Coffee and Circumvention: Event Security Tips: Difference between revisions

From TCU Wiki
No edit summary
Line 192: Line 192:
** How will you ensure a similar incident does not happen again?
** How will you ensure a similar incident does not happen again?


'''Resources:''' [https://tech-care.cc/03-incident-handling-proces here]  
'''Resources:''' [https://tech-care.cc/03-incident-handling-procesa here]  


Finally, Learn from local organizers, how do they safely create formal and informal gatherings within your context?
Finally, Learn from local organizers, how do they safely create formal and informal gatherings within your context?

Revision as of 14:38, 3 April 2023

The following are security tips and recommendations. However, we highly encourage each group to identify and work with someone in their community who specializes in digital security. This is because each group, context, and individual has specific threats that require tailor-made approaches. Also, this part of the manual is especially focused on individuals in places where gathering may present more risks.

Protecting Your People

When you organize physical gatherings and meetups, you are bringing together diverse individuals each of which have their own unique and specific level of risk.  For example, a young woman activist will have different risks than an older male director at an IT company.

The woman activist may be a target of gendered harassment and violence by their state and community for challenging power through their activism/work, and thus  may be a target of spyware, hacking, online violence  or physical attacks. Meanwhile the older male director of an IT company may only face risks from hackers aiming to steal and profit from his company, but with no specific interest to harm him personally.

Unfortunately, however, in an event, your participants inherit the total sum of the risks of everyone involved. Thus, continuing the example above, the director of the IT company may find that he is also being surveilled or subjected to other threats because of his association with the woman activist through the event or any other type of community building initiatives where they are both present.

As a community organizer, It is your responsibility to protect the safety and security of all individuals involved in your event. This is important because not only is reducing harm the right thing to do, but also community engagement is dramatically impacted if individuals do not feel safe and secure.

Protecting your people is done by assessing potential threats within your context and community, and following baseline security protocols for your gathering. In addition, usually, the best course of action is to look at the safety and security needs of the most vulnerable in your group. This is because when you cater to the needs of the most vulnerable, everyone’s needs are covered by default.  We also suggest you assume and plan thoughtfully for the worst-case scenarios. This means thinking through different scenarios, so if something does happen, you are prepared to react.

Step Zero: Threat Modeling=

The first step is to create a contextualized threat model based on the people who will be involved, and the particular context of your city/country. This allows you to gather all pertinent information related to your participant’s potential vulnerabilities and risks, and allow you to think through how to mitigate them. Again, starting with the most vulnerable of your group helps tremendously with this, as they probably face a wider set of risks than any other individual in your group. We also encourage you to do this exercise with people you trust, given that collective wisdom helps tremendously here. In addition, inviting a security expert from your community to help with this step, will be greatly helpful.

When working on this threat model, things to consider and think through include:  who you are inviting; Where are they coming from?; Do they live in urban, peri urban or rural contexts?; What is their socio-political status and how does it put them at risk of association?;  Where are they traveling to?; What are specific gender-based challenges they could be facing?; How are they traveling?; The venue you select for your event, is it a place they frequent?; Are you meeting at a space where gatherings are not considered ‘strange’ or suspicious?

By understanding this information, you can make better decisions about things like: 

  • Where to meet or what venue to pick.
  • WHO you are inviting to the event.
  • How to communicate with your participants and/or community members, and what information you are sharing. This includes either online or in-person, and also during different times: before, during and after your event.
  • The type of programming you will be designing, and the format of your event.
  • If and how you will grow the community you are cultivating.

Step One: Secure Communications=

Putting together Coffee & Circumvention monthly events requires multiple points of communication and contact with attendees and other organizers - at the end of the day, community organizing involves a lot of coordination. Here are steps to help you with establishing secure communication channels.

1)  Who are You Inviting?

For each gathering or event, strategically think through who you want to invite, as this will determine what you need to do as an organizer.  For example, an event that ONLY has high-risk activists is handled differently than an event that has a mix of people fracking low to medium risks.

Regardless of the participant's threat level, you want to make sure that you know and trust everyone who will be present. For this, we recommend your event be invite-only, with you curating the invitation list, and also make sure to vet anyone that you invite or is recommended to you. (Vetting just means ensuring that each individual is known and trusted by you or a trusted community member. Establishing a vetting process helps reduce safety risks.)

