Digital Security and Privacy for Human Rights Defenders

4.2 Case Study 2
Communication channels

Outline

The global NGO ‘Human Rights for All’ (HQ) based in Europe has requested that one of its international branches (the Bureau) performs an investigation into cases of torture at the hands of the local government. The selected country ‘N’ has long become notorious for using torture against prisoners and especially human rights defenders. The Bureau is located in the capital of ‘N’ and employs a number of skilled people with many years experience of working in difficult situations. They can collate the necessary information for the report on torture but worry that the government will stop at nothing to prevent them from doing so. ‘N’ has a very tight policy on controlling information and making sure that the outside world knows as little as possible about its internal activities.

HQ decides to publish the report, based on the information they will receive from the Bureau, themselves. They need to establish a secure channel of communication with the Bureau and make sure that the project continues until completion, or for as long as possible. There is an understanding that security is a primary issue here and they have allocated a budget of 5,000 USD to the Bureau especially for this cause. The project needs to survive attempts by the local forces to compromise, restrict or destroy it completely. The Bureau is to undergo a review of its methods of collecting and communicating information as well as of building a security policy for all staff to implement.

It is decided that all staff undergo information security training by a local expert and do their own study and research in security issues on the Internet. Case studies, witness reports and other information on torture cases they may uncover will be stored on paper and in electronic format. Field reporters will communicate their findings by bringing back a collection of notes taken during the mission, and by making daily reports from an Internet café. In other words, all information will be duplicate in physical and electronic format.

The office comprises a rented apartment in the centre of the city. There are two computers and an Internet connection. The staff are well-acquainted with the neighbours and enjoy their support. The office had previously been broken into, although nothing of importance was taken.

Threats

To get an understanding of what elements the Bureau will need to secure this project, they first decide to list all the threats they may face. The project work area is shared by HQ, the Bureau’s office and the field workers. Each face their own particular threats and these must be dealt with separately. Likewise, the threats themselves are separated into those affecting office, information and communications security101.

HQ

Office threats: minimal
Information threats: Reports could be lost due to virus damage or hacking
Communication threats: The communications link with the Bureau could be broken, or reports could be spoofed (falsified by malicious intrusions).

The Bureau

Office threats: Vandalism to equipment, theft, electricity faults, fire
Information threats: Computers are confiscated, data is corrupted by virus attacks or hackers
Communication threats: Office internet is disconnected, email does not send or arrive, HQ website and email address blocked, communications monitored

Field workers

Information threats: reports are lost or confiscated
Communication threats: field workers cannot access Internet café, the Bureau’s or HQ’s website become blocked from access within N.
diagram

Solutions

Communication

Communication between the different players in this project is essential to its survival. Therefore the participants devise several standards and methods of establishing and continuing this communication.

Three distinct channels of communicating with HQ are established. There is an open channel, where information is communicated in an insecure fashion – by telephone, post and regular email. It is important to have an open channel, so that the monitoring bodies can be satisfied of having ready access to the project communications. Information passed through the open channel is not sensitive and would include typical administrative and organisational data.

A private channel will provide for sensitive and secure communications. It will be used for exchanging information about cases, witness reports and organisational strategy. It is decided to use a secure webmail solution and Gaim with OTR plug-in for instant messaging102. No sensitive information will be passed by telephone, fax or insecure email. The private channel will not be used regularly so as not to attract too much attention.
The above channels require a functioning Internet connection for communication. It is agreed that HQ will not suffer from Internet shortages and a backup channel is devised for the Bureau and their field workers, in case the Internet stops working or is disconnected. The backup channel will involve the Bureau workers using a nearby Internet café.

diagram bureau

A graphical schematic for the Bureau’s communications system

Information

All data recorded and collected by the staff will be kept on paper and electronically. This will require necessary safety measures to ensure that the data is not lost, stolen or damaged. It will be very important to create and maintain a backup procedure that will outlive possible attacks. Likewise, the backup medium itself will need to be secure, as it creates an additional copy of sensitive documents.

To make sure that no field reports are lost before they are transmitted back to Bureau, a laptop will be purchased. Field workers will record information on paper and duplicate it to laptop. They will communicate this information to the Bureau from an Internet café on a daily basis (or as often as possible).

Office

Office security will include a rigorous policy for the staff, strengthening of entry points to the building and general upkeep to make sure that the chances for computer crashes are reduced. Physical documents will need to be kept in a safe, and wasted paper will need to be properly destroyed. It must be taken into account that computers and other office equipment could be damaged or confiscated, so a reserve fund is maintained to allow the organisation to purchase new equipment and resume work should this occur.

Detailed responses to threats

After developing a general idea of how to operate when dealing with possible disruptions to their work, the staff attempt to counteract all of the individual threats listed in the diagram. They undergo security training and perform their own research into electronic security on the Internet.

