Citizen Lab and Collin Anderson’s joint submission to the UN Special Rapporteur on freedom of opinion and expression highlights the developing digital security threats faced by civil society organisations:
‘Even when Western governments are aware of active digital espionage operations conducted by foreign governments against civil society, they may not attempt to intervene or notify the victims—and may seek to utilize the exfiltrated information for their own ends.
According to newly released Snowden documents, US, Canadian, and UK intelligence agencies discovered an ongoing hacking campaign against victims including “Chinese Human Rights Defenders,” “Tibetan Pro-Democracy Personalities,” and “Uighur Activists.” They monitored the data gleaned by the hackers for content of interest, taking no steps to prevent further compromise of the victims.’
The document argues that encryption and anonymity tools need to be ‘democratised’ so that civil society organisations can build them into their daily workflows. Even so:
As encryption and other forms of secure technologies become more ubiquitous, society must also address the market for advanced spyware and other “work-arounds” that will spring up to undermine such digital security solutions.
The submission then includes an overview of civil society organisations’ key needs when using digital communications, the threats to each of these activities, and which encryption and anonymity tools are available to help mitigate those threats (from page 13 onwards (PDF)).
This resource is being developed, and Citizen Lab is encouraging members of the technical community, civil society, journalists, and others to critique its form and content. Do you think about all these threats when writing your project risk assessments, and have you identified any particularly useful solutions?