Participating Online with Safety Toolkit

The Association for Progressive Communications (APC) has developed a series of briefings to help those working on-line improve the security of their computer and on-line communications. The briefings were developed as part of a project aimed at improving the on-line security of computer users such as journalists and human rights workers. But the content of the briefings is relevant for all those working on-line.

An Introduction to the ‘Participating With Safety’ Project

Computers are a very useful tool to assist people’s work. They not only help with writing, graphic design and publishing information, they are increasingly becoming an essential communications tool as part of computer networks and the Internet.

But the reliance people have on computers is also a weakness. This weakness, and the ways of working around the problems computer technology can create, must be understood by those using computers. Through the understanding of the weaknesses of the way computers and computerised communications work we can take steps to protect our work, our security and our privacy.

There are many different aspects to using computers securely: You can set-up the computer to run more securely and reliably; Using access controls, such as passwords, you can prevent disclosure of information; By organising the information on the computer, and keeping regular copies, you can prevent the loss or corruption of information; and Using various means, you can secure your use of the Internet, and prove the authenticity of your communications.

Using computers more securely is a mixture of learning a little more about how the computer works, and undertaking certain tasks on a regular basis. The vast majority of the risks to your use of your computer come from mistakes in your own use or storage of information, or from the failure of the equipment it is stored on. Surveys in industries dependent on computer technology have found that 75% of data losses are due to internal errors, not from external factors such as computer viruses or deliberate damage. You don’t have to organise your information according to a strict formula. But it must be done in a way that everyone who needs to use it understands how data is stored and used. It’s also important to organise things to make it easier to keep copies of information, and to store those copies in such as way that they cannot be damaged or destroyed.

The other issue to deal with are the external threats to your work and computerised information. This comes from a variety of sources. There are the everyday risks from bad software and computer viruses. But increasingly we are becoming subject to directed risks; this can be the intrusion by the state or corporations who seek to frustrate or prevent our work taking place, or those seeking to defraud or steal information or computer equipment. The careful management of information, and the use of access controls to data and equipment, can help reduce the impacts of any attacks on you or your organisation. But it is important to realise that you can never completely prevent damage or data loss from external influences.

Overall, the purpose of these briefings is to help you make a qualitative improvement to the security of your computer and communications.

Variously formated (html/pdf/doc) briefings include:

  • Introducing Information Security
  • Backing-up Information
  • Living Under Surveillance
  • Passwords and Access Controls
  • Using Encryption and Digital Signature
  • Computer Viruses
  • Using the Internet Securely

Download free from the Free Range Activism Website

Knowledge is power, your ignorance is their bliss.

Surveillance Self-Defence

Whilst this wasn’t exactly what I had in mind when in my last post I described what future post content would be, it’s in keeping with a desire to present, generally speaking, information that can be used to move things forward by reconnecting the individual with their power, on a variety of levels. I’ve not settled on a presentation format yet, but here’s something for you to get your teeth into whilst I ruminate.

In the Revolting Students post I mentioned what a buzz it was to witness modern technology being used in a socially important and valuable way, in that instance by student activists using the Internet to organise and phones to email updates and send video footage of the thugs from the Met assaulting teenagers. It’s with those newly awoken activists in mind that I post this.

Which isn’t to say this post’s not for you if you happen not to be a ‘revolting student’, it is. This post is for anyone who uses a mobile phone and/or spends any amount of time online.

The odds are that the perception of Mobile and Internet security with the majority reading this post begins and ends with ‘a good password’ and some kind of antivirus software.

Consider then this introduction to The Electronic Police State Rankings (2008), a country-by-country compilation of data pertaining to the extent of electronic surveillance in those countries, drawn up by Cryptohippie, a professional body concerned with individual and corporate electronic privacy. The report begins with this introduction:

Most of us are aware that our governments monitor nearly every form of electronic communication. We are also aware of private companies doing the same. This strikes most of us as slightly troubling, but very few of us say or do much about it. There are two primary reasons for this:

1. We really don’t see how it is going to hurt us. Mass surveillance is certainly a new, odd, and perhaps an ominous thing, but we just don’t see a complete picture or a smoking gun.
2. We are constantly surrounded with messages that say, “Only crazy people complain about the government.”

