

May 7, 2014

mobilesecheader.png

Having posted on the Natalia bracelet and the Panic Button recently as alarm systems for human rights defenders in danger, it is good to also draw attention to the dangers that are inherent in the ‘normal’ use of mobile phones. Tactical Tech has quite a bit to say about  mobile phone security: Human Rights Defenders are exposed to many potential threats – from governments, private companies, organised groups – in the course of their work. Therefore, they should be aware of dangers and necessary security measures to be taken if  deciding to communicate by mobile phone, which remains an easy-to-spy-on device. Tactical Tech has produced a number of resources about phone security.

Security in a Box has a chapter entitled “How to Use Smartphones as Securely as Possible” and one on using mobile phonesas securely as possible.

Me and My Shadow has a chapter on geolocation services for smartphones and the risks they carry, as well as tips for those using SMS and MMS.

Finally, have a look at the Guardian Project’s website, created by a group of activists dedicated to creating open source apps to increase security and privacy on smartphones.

via Mobile phone security | Exposing the Invisible.

https://thoolen.wordpress.com/tag/natalia-project/

https://thoolen.wordpress.com/2014/05/02/amnesty-releases-today-long-awaited-panic-button-for-human-rights-defenders/

Inputs requested for making a “context guide” for LGBTI security in Africa

December 3, 2013

For 10 years, Tactical Technology Collective have worked with human rights defenders, in order to help them better to protect their sensitive data, their communications, themselves and their communities when carrying out their work, through developing online resources, books, and carrying out regular trainings around the world. As part of this process, it has developed the “Security in a Box” book and toolkit (https://securityinabox.org) which now receives around 200,000 visits per month.
However, in order to continue improving our materials and make digital security easier to understand and contextualise for specific communities of human rights defenders, they have begun a process of creating “context guides” which make the guide more accessible for certain communities at risk. The idea of this survey is to help create and improve such a guide, for LGBTI activists from Africa, which would help the community understand the need for healthy digital security practices by demonstrating the risks they face and providing stories of best practices from others in the community.
You can find the survey at https://tacticaltech.org/africa-survey. If you have any questions or concerns, please contact Daniel Ó Clunaigh: dan@tacticaltech.org.
[to get an idea of such a guide, created for LGBTI human rights defenders from the Arabic-speaking world, see in English: https://securityinabox.org/en/context/01]

For HRDs digital surveillance can mark the difference between life and death says Mary Lawlor

September 22, 2013

This blog has tried to pay regularly attention to the crucial issue of electronic security and referred to the different proposal that aim to redress the situation in favour of human rights defenders. In a column of Friday 20 September the Director of Front Line, Mary Lawlor, writes about the digital security programme “Security in a Box” which her organisation and the Tactical Technology collective started some years ago. For Sunday reading here the whole text:

Mary Lawlor

ARE YOU AWARE that the recording device on your smartphone can be activated remotely and record sensitive conversations? And that the webcam on your PC can film inside your office without you knowing?

For most people, debates about the snooping NSA and GCHQ are little more than great material for a chat down the pub, but for human rights defenders around the world, digital security is synonymous with personal security. For a gay rights campaigner in Honduras or a trade unionist in Colombia, safety from interception of communications or seizure of data can be the difference between freedom or imprisonment, life or death.

Digital surveillance has been described as “connecting the boot to the brain of the repressive regime”. Governments are developing the capacity to manipulate, monitor and subvert electronic information. Surveillance and censorship is growing and the lack of security for digitally stored or communicated information is becoming a major problem for human rights defenders in many countries.

By hacking into the computer system of a human rights organisation, governments or hostile hackers can access sensitive information, including the details of the organisation’s members and supporters. They can also install spyware or viruses to monitor or disrupt the work of the organisation.

Dangerous in the wrong hands

One of the best-documented cyber attacks on an NGO was the hacking of the Political Prisoner’s Solidarity Committee, a Colombian human rights organisation. The organisation’s email account was hacked and used to send malicious viruses and spam messages, and all employee work email accounts were deleted.

The hacked email account was also used to send threatening emails to a member of the organisation based in a different region. Their offices were broken into and the hard disk of one computer was stolen and replaced with a faulty one. Spyware was found on the computer used to maintain the organisation’s website; this recorded all the information on the computer and sent it via the internet to an unknown location. This cyber attack also coincided with a wave of anonymous phone calls and direct threats to staff members.

In this digital age how can human rights defenders make sure their online communications and their data are safe and that they are not putting themselves or colleagues in danger?

This is where Front Line Defenders is able to give practical help. With a security grant from Front Line Defenders, the Political Prisoner’s Solidarity Committee installed a new secured server and router, and upgraded their whole computer security system. We also organised a workshop on digital security for all the members of their organisation.

