Above: Demonstarators carry signs at “Stop Watching Us: A Rally Against Mass Surveillance” march near the U.S. Capitol in Washington, October 26, 2013. (Reuters / Jonathan Ernst)
Note: One of the challenges faced by the movement for social, economic and environmental justice is the intrusive security state that not only includes government agencies but corporations. Many activists take the approach of transparency — we have nothing to hide — because they do not want paranoia to creep in. But, in fact it is not paranoia creeping in, it is reality. Some of this response is also because people do not know what to do. The video below comes from a webinar hosted by Greenpeace. The guest speaker, Allen Gunn, Executive Director of Aspiration, puts forward an excellent overview of the situation and puts forward a practical philosophy of security culture. We recommend it highly for all activists working for transformational change against the power structure and entrenched interests. KZ
Security and privacy issues have had the attention of the nonprofit world since the “Snowden files” exposed the CIA’s mass surveillance program. But security conversations tend to get technical fast with mysterious acronyms like PGP and OTR. The missing ingredient is often the “people factor.” By creating a “culture ofsecurity” in our workplace we can better protect ourselves, our communities and campaigns. Joining today’s talk is Allen Gunn of Aspiration, a leading capacity-building organization in the nonprofit technology sector. Read below for key take-aways and additional readings/ resources.
Live Q&A with #MobLabLive
A snapshot from Twitter of the conversation and questions on this MobLab Live conversation:
“To support a security culture in your org, start around the edges w/ dialogue. Model what you can, where you are.” #MobLabLive
— kjantin (@kjantin) April 8, 2015
“Security is a journey. It’s about taking small meaningful steps.” #MobLabLive — the engine room (@engnroom) April 8, 2015
Suggested steps to take in building a security culture:*
- “Security Culture” should build around people, not technology: Focus on dialogue, understanding there are different language to talk about security and different motivations.
- Focus on data, that’s what you are ultimately protecting with the sensitive information we store.
- Work incrementally, experiment safely and share your learning with colleagues.
- Creating a security culture is a journey, there is no end point and no “fully secure” operation.
Suggested further learning:*
- Learn to encrypt email with GPG.
- Learn to encrypt our media.
- Learn to use Linux and take steps away from Windows operating system.
Suggested tools to start building more security:*
- Install Tor Browser: https://www.torproject.org
- Learn to use “Off the Record” (OTR) messaging. OTR works with apps like Pidgin, Adium to encrypt chat.
- Install HTTPS Everywhere: https://www.eff.org/https-everywhere
- Install Guardian apps on your phone. These are cryptographic and secure communication tools for your Android and iPhone: https://guardianproject.info
- Play with Red Phone and Signal apps, more secure communication tools: https://whispersystems.org
* This not a comprehensive list nor an endorsement by Greenpeace. Greenpeace staff can review information security policies here.