Ever since the COVID-19 crisis began, the world has largely moved online. Many civil society partnerships already had a practice of online cooperation, but most still had to adapt their operations significantly to remain functional in the age of lockdowns and social distancing. Whilst the increased connectivity does provide certain benefits, it also encompasses new risks in the face of increased state surveillance, violations of human rights, restricted space for civil society organisations to maneuver, and already existing digital security and privacy issues with regards to digital tools to communicate and cooperate.
On the 16th of September the Spindle, the Partos Innovation Platform, in cooperation with ECNL, Oxfam Novib, Digital Defenders Partnership (Hivos) and TOTEM (Free Press Unlimited), hosted a webinar to address these challenges. Together with around 40 participants the importance, implications and implementation of adequate digital security were comprehensively addressed by a diverse range of speakers active within the field.
Why is it important?
The session was opened by Esther Hartay and Vanja Skoric from the European Centre for Not-for-Profit Law. Over the past half year the legal and policy environments affect the operations and activities of civil society actors changed drastically under the influence of COVID-19. Whilst many civil society actors across the globe already faced pressure from increased government suppression and a rise in authoritarianism in various places, “COVID exposed the underlying challenges to democracy”. ECNL and ICNL launched the COVID-19 Civic Freedom Tracker, which monitors government responses to the pandemic that affects civic freedoms and human rights, focusing on emergency laws. A wide range of such recent problematic policy changes was discussed, including the blockage of information, the introduction of intrusive new surveillance technology, mobile phone surveillance, and the introduction of facial recognition technologies. Whilst these were introduced under the banner of COVID prevention, many are highly intrusive towards essential civil freedoms that hinder the functioning of civil society (e.g. freedom of assembly, freedom of speech, etc.). Digital Security is therefore of utmost importance to protect the independence and activities of civil society, particularly in contexts of existing governmental repression or when working with sensitive topics. “COVID does not need to be a human rights crisis”.
How to think about Digital Security?
Livio Stockly continued the conversation by sharing the experiences and lessons learned by Oxfam Novib with respect to digital security. He presented the audience with a number of findings and dilemmas, as well as some suggestions based on how his organisation has proceeded in this field.
The first dilemma concerns the question of access and means. Although we are all supposed to meet on the same digital platforms when moving operations online, the different organisations comprising the partnerships have a wide range of backgrounds when it comes to e.g. bandwidth availability, capacity to invest in ICT-related equipment, technical expertise, etc. On top of this comes the question of ICT-support, and to which extent the various partners have the capacity to be self-reliant in their ICT management and digital security implementation. Digital security and digital transitions are therefore very complex processes that require a lot of cooperation and coordination across partnerships and different NGO departments.
The second dilemma is described as the digital mindset void, meaning that digital security is perceived as a tool rather than a habit. It is generally considered as a burden to both individuals and organisations, and is often thought of as a finishing touch, rather than a starting point, for any digital effort. It follows that digital security is largely considered a matter for the ICT-department, rather than an individual responsibility, leaving most organizations vulnerable despite their best efforts at protecting their data and computer systems. To fully embrace digital security thus requires a collective, cross-departmental effort of every individual across organisations and partnerships.
Some ways to make a start on doing so involves a stronger integration of an office’s ICT-team with the regular affairs and activities, and considering digital security as a foundational cornerstone to any digital engagement rather than it being an afterthought.
What steps can your organisation take towards Digital Security?
Daniel Ó Cluaniagh from the Digital Defenders Partnership followed up on these notes by emphasising that digital security cannot be separated from the broader issues of security and protection that are facing civil society, they are all interrelated. It is therefore important to approach digital security holistically, and there are a couple of key actions one could take as an organisation.
It is important that you consider your own organisational context when setting up your digital security strategy. In order not to be vulnerable on a political level, one could consider using software and service providers that are in line with the values of civil society. One could also consider using decentralised services and/ or software that is run from your own servers, if you have the means to acquire them. End-to-end encryption features, and the usage of VPN or Tor services, also come a long way to secure your data and communications. And last but not least, collaboration! Especially if your means are limited, you could consider pooling resources with allies/ colleagues/ partners to share the cost of renting infrastructure and/ or technical support.
Daniel Ó Cluaniagh also shared a wealth of resources, which will be detailed below.
What can you do for more Digital Security?
The last speaker of the event was Sylvain Mignot from Free Press Unlimited, who presented the Totem Project to the audience. The Totem Project is an online course environment, designed by Free Press Unlimited and Greenhost, which is specifically dedicated towards human rights defenders, activists and journalists. It is hosted in five different languages, and contains multiple short courses (approx. 1 hour) on digital security measures you can take to protect yourself, your colleagues and your organisation’s activities. The Totem Project was created to establish a baseline of secure digital practice across the sector and its partnerships, and also serves as a platform for other organisations to deliver their respective courses within its platform. Users can enroll individually and study at any time and at their own pace. Digital security trainers can contact the Totem team on how to incorporate Totem courses in training activities.
Digital Security has never been more relevant, and its success relies on a collective effort from us all. As the moderator of this webinar, Anand Sheombar, aptly put it: “Digital Security for civil society is not a topic that should only be discussed today. It is a continuous topic that should be discussed with your partner organizations all the time”.
Tools and Software providers
- Greenhost – sustainable hosting provider
- Jitsi – Free open-source video conferencing for web & mobile
- Maadix – Tool for private server management including open-source software provisions
- May First Movement Technology – Advances the utility of digital means for activism and development-related activities
- Mumble – Free, open source voice chat application
- Nextcloud – File sharing and collaboration
- Rise Up – Online communication tools for people and groups working on liberatory social change
- Rocket Chat – Open source team chat platform
- Security in a Box – Various toolkits to enhance various digital security aspects
- Signal – A cross-platform encrypted messaging service
- Systemli – Non-commercial provider of privacy-friendly communication
- Tactical Tech – Research and tool development for digital in development
- Totem Project – Online platform with digital security training for activists and journalists
- Wire – Encrypted communication and collaboration app