Blog

Primer on “digital security” for activists

filmburmareview

Getting images and videos of protests and the violent crackdowns by government authorities that often ensue out to the wider public can be extremely important in building momentum and international solidarity for nonviolent movements. While this may generally not be difficult in western countries, when a repressive regime like the Chinese government or the military junta in Burma wants to cut off the flow of information to its citizens and the international community, such activity can be extremely dangerous for activists.

In preparation for his presentation at the Fletcher Summer Institute for the Advanced Study of Nonviolent Conflict last week, Patrick Meier gave the most thorough run down on digital security – which he defines as “the art and science of staying safe when communicating in non-permissive environments” – that I’ve ever seen at his blog iRevolution. (He also gave a brief recap of every presentation at the conference on his site for anyone who is interested in checking out the other topics that were discussed.)

The must-read list of tactics and technologies that he provides should be extremely useful for activists trying to operate under the watch of repressive regimes. Here is a sampling of his tactical suggestions:

  • Purchase your mobile phone far from where you live. Buy lower-end, simple phones that do not allow third-party applications to be installed. Higher-end ones with more functionalities carry more risk. Use cash to purchase your phone and SIM card. Avoid town centers and find small or second-hand shops as these are unlikely to have security cameras. Do not give your real details if asked; many shops do not ask for proof of ID.
  • Use multiple SIM cards and multiple phones and only use pay-as-you go options; they are more expensive but required for anonymity.
  • Remove the batteries from your phone if you do not want to be geo-located and keep the SIM card out of the phone when not in use and store in separate places.Use your phone while in a moving vehicle to reduces probability of geo-location.
  • Keep the number of sensitive pictures on your camera to a minimum.
  • Add plenty of random non-threatening pictures (not of individuals) and have these safe pictures locked so when you do a “delete all” these pictures stay on the card.
  • For sharing offline, do not label storage devices (CDs, flash drives) with the true content.  If you burn a CD with an illegal video or piece of software on it, write an album label on it.

Meier then provides a detailed list of specific technologies that can help activists stay safe and keep their data more secure. Here are just a few examples:

Mobile phones

Digital cameras

  • Use scrubbing software such as: JPEG stripper to remove the metadata (Exif data) from your pictures before you upload/email.

Computers/Laptops

  • Use a different file type to hide your sensitive files. For example, the .mov file extension will make a large file look like a movie.
  • Mac users can use Little Snitch to track all the data that goes into and out of your computer.
  • From a technical perspective, there’s no such thing as the delete function. Your deleted data is eventually written over with new data. There are two common ways to wipe sensitive data from your hard drive or storage device. You can wipe a single file or you can wipe all of the ‘unallocated’ space on the drive. Eraser is a free and open-source secure deletion tool that is extremely easy to use.

Email communication

  • Use https when using Gmail.
  • Use encrypted email platforms such as Hushmail and RiseUp.

Browsers and websites

VoIP

  • Use Skype but not TOM Skype (Chinese version). Note that Skype is not necessarily 100% secure since no one has access to the source code to verify.
  • Off The Record (OTR) is a good encryption plugin. For example, use Pidgin with OTR (you need to add the plug-in yourself).