Archive | Security

PIELC 2017 Digital Security Drop-in Center Guides

Firefox web browser – Download the verified app* for your operating system HTTPS everywhere plugin: secure web connections EFF Privacy Badger plugin: for safer web browsing *any app downloaded from a website is vulnerable to attack by a sophisticated adversary, who may substitute a malicious counterfeit app.  To safeguard against this possibility, some apps can […]

Developing Good Digital Security Culture

The CLDC is excited to launch a new program: Digital Security for Activists.  We believe that legal education and support cannot be fully utilized by political activists unless adequate security can be ensured as well.  The CLDC team brings together computer scientists and experienced digital security trainers, who also have strong movement ties and understanding.  We hope you will agree that this program is long overdue and will be a valuable contribution to movement solidarity and strength.

Questions, comments, or suggestions are welcome – contact us about Digital Security.

Good security culture is one of the first and most important things a serious activist should learn.  The idea is to minimize the effects of infiltration, disruption, and surveillance through practices that help keep activists, groups, and networks safer.  Importantly, it helps political activists prevent paranoia and dispels the unfortunate idea that they should just give up any effort to maintain confidentiality against State and corporate surveillance.

CLDC has been urging activists and their supporting attorneys to use due diligence to protect their communications from collection by adversaries.  Uncompromising defense of ecosystems and the most vulnerable in our society often threatens established power structures.  Liberation-focused activists who intend to succeed in their work should expect to face active disruption from well-resourced organizations.  Repression takes many well known forms from “knock-and-talks” to militarized police brutality.

More insidious forms of suppression exist, however, for those organizers who enjoy access to instantaneous, global information sharing, social networking, and widely available GPS and digital cameras.  Each of these tools incorporates complex computer systems that can be easy to use but very hard to fully understand.  These tools can be, have been, and are turned against activists and systematically used to surveil and disrupt community organizing.  At the same time, if activists spend too much time messing around with technology instead of actually organizing, their movements may be effectively self-neutralized.

So how do activist communities develop and implement good security culture with regard to digital tools, communications, and infrastructure?  Resources and guides are available, but since software and hardware are continuously changing, it is difficult to keep up-to-date with recommendations for digital security.  Even the 2015 edition of the EF! Direct Action Manual recommends using 8-character passwords; these can be broken within hours by a moderately equipped adversary.

Here at CLDC, we aim to provide advice and trainings to empower you to up your digital security game.  Additionally, over the next few security posts, we will provide guidance for evaluating the tools, services, and software you use that we hope will stand the test of time (or at least a few years).

We will explore four aspects of digital security culture:

Trust:  Can you trust the individuals or organizations that develop and maintain the software you use?  Whose interests do they serve?
Authenticity:  Is an email you received from who you think it is?  Is the software you downloaded what you think it is?
Privacy:  Are your communications private?  If they are not encrypted, the answer is no.
Resilience:  If you lose access to your email account, will your organizing work grind to a halt?  Do you have backup plans?  Do you have backups?  If you suddenly lost access to social media, would everything be ruined forever?

Happy New Year!