IHRFG recently held a day-long training on digital security for funders, led by the Tactical Technology Collective. Following the event, we will share reflections from the grantmakers who came together to explore this question.Click here to read more lessons and join the conversation!
Contributed by Samy Lendvai-Karmout, Regional Coordinator-Mashrek, Euro-Mediterranean Foundation of Support to Human Rights Defenders-
The recent developments in open digital communication systems have proven to be instrumental, if not revolutionary, to different fields of human rights activism. From using smart mobile phones and smart-size cameras to document human rights violations, to using social media sites like Twitter, YouTube and Facebook as global mobilization venues for advocacy and social change, there is no doubt that digital communication technology has a huge impact on human rights activism globally. Authoritarian regimes using draconian methods to suppress traditional means of dissent are being faced with a new generation of players equipped with constantly evolving tools of digital communication.
Nevertheless, the backlash of these easily accessible digital communication tools has presented itself in the form of endless surveillance potential for adversaries of human rights, be they hostile governments, enforcers of social norms, hackers, or transnational groups. For the human rights funders’ community, which currently faces significant financial shortfalls, this reality presents a particular moral and technical conundrum; how can human rights funders ensure the protection of their irreversibly digitally-dependent partners working within risky contexts?
This question, among many others, was discussed thoroughly during the IHRFG-organized day-long institute titled “Beyond Passwords: Enhancing Digital Security for Human Rights and Grantees”. The Institute, which took place in San Francisco on January 26, 2015, provided a space for several funders in the human rights community to challenge their views about topics related to digital security concerns in the presence of experts. For some participants who had not previously considered digital security questions, employing a digital security strategy may have seemed to be a cumbersome and costly task. For others who had considered the issue lightly but lacked the know-how, the short session highlighted a number of mistaken beliefs about methods of “secure” communication with grantees. Overall, this left the participants with a sense of urgency to adopt concrete digital security strategies as standard and evolving procedures in their work.
Aside from ensuring the usage of licensed software and available encrypted/safe communication programs, funders should also employ simple threat modeling frameworks as an effective means to prioritize the security of their partners operating within various contexts. This strategy is based on the premise that widespread malicious surveillance is context-related and generally not cost-effective. Hence it is essential to clarify who and what the funders/grantees are up against on an individual basis. In order to determine the risks and best reaction methods to undertake, the following questions should be asked:
1) What do you want to keep private?
2) Who wants to know?
3) What can they do to find out?
4) What happens if they succeed?
Finally, it is important to note that digital security concerns should be considered an integral part of funders’ responsibilities towards their grantees under the “do no harm” principle. Immediate action should be undertaken by signaling the readiness of funders to take digital security considerations of their grantees seriously, be it through employing safe communication methods or additional budgetary lines needed to enhance their digital safety, and by extension their personal safety.