This was useful for a seriously at-risk organisation. But there are effective steps all of us can take to stay safe. Most of us have a computer or laptop and most have a password. That password is probably a cat’s name or a daughter’s name – which can be broken in about 10 seconds. Simply by changing your password to a longer one which combines upper case, lower case and digits makes the password virtually unbreakable and is a simple, first step to improve your online security.

“Back doors”

Recent revelations have shown that even encrypted communications that were previously thought to be secure have been built with deliberately included “back doors”, so that organisations like the NSA and GCHQ can access information that people think is secret. One protection against these built-in weaknesses is to use open-source software – this is software not provided by a big-name company like Microsoft or Apple, but one in which the workings of the software are made available for all to see, so that any such intended weakness in the encryption would be spotted and exposed by the global community of digital security experts.

Even if authorities or malicious hackers can’t see what you’re communicating, it can still be possible for them to see when you communicate and with whom. The Tactical Technology Collective has said, “If you use a computer, surf the internet, text your friends via a mobile phone or shop online – you leave a digital shadow.” If you want to find out the size of your digital shadow, and more importantly want to know what you can do about it, visit their award-winning website myshadow.org.

Security in-a-box (available onlineis a collaborative effort of the Tactical Technology collective and Front Line Defenders. It was created to meet the digital security and privacy needs of advocates and human rights defenders, but can also be used by members of the public.Security in-a-box includes a how-to booklet  which addresses a number of important digital security issues.

It also provides a collection of Hands-on Guides, each of which includes a particular freeware or open source software tool, as well as instructions on how you can use that tool to secure your computer, protect your information or maintain the privacy of your internet communication.

A clear understanding of the risks

When we started our Digital Security Programme we only ran one or two trainings per year. Now we are organising workshops on digital security all over the world, sometimes in secret locations for human rights defenders from countries where even to use the word “encryption” in an email would bring you under the eagle eye of the security services.

Electronic communication enables human rights defenders to network and cooperate as never before but survival depends on having a clear understanding of the risks involved and the need for a well thought-out digital security strategy.

Column: For some people, digital surveillance can mark the difference between life and death.

Technology to protect Human Rights Defenders: great but should there not be more cooperation??

September 5, 2013

On 7 April 2013 I posted on this blog the announcement of the Anti-kidnap alarm for human rights defenders in form of the Natalia bracelet launched in Stockholm by Civil Rights Defenders.

This was followed 10 days later, 17 April, by a post referring to the Panic Button developed by Amnesty International (“How to turn a mobile phone into an alert system for human rights defenders: AI’s Panic Button”).

Now the New York based Human Rights foundation announces its Partnership with global encrypted communications firm Silent Circle to protect the private communications of political dissidents, human rights groups, and civil society organizations in at-risk scenarios. (http://humanrightsfoundation.org/HRF-Announces-Silent-Circle-Partnership-to-Support-Dissidents-04-09-2013.php)

 

There exist already the older and more wide-ranging tools of:  “Security in a Box”  (a collaboration between Front Line and Tactical Tech Collective – see http://security.ngoinabox.org/welcome) and Protection International‘s  on-line Manual: http://protectioninternational.org/publication/new-protection-manual-for-human-rights-defenders-3rd-edition/.

 

While these (and perhaps other tools that I have missed!) may have all different features, the question could be asked who among the hard-pressed human rights defenders on the ground have the time and energy to sort through all this and pick what is most meaningful for them? Competition may well bring out the best but can also be confusing.

 

How to turn a mobile phone into an alert system for human rights defenders: AI’s Panic Button

April 17, 2013

image of mobile phone

Last week I reported on the Natalia bracelet and yesterday my eye fell on a lengthy piece posted on Amnesty International‘s Livewire by Technology and Human Rights Project Officer Tanya O’Carroll. It describes how emerging digital tools will help activists and human rights defenders. http://livewire.amnesty.org/2013/04/15/how-to-turn-a-mobile-phone-into-an-alert-system-for-activists/.

As a student activist speaking out against the government, Hassan is at constant threat of being arrested. The Sudanese government tracks and harasses members of the student movement he belongs to. Reports of his friends and contacts being detained, tortured and even killed by the authorities are frighteningly regular. But Hassan’s network is also well organized. His phone is always on him and he uses it to help organize demonstrations, to record and disseminate video of violent crackdowns against the students and to keep his network updated every minute – a network that stretches from Khartoum to the rest of the globe in the time it takes to send a tweet. If he is able to get word out that he’s been arrested, Hassan knows that his network’s response will be swift and structured. The problem is that he knows the first thing the authorities will seize is his mobile phone. And here’s the double danger of not getting word out: the authorities will use the phone book, call log, messages and any open apps – such as G-Mail or Facebook – to identify and track others. Without knowledge of the arrest, the whole network will be easily compromised. Read the rest of this entry »