This message will self destruct in 10 seconds.... 9.. 8.. 6.. 5.. 4.. 3.. 2..
This was the stark reality presented at a top secret conference on activist security that took place this month. Meeting in a quite location somewhere near the coast, dozens of campaigners from around the country came together to learn about the technology and techniques being used by the authorities and private agencies as they attempt to gathering information and disrupt and destroy campaigns.
The aim of the gathering however was not to make everyone paranoid and feel helpless in the face of the technological assaults on our privacy, but rather to equipe people with the awareness and knowledge to enable them to take steps to reduce the risk to themselves and those they associate with.
The two day conference involved a wide variety of workshops, some discussion-based, some practical or computer-based. Lessons learned by those attending included the importance of 'need to know', the now proven fact that switching off a mobile phone is not enough to prevent it being remotely activated as a bug or tracking device. Also discussed was how to spot and loss a tail, how to trap and expose infiltrators, issues of security for campaign groups and their offices such as maintaining a secure contacts database. Computer based skills covered included encryption of stored data and electronic communication, and ways to use the internet for research etc without leaving a trace.
Mush of the information presented during the workshops came from the document 'Practical Security Advice for Campaigns and Activists' and this, along with the experiences and ideas contributed by the participants of the gathering are apparently going to be put together as a printed booklet for distrubution next year. Additionally there are plans for a 'walls have ears' style poster outlining basic precautions which can be displace in meeting spaces and social centres etc to remind people of the need to consider security.
Comments
Hide the following comment
Delia and the cooked books
14.12.2006 06:51
Look, this is recommended reading for everyone just to get people thinking. Now it is published here everyone here should read it. Well done and all, making people think about security without their being assumed to be paranoid.
Okay, most of this is available in bits and pieces here and there, often here. Some of this stuff is straight out of a kids spy book I had back in 1974 - although you've missed out - invisible ink. Joke.
There is also some fairly important stuff missing or misunderstood or maybe just badly worded.
I've written security guides for people I care for in the past, folk who needed it, always on a one off basis rather than even a workshop though I did consider that once. And I could just chip in my tuppence worth now, and if everyone else did it would be improved than anything we are up to alone.
I just don't understand the philosophy of publishing this in a single document where the police can read it - won't that undermine the whole effort ? Okay there is some stuff they can't do anything about, like proper encryption with a proper personal alert system, But there is some good stuff you have just published that I previously chosen not to.print out.
I can see the great benefits of having more activists 'aware', but I can also see the dangers in sharing everything. Do you know any virus writers ? Maybe it would be better for you if you acted like those people act, a bit more sly...act on the traditional need to know basis, and assume that goes for techniques as well as data. Teach folk when they get to that level and rquirement and not before.
Where do you draw the line on what you share ?
This is a tricky one, I wish smarter people than me were discussing not the information provided, or methods or additional information, but the philosophy and strategy behind this.
I'm not an activist suddenly, I would like to help you since I've nothing to fear anymore and since I wouldn't be pumping you for info you'd have nothing to fear from me...but I don't know you. and I could just be blabbing to the wrong people and hurting folk I still wish well.
I hope the rest of IM reads this - for their own benefit - but I also hope everyone discussses the implications before sharing more stuff online in a single document. It makes it too easy for your opponents too.
Are the benefits of helping a lot of people take security seriously worth the risks of handing your opponents a summary of what you know ? This is dodgy although I don't doubt your intent. Actually, that is a lie, we both doubt each others intent if we are honest, I was just being polite.
Any neutral, intelligent opinions on this preferably from well known regulars or 'names' ?
Vodka Danny