However, the biggest obstacle to our understanding is this:

The usual image of a “police state” includes secret police dragging people out of their homes at night, with scenes out of Nazi Germany or Stalin’s USSR. The problem with these images is that they are horribly outdated. That’s how things worked during your grandfather’s war – that is not how things work now. An electronic police state is quiet, even unseen. All of its legal actions are supported by abundant evidence. It looks pristine. An electronic police state is characterized by this:

State use of electronic technologies to record, organize, search and distribute forensic evidence against its citizens.

The two crucial facts about the information gathered under an electronic police state are these:

1. It is criminal evidence, ready for use in a trial.
2. It is gathered universally and silently, and only later organized for use in prosecutions.

In an Electronic Police State, every surveillance camera recording, every email you send, every Internet site you surf, every post you make, every check you write, every credit card swipe, every cell phone ping… are all criminal evidence, and they are held in searchable databases, for a long, long time. Whoever holds this evidence can make you look very, very bad whenever they care enough to do so. You can be prosecuted whenever they feel like it – the evidence is already in their database.

Perhaps you trust that your ruler will only use his evidence archives to hurt bad people. Will you also trust his successor? Do you also trust all of his subordinates, every government worker and every policeman?

And, if some leader behaves badly, will you really stand up to oppose him or her? Would you still do it if he had all the emails you sent when you were depressed? Or if she has records of every porn site you’ve ever surfed? Or if he knows every phone call you’ve ever made? Or if she knows everyone you’ve ever sent money to? Such a person would have all of this and more – in the form of court-ready evidence – sitting in a database, waiting to be organized at the touch of a button.

Those who think that if you’ve done nothing wrong then you’ve got nothing to hide and nothing to fear, should stop here and read “I’ve Got Nothing to Hide” and Other Misunderstandings of Privacy (pdf) by Daniel J. Solove Associate Professor, George Washington University Law School; J.D., Yale Law School.

Everyone else come with me.

One issue within the issue is locational privacy. Locational privacy is the ability of an individual to move in public space with the expectation that under normal circumstances their location will not be systematically and secretly recorded for later use. The GPS feature of mobile phones and the fact that they transmit their location throughout the day (or night), and other systems, have the potential to strip away locational privacy from individuals, making it possible for others to ask (and answer) the following sorts of questions by consulting the location databases:

• Did you go to an protest rally on Tuesday?
• A small meeting to plan the rally the week before?
• At the house of one “Bob Jackson”?
• Did you walk into an abortion clinic?
• Did you see an AIDS counselor?
• Have you been checking into a motel at lunchtimes?
• Why was your secretary with you?
• Were you the person who anonymously tipped off safety regulators about the rusty machines?
• Which church do you attend? Which mosque? Which gay bars?
• Who is my ex-girlfriend going to dinner with?

Locational privacy is just one kind of privacy that can be compromised using mobile devices. Mobile phone and Wi-Fi communications can also be intercepted using basic equipment available to the public, (Internet communication generally has several security flaws). The article On Locational Privacy, and How To Avoid Losing it Forever details examples of threats (travel swipe-cards, congestion pricing, mobile phones, etc,) and presents practical, implementable suggestions for minimising the harm-to-privacy aspects of the technology.

For an overview of the security weaknesses of mobile phone and Internet communication (browsing, emailing and Instant Messaging), detailed strategies for dealing with them and basic technical information on how to protect the privacy of your data, one of the best places to look is the Electronic Frontier Foundation’s Surveillance Self-Defence Project. There you will find advice on Defensive Technology for computers and mobile devices.

The article Mobile Surveillance – A Primer from Mobile Active provides advice on identifying and understanding the security risks involved in using mobile phones and offers some suggestions for securing your mobile communications.

The information above was taken from the Surveillance Society and Surveillance Self-Defence sections of the Centre of the Psyclone website. Included in those sections (and omitted from here for space considerations) is more information on CCTV, Tracking, and Internet security.

Knowledge is power, your ignorance is their bliss.