Voluntary Society - Action

How to Communicate Securely in Repressive Environments - Updated June 28, 2009

Introduction

Core to effective strategic nonviolent action is the need to remain proactive and on the offensive; the rationale being that both the resistance movement and repressive regime have an equal amount of time allocated when the show-down begins. If the movement becomes idle at any point, this may give the regime the opportunity to regain the upper hand, or vice versa. The same principle is found in Clausewitz's writings on war .

Nonviolent resistance movements are typically driven by students, i.e., young people, who are increasingly born digital natives. With expanding access to mobile phones, social networking software and online platforms for user-generated content such as blogs, the immediate financial cost of speaking out against repressive regimes is virtually nil. So resistance movements are likely to make even more use of new communication technology and digital media in the future. In fact, they already are.

At the same time, however, the likelihood and consequences of getting caught are high, especially for those political activists without any background or training in digital security. Indeed, recent research by Digital Democracy research suggests that organizational hierarchies are being broken down as youth adopt new technologies. While this empowers them they are also put at risk since they don't tend to be as consequence-conscious as their adult counterparts.


Empire Strikes Back

It is no myth that repressive regimes are becoming increasingly more savvy in their ability to effectively employ sophisticated filtering, censoring, monitoring technologies (often courtesy of American companies like Cisco) to crack down on resistance movements. In other words, political activists need to realize that their regimes are becoming smarter and more effective, not dumber and hardly clueless.

That said, there are notable -at times surprising- loopholes. During the recent election violence in Iran, for example, facebook.com was blocked but not facebook.com/home.php. In any case, repressive regimes will continue to block more sites and/by imposing impose information blockades because they tend to view new media and digital technologies as a threat.

Perhaps technologies of liberation are a force more powerful?

In order to remain on the offensive against repressive regimes, nonviolent civil resistance movements need to ensure they are up to speed on digital security, if only for defense purposes. Indeed, I am particularly struck by the number of political activists in repressive regimes who aren't aware of the serious risks they take when they use their mobile phones or the Internet to communicate with other activists.


Adaptive Learning

One way to stay ahead is to make the learning curve less steep for political activists and to continually update them with the latest tested tactics and technologies. To be sure, one way to keep the upper hand in this cyber game of cat-and-mouse is to continue adapting and learning as quickly as possible. We need to ensure that feedback mechanisms are in place.

There are trade-offs between security and convenience or usability, particularly in the context of technologies. As DigiActive notes, the most secure tactics and technologies may not be the most convenient or easy to deploy.


Most political activists are not tech-savvy
.

This means that digital activists need to design tactics and technologies that are easy to learn and deploy.

The tactics and technologies listed in the next sections fall into all four different quadrants to one extent or another. It is important that political activists at minimum master the easy and convenient digital security tactics and technologies identified in this blog post.

Recall that both sides are allocated an equal amount of time to plan and execute their operations. Accelerating the learning process is one way for activist networks to remain pro-active and stay ahead of the curve. Unlike the hierarchical, centralized structures of repressive regimes, networks have more flexibility and feedback loops, which make them more adaptable.

The normative motivation behind this research on digital resistance is based on the recognition by many scholars and practitioners that the techniques associated with strategic nonviolent social movements are greatly enhanced by access to modern information communication technologies, such as mobile telephony, short message service (SMS), email and the World Wide Web, among others.

The potential to leverage those techniques is what makes Digital Security so important to integrate in the strategic and tactical repertoire of civil resistance movements.


Digital Security

I define digital security (DS) in the context of digital resistance as the art and science of staying safe when communicating in non-permissive environments. The reason I call it both an art and a science is to emphasize that both tactics and technology play an important role in staying safe when facing repression.

So the DS framework I want to propose is two-pronged: tactics vs. technology, and safety vs. security. I call it the 4-square approach for obvious reasons:

As the graphic above suggests, personal safety and data security are a function of both tactics and technologies. For example, data security is best ensured when combining tactics and technologies.

What follows is a list of tactics and technologies for communicating safely and securely in repressive environments. The list is divided into technology categories and the bullet points are listed in order of relative convenience and easy to more complicated, but more secure.

Note that the information below is in no way meant to be exhaustive. Furthermore, given the nature of technological change, some of the tactics and technologies below may no longer be effective in the near future. To this end, activists who follow the digital security tactics and technologies listed below should take care not to gain a false sense of security.

The digital security landscape is always evolving and the dynamic between digital activists and repressive regimes is akin to a cyber game of cat-and-mouse, albeit a dangerous zero-sum game. Finally, be aware that using more sophisticated tactics and technologies may call attention to yourself and label you as a serious threat. Please see the conclusion for a list of references and suggestions on further reading.


Digital Security Tactics

As mentioned above, DS tactics come as both technology-free tactics and tactics that relate to communication technology. For example, making sure to pay for a sim card in cash and out of sight of security cameras is a technology-free tactic that increases the chances of staying safe. Removing the batteries from your mobile phone to prevent it from being geo-located is a tactic that relates to the technology and also increases your safety.

DS tactics can also improve data security when communicating information. Sneakernet is a technology-free tactic to share information. The term is used to describe tactics whereby the transfer of electronic information such computer files is done by physically carrying removable media such as hard drives and disk drives. In contrast, using encryption software for mobile phones is a tactic that uses technology. The communication may be intercepted by eavesdroppers but they may be unable to decipher the message itself.

These tactics are listed below along with a number of other important ones. Please keep in mind that tactics are case- and context-specific. They need to be adapted to the local situation.

Radios

Radios can be used when cell/mobile phone networks have been shut down. Use code and never reveal your location. See also FreedomFone. Radio broadcasts can be geo-located so do not broadcast at length from the same locations at the same times. Ideally, use handheld radios and broadcast from a moving vehicle. This prevents you from being geo-located and allows you to broadcast over a wider area. If you know your radio broadcasts are being interrupted (or voice call, SMS, emails, etc), you can deliberately produce disinformation and provide wrong information about meetings, protests, etc.

Mobile Phones


Digital Cameras

Computers/Laptops

Flash disks
Email communication

Browsers and websites

VoIP

Blogs and social networking sites

File sharing

Internet Cafes

Digital Security Technologies

When combine with the tactics described above, the following technologies can help you stay safe and keep your data relatively more secure.

Radios

Radio jamming equipment are commercially available but keep in mind that they are illegal in certain countries.

Mobile phones



Digital cameras

Computers/Laptops


Flash disks

Email communication

Browsers and websites

VoIP


Blogs and social networking platforms

There are no safe social networks. The best way to be safe on a social network is fake account and a proxy server. The anonymous blogging platform Invisiblog no longer exists, so the best bet now is WordPress + Proxy (preferably Tor) + anonymity of content. Log out of facebook.com when not using the site.
Use Crabgrass, which is designed by the Rise-Up Collective to provide a more secure social networking and collaboration. Although there are pros and cons to using it, activists working in repressive environments should know of it in case it is the right tool for their needs.

File sharing

Use Skype to transfer files but not Pidgin. Use Drop.io to create a private, secure media sharing site.
Use BasecampHQ with secure/SSL option to create more specific usernames and passwords for each user or remote site.
Use Martus, an encrypted database software designed to keep sensitive data secure. This is considered one of the best tools for journalists, human rights workers to encrypt data.
Internet Cafe

Tor can be installed on flash disk and used at Internet cafe and also used from LiveCDs if flash drives are not allowed.

Other potential tech

Conclusion

The above material was collected in part from these sources:

Patrick Philippe Meier


| Home | Action |