Lessons from the Front Lines of Digital Security Assistance

Reflections from Year One of OTF’s Digital Integrity Fellowship Program
Thu, 2018-08-30 09:02

For the last five years, OTF has prioritized enabling safe online communications and open internet access for those who are in high censorship environments. During this time, we’ve made significant investments into long-trusted and cutting-edge technologies that enhance privacy and security in online communications. But as internet censorship rises globally, and at-risk communities experience unique threats to their lives both online and off, ensuring that emerging and existing internet freedom technologies meet these needs is of the utmost importance. Further, as the demand for increased digital security is on the rise, it has become even more critical to ensure that protective measures are most appropriate for those in need.

With this in mind, OTF launched its pilot Digital Integrity Fellowship Program (DIFP), supporting six digital security experts based in communities and regions around the world where threats to internet freedom are a regular occurrence. Their objective: bolster the digital security practices of at-risk organizations from the inside out. As these fellows deployed their strategies to bring secure operating practices to their networks, they were also able to tap into the expertise of seasoned digital security practitioners, including Cheekay Cinco, Carol Waters, and the team at Greenhost.

Over the course of the DIFP program’s inaugural year, the fellows, mentors, OTF and the broader internet freedom community gained valuable insight into their unique situations and experiences of the fellows and the communities they worked with.

As we reflect on the completion of the program’s first year, we’d like to share here some of the overarching themes and trends experienced across the cohort:

  1. The Value of Collective Security: In countries where civil society is strong and collaborative, it is likely that they will share information with each other for the purpose of achieving their goals. When one or more groups in this civil society network face any shortfalls in their security practices, it can bring risks to the entire network.
  2. Flexibility in Assistance: While it is ideal to plan for and provide digital security assistance during times where there is a lull or reduction in censorship and surveillance issues, that opportunity rarely presents itself. Instead, it’s imperative for digital security assistance providers to be able to quickly adjust or tweak their approaches to meet any urgent needs that arise, while still working to accomplish general preparedness in advance of future digital attacks. It is also necessary to identify the right time to engage with groups needing assistance: depending on the severity of the threats that they are experiencing, rushing to implement a digital security practice might cause more harm than good.
  3. Contribution to the internet freedom community: Although different digital security practitioners often work in different countries and contexts, there are still moments where sharing their experience on particular issues or with particular tools can benefit the digital security ecosystem. The Digital Integrity Fellows were able to provide valuable input into community resources such as SAFETAG and Security-in-a-Box, as well as document their experiences around using prominent internet freedom tools such as Tor, F-Droid, Veracrypt, mesh networking tools, VPNs, GPG and other email encryption tools.
  4. Not all digital security assistance is equal: Some of the fellows remarked that a portion of the organizations they were working with had already undergone some form of digital security assistance. But, because of factors like trouble using particular tools, not having the opportunity to ask follow-up questions, or not using the right tools or approaches to counteract the threats that they were facing, prior trainings were at times inadequate or left a bad impression with the “trained” group. While this can make it challenging to re-engage such groups, it does reinforce the principle that collaboration between the digital security expert and the organization(s) seeking their help is a critical first step, accompanied by a security approach that is most complementary to their needs and how they work.
  5. Investing in security long-term: One-off digital security assistance is rarely, if ever, effective in keeping organizations as safe as possible from internet freedom threats. Working with organizations to hire dedicated staff to work on organizational safety or to find “champions” within organizations and networks to carry on this work after the fellow’s time with them has ended are important first steps to maintain and build a culture of digital security.

Many of these findings resonate with the experiences shared by other digital security practitioners, and are important considerations when incorporating particular tools or practices into the workflows of organizations and networks that regularly experience censorship and surveillance issues.

OTF is excitedly embarking on supporting a new cohort of Digital Integrity fellows, and we look forward to sharing out their discoveries over the course of their fellowships while building off the strong start and accomplishments of our first year DIFP fellows.