A Call for More Expansive and Holistic Digital Security Training Materials

DIFP fellow Tawanda Mugari’s work in rural Zimbabwe reveals glaring gaps in training coverage - particularly for children of at-risk adults
Wed, 2021-04-21 08:38

Digital security literacy is an essential part of online life. From phishing attacks to inadvertent malware installations, threats on the web are pervasive and difficult to detect – particularly for those who are unsure of what to look for or unaware of their individual risk profile. That’s why today, providing digital security training to employees is a best practice for virtually all companies and organizations. Yet for members of vulnerable populations and those involved in defending human rights, obtaining access to these trainings and the literacy that comes with them is less a matter of corporate compliance and more one of vital personal safety. For far too often, the digital security of activists, dissidents, and members of persecuted groups is exploited to bring about serious online and offline harms.

Within this complex framework, and amidst the unprecedented COVID-19 pandemic, Digital Integrity Fellowship Program (DIFP) fellow Tawanda Mugari set out in 2020 to provide proactive digital security training to three recently formed organizations that provide support services to lesbian, gay, bisexual, transgender, intersex, and queer (LGBTIQ) individuals in rural Zimbabwe. Though the impact of Tawanda’s work at the local level will last for years – and possibly even entire lifetimes – what he discovered toward the end of his fellowship has the potential to create an even broader impact by serving as a needed wakeup call for current digital security training practices in the Internet Freedom community.

A strong anti-LGBTIQ sentiment exists throughout Zimbabwe, and is particularly prevalent in rural areas. Within these conservative communities, LGBTIQ individuals experience political vilification, public discrimination, harrassment, and at times physical or sexual abuse. Organizations that provide rural support services to members of the LGBTIQ community also face threats themselves, including raids, device confiscations, unauthorized membership database access, and increased surveillance. In such situations, robust digital security is a must – but with computer literacy so low, many targeted individuals are completely unaware of the increased risk their online activities can create.

Tawanda’s fellowship, therefore, first worked to establish a digital security baseline and threat model for three new organizations providing LGBTIQ support services in the region. After gaining an understanding of each organization’s current security status, he sought to develop a strategic direction for strengthening their digital resilience by developing action plans and providing digital security trainings and mentorships. Then, towards the end of his fellowship, Tawanda was able to focus his efforts on institutionalizing and sustaining the secure habits and behaviors of those within the organizations as well as the individuals they serve. The overall goal was to create a proactive approach to digital security that would protect members of the supported organizations, and those who receive their support services, in a meaningful and lasting manner.

Over the course of the project, Tawanda’s collaboration with the support organizations was complicated by frequent COVID-19 shutdowns and a stark lack of basic digital literacy. The organizations routinely provide counseling, education, and reproductive health services along with time-sensitive protection and sheltering of displaced individuals – all of which present obvious digital security issues. Before addressing these risks, however, Tawanda often had to start with very basic building blocks – such as what a password is and why it would be important to use one. Yet thanks to Tawanda’s committed efforts to build trust within the organizations and the community, his audiences were highly receptive to these trainings and the added layers of critical protection they helped provide.

Of note, Tawanda experienced an aha moment toward the end of the year when he realized that his digital security trainings would be inadequate if they focused only on at-risk adults – especially when many of the individuals in need were parents. It quickly became evident that children of LGBTIQ individuals face the same threats and risks as their parents, regardless of whether or not they themselves identify as LGBTIQ. Time and time again, Tawanda spoke to parents whose children were present during ugly incidents or even targeted themselves because of their parents’ identity. Knowing that these children would soon be online (or were already), Tawanda realized he had to take action to help protect them and he soon began working directly with at-risk children, while also teaching their parents to pass on what they learned. These proactive efforts were welcomed with open arms by the organizations, parents, and children alike.

Still, Tawanda struggled at times to effectively convey digital security on multiple levels and to multiple age groups. Many digital security training frameworks fail to include children and how they may be affected or need support. In particular, Tawanda’s research was unable to unearth any digital security trainings in the Internet Freedom community that focus specifically on children. It therefore became apparent that more support was needed to address this glaring gap in training coverage and methodology.

Although the specific context of Tawanda’s project revealed this previously unexposed need, the need itself can easily be applied across many contexts including children of activists, dissidents, and other persecuted/at-risk groups. A call for community action must be issued. The Internet Freedom community has done incredible work to increase the scope and impact of holistic digital security trainings and practices, but more still needs to be achieved. Little to no materials currently exist in the community detailing how to protect children of activists – despite the fact that corporate/for-profit organizations have started to create such materials. It is time then for the Internet Freedom community to proactively include the protection of children in holistic security trainings by formulating child-friendly training materials and including children when generating threat matrices for vulnerable populations and communities. Once exposed, this need cannot go ignored. Many human rights defenders cannot be psychologically secure until they know their children are safe as well. These important steps – and others like them – will understandably take time to achieve, but in the meantime digital security trainers and those being trained should do their best to present and comprehend information in a manner such that it can be passed down from at-risk parents to their at-risk children. The time for action is now.

About the program: The Digital Integrity Fellowship Program (DIFP) provides organizations and communities most affected by Internet freedom violations (like journalists, human rights defenders, NGOs, activists, bloggers, and others) support for their digital security needs. Simultaneously, fellows will educate the broader Internet freedom field about the threats and vulnerabilities experienced, to ensure that emerging and existing technologies best meet the needs of at-risk communities. The program supports fellows to work within front-line organizations and networks for twelve months in duration.