To encrypt or not to encrypt

From Competendo - Digital Toolbox
Jump to: navigation, search
In a world where restrictive measures against civil society organisations and their people are increasing, being able to encrypt and decrypt communication, or to offer safe communication and information channels, becomes a topic for EDC/HRE organisations also in Europe.

Goals

  • Reflect on and discuss the kind of data exchanges expose us to repression

Context

Essentially, one can distinguish between two approaches: end to end encryption ensures that communication throughout the whole process is only accessible for the sender and the recipient. Examples of this kind of encryption include PGP for e-mails or Signal and Whatsapp. Alternatively, transport encryption ensures that data is not visible for intermediaries. However, messages stored on the servers are not necessarily encrypted, thus exposing data to the risk of being accessed by unauthorized parties. In order to use transport encryption, one should use websites with https:// which means that the content is safely transmitted through the Internet.

Virtual private network (VPN) is a technology that helps you to surf and save emails in critical environments and countries with a strong surveillance policy. This technology builds an encrypted connection to a server in a trusted environment. Therefore, you access the Internet through this trusted server, not directly through your hotel WiFi. VPN clients are included in Linux and MacOS. A VPN server needs to be set up, often you need to buy a license from one provider.

Read more on privacy protection in Competendo Privacy Protection

Similar encryption instruments for email or messenger-based communication might help Human Rights activists remain off the radar, and resist exposure to further repression. About encryption Email Encryption


Steps

1. Prepare:

  • Make a list of interactions you have with the partner organisations you cooperate with and map them on a flipchart

2. Explore:

  • Identify risky points that allow for tracing/identifying and harming your partner
  • Check the internet: what programs/instruments/services are in place
  • Check whether your organization’s ICT use/policies are in potential conflict, with the aim of ensuring the safety and integrity of your partners

3. Strategise:

  • Think about ways to interact and keep a safe communication channel
  • Develop an action plan

Reflection

The right to educate and actively ask for transparency, democratic participation, governance and control cannot be taken for granted, worldwide nor in all European states. The interaction and cooperation between civil society organisations may thus put partners unintentionally at risk, not only in regard to their work and fields of civil activity, but also physically. Civil society in any field of international cooperation and partnerships needs to develop a high sensitivity to communication, transaction of data, traces of finances, or for intervention of third parties.


Valentina Vivona

Researcher at the Osservatorio Balcani Caucaso Transeuropa (OBCT), a think tank focused on South-East Europe, Turkey and the Caucasus located in Trento (Italy).


Holistic Security

Read more in the Holistic Security manual: “Holistic Security is a strategy manual to help human rights defenders maintain their well-being in action. The holistic approach integrates self-care, well-being, digital security, and information security into traditional security management practices”. https://holistic-security.tacticaltech.org/


Time 1.5 hours

Material Standard

Group Size 5-25 people; Depending on the number of participants, the task can be carried out in a plenary session or discussed in subgroups first. It can be a simulation or based on real information.

Keywords encryption, VPN, network and partnership security


From:

CCI.png

Related:


Also interesting:


Learning the Digital

Digital-book-cover.png A Competendo Handbook

Read more