WITNESS is participating in Blog Action Day 2013. This year’s theme is human rights. In this post we take a look at an increasing threat to activists everywhere: the violation of their right to privacy via online communications. We share basics of encryption that may help keep you, your networks and your communications safer.
Rio de Janiero, Brazil – The police came to the door with a warrant on a cool evening in early October. Within minutes, they had arrested a young man who had participated in wide spread municipal strikes against an increased bus fare over the summer. They quickly confiscated his computer and phone, and whisked him away to the police station. The same evening, the police visited other members of his group across town, harassing some, arresting others, but accusing all of being looters and thugs.
What remained unclear was how the authorities had located these individuals. In reality, they were peaceful protestors. However, many had played a key role in organizing these large actions. During the protests, they had taken precautions to conceal their identities with masks and goggles for fear of their pictures ending up online. What they had not considered, however, was that the police and other government entities had found a way to track them elsewhere and had taken to the Internet to infiltrate their network and had targeted these activists through e-mail communications and social media posts.
This scenario, based on reports from activists on the ground, is not unique to Brazil. As more revelations regarding the extent of surveillance programs run by the US National Security Agency (NSA) grab international headlines, activists all over the world are becoming increasingly savvy to the likely reality that governments all over the world may be violating their human right to privacy. While we do not know the the extent to which communications surveillance is currently taking place in individual countries, activists are taking precautions and learning how to install and use encrypted email and chat.
While encryption may seem complicated to set-up, it is well worth it. To help you get started we have put together answers to some frequently asked questions and a list of some of our favorite step-by-step resources.
Why should I set up encrypted email and chat? I don’t have anything to hide!
This is a common response when broaching the topic of encryption. Yes, currently different people need to build different amounts of privacy protections into their digital workflow based on their environment and the nature of their work.
However, we recommend that everyone (and especially activists involved in organizing) consider their level of comfort with outside actors accessing their communications. Take some time to consider security and surveillance in your environment. How much do you know about the extent of information currently being collected? Could sending unencrypted emails put individuals, places or groups at risk for greater surveillance, government interference or harm?
Based on your assessment, set-up and begin to use encryption accordingly. Encourage your friends, family and groups you are involved with to do the same. While you may only end up using it once a month or less, it is a good skill to know how to configure and use encryption (and it can take a bit of practice to get used to). In addition, it is important to remember that circumstances can always change and you may find you need it in the future.
Does everything I do need to be encrypted? If not, what needs to be encrypted and what doesn’t?
A frequently cited rule of thumb: If you wouldn’t write on a post card (since that can be theoretically read by everyone who comes in to contact with it), don’t write it in an email or on chat.
A diagram of the encryption process for email. (Creative Commons, created by http://wri-irg.org/)
Do the people I send messages to also have to have encryption set up?
Yes. To send an encrypted email or hold an encrypted chat, the recipient must also have encryption set up. Many groups all over the world are helping their members get set up through holding “Cryptoparties,” where people get together and get set up on encrypted chat and email together. For instructions on how to how to set up and host a Cryptoparty check out this guide (also listed below).
I want to set up encrypted email and chat, how can I do this?
Here are some great resources to get you started:
Quick guides and additional background:
- Electronic Frontier Foundation: Surveillance Self-Defense Guide – Encryption Basics
- Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance
- Life Hacker: How to Encrypt Your Email and Keep Your Conversations Private
- Digital Trends: Layman’s Guide to Email Encryption
More in-depth guides:
- Cryptoparty – Online book, covering a wide range of security topics including extensive background on privacy, encrypting email and chat and a step-by-step guide to hosting your own cryptoparty.