Information threats

multi layers

Multiple layers of data backupconfiscated, the documents can at least make it back to the office

  • Files, reports lost or confiscated: To prevent the loss of data, regular backup is made of the information on computers and laptops. A re-writeable CD drive (CD-RW) is sourced for 200 USD and installed on one of the computers. Information backup is implemented by using the DeepBurner and Freebyte programs available on the NGO in a Box – Security Edition CD. Every second day a backup is made of all the user documents, put on a CD and taken off-site. The person to maintain this backup rotates 2 CDs, one of which is always in the office and the other - at his/her house. At the end of every month, an additional backup is made and given to another person to keep at home. This way, should the computers in the office be damaged and the daily backup system be compromised (quite difficult to orchestrate), there will be a third tier of information backup from the previous month. Backup for field workers is done on a USB memory stick. The stick contains a copy of all recent documents, made by reporters since they last visited the office. If the laptop is lost or
  • Virus attacks or hacking: To prevent the loss of data through a virus attack or hacking, the Bureau installs the Avast4 anti-virus software on all computers and laptops. The software is free for non-profit organisations and updates automatically when the computer is connected to the Internet. They also install Spybot to counteract other malicious software and the ZoneAlarm firewall to prevent hackers from intruding into their computers. All software and explanations are found on the Digital Security Toolkit CD. A strong policy on viruses is introduced, ensuring that nobody opens suspicious-looking email messages or uses an external diskette in a computer without scanning it with the anti-virus software first.
  • Computers confiscation: If the computers are confiscated with official warrants or otherwise, the organisation must have the means to continue its operation. It will be necessary to purchase new computers, and money must be allowed in the budget for this. Even one computer will suffice if the circumstances demand it. The staff source a computer retailer who will sell a new computer for 1000 USD. Needless to say, a backup of the files and documents will be required to bring the organisation back to its original state and allow the project to continue.
  • Theft of documents, equipment: A strict key policy is introduced and only those in need of possessing office keys are given a copy. No additional copies can be made without general consensus. All computers are switched off at night and a safe for files is purchased at 300 USD. All CDs, diskettes and paper with sensitive information on it is kept in the safe. Measures are implemented to make sure that no unwanted persons could sneak into the office. The windows are within ground level and will be protected with metal bars. The door is also strengthened and a peep hole installed. A local company agrees to do both services for 500 USD.
  • Loss of Internet connectivity: It is possible that the Internet is disabled from use for the Bureau. This could be the result of pressure on the Internet Service Provider or a malfunction of the network itself. To counteract, the staff decide to use an Internet café. Should the interruption to the office Internet connection prove long-term, 500 USD is set aside as emergency fund to for using the Internet café. A USB memory card will be used to transmit files between the office and the Internet café.
  • Communications monitored: If the surveillance infrastructure of N is sufficiently advanced, they will be monitoring email that comes in and out of the country. The Bureau has a suspicion that their email is sensitive enough to warrant its monitoring and switch over to using a secure SSL webmail service. They register two accounts at https://www.riseup.net103 and use one for communicating with HQ and one for the field workers. All information is passed to the headquarters daily via email. Since the connection to the webmail client is over SSL (HTTPs), it is encrypted. The Bureau staff research the possibility of Man-in-the-Middle attacks and are careful checking the certificates presented by the website.
  • Website and email blocked: If the government decides to block Internet access to the HQ website and to the RiseUP webmail, an alternative must be found. The Bureau employees can find other secure webmail providers or employ a number of circumvention methods to bypass these blocks. It is decided to purchase such software either through http://www.anonymizer.net or the ‘Internet Anonym’ package from http://www.steganos.com. These tools will give the office computer anonymous access to the HQ servers. Bureau staff research and find many similar organisations offering such access from a fixed computer as well as as from public ones they may need to use in an Internet café. Money for this has been allocated in the emergency budget and 200 USD has been put aside for it.
  • Computer technician: A previously tried and tested consultant from a computer company will visit the office twice a month for general administration and will be on call for emergency situations. The fee will be 1,000 USD for 6 month.

Budget

Bars on windows and door strengthening 500 USD
CD re-writer and 10CDs 200 USD
Safe 300 USD
2 USB memory cards 100 USD
Laptop 1,000 USD
Computer Technician 1,000 USD
Total 3,100 USD
Emergency money: 1000 for PC, 500 for Internet
café, 200 for Circumventing Website blocks 1,700 USD
Budget Total 4,800 USD
diagram

101
There is an additional element of staff security, but this is best described in the Peace Brigades’ ‘Protection Manual for Human Rights Defenders ‘ www.frontlinedefenders.org/manuals/

102
You can download the latest version of Gaim from http://gaim.sourceforge.net/downloads.php and the OTR plug-in from http://www.cypherpunks.ca/otr/#downloads or find it on the Digital Security Toolkit CD

103
Other possibilities for secure webmail include https://www.bluebottle.com and https://www.fastmail.fm