This is an overview of the work the Digital Security School (DSS375) of the Belarusian Human Rights House has accomplished over the last year with regard to enhancing the capacities of Belarusian human rights defenders, journalists, and civic activists and their organisations to effectively assess, mitigate, and tackle emerging risks for their privacy and digital security.
DSS375 has operated under the aegis of the House since 2015 by offering qualified and relevant support and education in digital security. DSS375 conducts consultations, technical assessments, and security audits, as well as raising awareness and giving a sense of emerging digital security incidents and risks. The continuous deterioration of conditions for the work of independent journalists, civil society, and human rights defenders in Belarus has only boosted the demand from these groups for such expertise and support. Consequently, as part of a 16-month project implemented with support from the Open Technology Fund (OTF), DSS375 succeeded in providing altogether 225 consultations and technical assessments; the consultations were mainly about the installation of encryption and secure communication tools, secure passwords, antivirus, Private Internet Access (PIA) VPN and licensed software, full data backup and safe storage for sensitive information, as well as the vamping up of PCs, laptops, and Wi-Fi routers, among other things. In 2018, DSS375 started visiting regions throughout Belarus to make sure more organisations and initiatives are aware of the available support and expertise of DSS375. There were altogether 10 trips to different regional towns and cities where the experts met with representatives of independent mass media, human rights defenders and civil activists.
There were three security audits conducted by DSS375’s experts, resulting in issuing relevant recommendations and security policies for the audited human rights and civil society organisations. The audits were conducted based on the SAFETAG framework and all audit measures were tailored to existing circumstances and the specifics of every audited organisation. Our experience with the audits has shown that it is very often that our target groups lack understanding of what the actual risks are and how to best address them. In situations of risk, many of those we taught and assisted with digital security issues were unable to react promptly under severe stress (e.g. during searches or arrests). Therefore, we make it a rule to teach our target groups how to assess and mitigate digital security risks before addressing any technical issues or teaching them how to use different tools.
The same observation was made about digital security trainings where teaching different tools was initially a core aspect. Acknowledging that many training participants have showed low retention of newly learned knowledge and skills, DSS375 revised the training methodology, ensuring there is a space for experts and participants to have an honest conversation about the risks faced by a particular organisation or individual. New trainings are instrumental for participants to distinguish actual risks and threats from those that are irrelevant or improbable and to discuss mitigation measures, capacities, and required resources, effectively working with the tools and software they already use as well as introducing new ones if needed, and to find answers to their questions and concerns regarding protection and security. That is to say, the new methodology ensures digital security trainings are less techy and have more targeted purposes rather than general ones that appear to be too difficult for the vast majority of participants and which require a lot of follow-up engagement. However, we are not under the illusion that the new training methodology is the ultimate approach to achieve the expected outcomes. It certainly requires further development and adjustment, taking into account the changing conditions and threats target groups are faced with.
Throughout the past 16 months, the DSS375’s team was also able to conduct three trainings in all, with the latest session based on a new methodology and conducted in May 2018, serving 12 people from five different organisations or initiatives, During this training, we saw that in addition to digital security, the participants were genuinely interested in issues related to their privacy online, something that we had not been specifically addressing up to that point. In response, these issues are now in the DSS375 pipeline for the future.
In addition to dedicated trainings, practical annual or biannual conferences have become an effective approach to working with digital security “champions” – those representatives of human rights groups, civil society organisations, and independent journalists who are interested in digital security and can either teach their colleagues the principles and practical use of it or otherwise promote more secure digital behaviour. Staying in close contact with target groups and receiving relevant feedback from them is also important, as this allows us to discuss incidents, threats, and raise concerns with each other. Since 2015, DSS375 has conducted six conferences on digital security, including one in September 2017 with the support of OTF. That conference, attended by 19 representatives of Belarusian human rights and civil society organisations, independent media, and trade unions, was dedicated to the discussion of current challenges, incidents, and tendencies in digital security in Belarus, as well as the effectiveness of applied approaches and methods in protection. The participants were presented with the available services and expertise of DSS375, learned general aspects of security from the organisational development point of view, and discussed different concerns related to technical topics, among other things.
For several years, DSS375 has actively worked with these champions to wide the digital security knowledge of human rights defenders throughout Belarus. DSS375 looks forward to continuing our capacity-building efforts in this domain – building off the work accomplished through this project while absorbing the challenges faced, lessons learned, and feedback gathered throughout the process.