As we know, there are known knowns.
There are things we know we know. We also know there are known unknowns.
That is to say we know there are some things we do not know.
But there are also unknown unknowns, the ones we don’t know we don’t know.
Donald Rumsfeld, US Secretary of Defence, December 2003
Human rights defenders are increasingly using computers and the Internet in their work. Although access to technology is still a huge issue around the world, electronic means of storing and communicating information are getting more and more common in human rights organisations. In many ways, the Internet has improved the work and security of human rights defenders: it increased the effectiveness of their mission, facilitated their access to information and boosted communications with partner organisations. On the other hand, it has ushered in some previously unknown problems and vulnerabilities.
This book is not aimed at a computer wizard. Its purposes are educating ordinary computer users and providing them with solutions to problems of privacy and security in a modern digital environment.
We write documents, draw pictures and communicate with each other on a computer and via the Internet. Programs to carry out these functions have been made so simple that we do not have to know how exactly a computer operates - as long as it functions properly. We therefore utilise technology that we do not wholly understand, yet rely upon it heavily. As consumers of the digital era, we want a finished product, not the list of its components.
Whether we watch television that receives a satellite signal, cross the road on a green light or undergo surgery – we rely on computers.
But what do we do when things go wrong? When our computers break down and annihilate years of hard work? When our emails do not reach the addressees or when we cannot access a website? How do we react to a news story of a virus damaging computers around the world, or to an email purportedly from a friend, asking to open the attached file? Uninformed decisions lead to bad choices, and blind reliance on technology often results in costly mistakes.
The work of human rights defenders and organisations is intertwined with technology. It facilitates communications and allows us to store and process large amounts of information cheaply and within minimal space. Technology enables even a small and remote organisation to acquire a global voice. An electronic conversation that took place a couple of years before can be recalled within seconds, and a perpetrator of a human rights violation, say, will receive thousands of angry emails and faxes from around the world. In short, computers and the Internet have become essential and inseparable parts of human rights work.
The abundance of digitally stored information and the ability to disseminate it around the world has created one of the biggest industries in human history – the information industry. Worth billions of dollars, it generates huge profits for those who control and operate its underlying structure. The ability to manipulate, monitor and restrict electronic information has become a hobby, a job or a policy for many individuals, companies and government departments. The war on terrorism has provided them with a carte blanche to implement surveillance and censorship of the once open and free Internet. Justifications of such activities run deep and often erode some basic human rights and freedoms. Certain countries of the world have even introduced legislation justifying and encouraging such practices to further increase persecution and suffering of human rights defenders and to undermine their legitimate work thus reducing their ability to protect the rights of others.
As the new technology remains largely unknown, human rights defenders often choose to provide for their own electronic security. Dozens of defenders and independent journalists are currently in prison for trying to spread their work to the digital world without proper knowledge of how to do it safely.
It is important to say here that technology in general has not yet reached every corner of our planet. Millions of people have never seen a traffic light, let alone a computer. The enormous material gap between wealthy and poor nations also manifests itself in the world of electronic technology and is known as “digital divide”. The human rights defenders on the wrong side of this divide find their opportunities of reaching out to the global community greatly reduced.
This book is an introduction to the ever growing and complex world of electronic security. Not only will it raise your level of knowledge and awareness about computers and the Internet, it will also warn you of different risks you may face in the digital environment and will tell you how to deal with them.
The book is written for human rights defenders, and therefore it looks at the ways of preventing the erosion of universally guaranteed freedoms. Alongside elements of theory, it offers possible solutions to some problems of computer and Internet security.
Security as a process
This is not a book of answers. Imagine approaching a security expert for an advice on how to react to real-life threats and physical harassment. Before coming up with an answer, he is likely to ask you a number of questions as to the exact nature of risks and threats you are facing. It is the same with electronic security. I cannot possibly offer you an immediate solution for every problem of yours. If you ever spoke with security experts, you may have noticed that they seldom come up with direct answers. Because there is no such thing as a one and only right answer.
A security manual is not a list of possible problems and solutions to them. It is rather a descriptive process of introducing you to the many different components of computer and Internet operations (specifically for human rights defenders, in the given case). My goal is to improve your knowledge of the elements of electronic security and digital privacy. The book operates in facts, theories, methods and possible explanations of computer insecurities and solutions to them. Together, they should help you resolve and strengthen your own electronic security. Hopefully, the manual will also trigger enough interest in the above-mentioned topics to inspire you to carry out your own research and to continue learning.
A Guide to the Manual
This manual is divided into four parts which can be read in any order. The reader does not require any special expertise, although some basic knowledge of computer and Internet operations would come handy. The chapters, containing information of a more technical nature, are marked ‘For Techies’.
The First Section is about understanding your security needs and vulnerabilities. It describes a non-technical approach to the digital environment. A method of mapping the threats, posed by a particular situation, is offered to help you decide on the strategies for implementing privacy and security solutions.
The Second Section lists various elements of computer and Internet security. It introduces the reader to computer operations and Internet infrastructure. Methods of securing data, bypassing Internet censorship and protecting yourself against malicious attacks are explained in detail.
The Third Section is a summary of worldwide legislation to restrict and monitor information flow and communications. It shows the downward trend, caused by the growth of restrictions to the rights to freedom of expression, privacy and communication, in many countries. Cases of human rights defenders currently in prison or persecuted because of their work through the Internet are presented as examples of the ways some governments enforce these pieces of legislation.
The Fourth Section drafts possible scenarios for human rights defenders and their organisations of dealing with problems of electronic insecurity and ensuring continuation of their work. The scenarios relate to the concepts presented throughout the book and solutions are based on realisable actions.
Following the case studies, you will find Appendices, aiming to provide you with detailed background on computers and the Internet, as well as in-depth explanations of certain security topics. At the end of the book, there is a Glossary explaining many of the more technical and unfamiliar words used in this manual.
This book can be used alongside the NGO in a Box – Security Edition
project - a collection of software tools and manuals comprising the necessary resources to achieve better privacy and security on your computers and on the Internet. All software mentioned in this book can be found either in the NGO in a Box – Security Edition
or will be included with its next release in the beginning of 2007. All the software can also be downloaded from the Internet.
Some of the concepts and technology, described and taught in this manual, have been made illegal in several countries of the world. Please pay careful attention to your local legislation and make an informed decision about possession and use of this book.