If you are thinking of growing your community, use your network or existing community members. This is because they can help you bring in people they trust. This type of outreach or growth will yield better and “safer” results than, say , bringing new community members from posting your event on a public platform (like facebook).

2) Where will you Store Personal Information?

Think through your communication processes and where you house personal information about your participants/community members. The best solution is to never store data of any participants anywhere. However, this is impossible, given that as you grow your community, it will be difficult to remember all the people  you want to invite, along with their contact information. More than likely, you will want  to keep a list of your community members (and their contact) and, in some cases, use a communication platform, like a mailing list or messaging app, to easily communicate with your people. Here are some tips and recommendations:

*If you create a list of contacts make sure the document is encrypted. For this, we recommend using something like CryptPad. Minimize the amount of personal information of your participants you store. Usually, a name (or nickname),  along with their preferred contact information (email address, phone number or Wire handle) is more than enough. Avoid adding identifier information or notes, such as who they are, and/or their home address etc.

3) What Platforms are you Using?

Now you must determine how or what technology platforms you will be using to communicate with your participants. Keep in mind that each platform comes with its set of risks, and you must balance this with the preference of community members.

A simple option is to use end-to-end encrypted email communication apps like Signal or Wire. (End-to-end encryption simply means that only the sender and receiver(s) can see messages.) Wire may be preferred because individuals can set up a “handle or name” versus having to use their phone number. In either app, make sure to use the disappearing or self-deleting messages option, especially if you are sharing sensitive information. Important note, Signal is not often the best choice in places where device seizures are common, where phone numbers are used as identifiers.

Here at TCU, we generally do a lot of one-to-one outreach on these platforms, and have had much success. Depending on the size of your community, this can be a lot of work.  This is why it's important to a) grow your community slowly b) enlist others to be part of the organizing team that can help you with this outreach.

If you want to use email, you may want to consider using Protonmail, since this provides end-to-end encrypted email communication. However, this encryption only works if the person you are emailing also has a Protonmail email address. In addition, heavily relying on email opens your folks to potential threats. (For example, you may email someone whose email account was hacked by a nefarious actor).

However, for your particular city, you may have a lot of folks that face minimal threats, and the use of email communication is fine. In this situation, you can have a two setup process - email folks who have a low threat model, and then use encrypted methods to contact vulnerable folk.

In the case you opt to use Wire as your primary communication channel, we suggest creating a group for coordination and announcements, however it should have an option to opt-in and an offering for members who face high risk to be messaged separately if they prefer.

You may also explore the option of sharing a link to a strong password protected cryptpad with key information and announcements about the gathering. The passwords should be shared individually through Wire, set to disappearing messages (this may be a difficult task). Encourage all members to save the password on a secure password manager. You should also change the password frequently and update the members about these changes.

4) A Private Communication Group for Your Organizing Team

We highly encourage you to create a private communication group (Signal or Wire) for your city’s organizing team. See above regarding end-to-end encrypted email communication apps, to understand why we recommend using Wire as a key communication space for the gathering.

5) How to Communicate Safely

When communicating locations and details of the gathering consider,

  1. Using a pseudonym instead of your real name, eg. Art Exhibition versus your real name.
  2. Sharing details of the actual location a few hours before the gathering. For example, let's meet at the Goodman Gallery, or Gallérie Ste Céline.
  3. Make use of Wire as a space to share location information and other details of the gathering.
  4. Consider if you would move locations once participants arrive, and in what manner will such movement occur. E.g. at Goodman Gallery or Gallérie Ste Céline, you may then move locations to a space nearby.

6) Your Online Security

We also recommend you use a trusted VPN across all your devices. This is a crucial step to add a layer of security and privacy to your online activity (since VPNs mask what you do online). They also help you circumvent censorship in your location (for example, if a website is blocked in your country). In a nutshell, VPNs do this by hiding your Internet Protocol Address (which is unique to your device) and securing your digital data by encrypting it. HOWEVER, a VPN is not a magic tool for everything. In addition, be very careful when selecting a VPN, because not all VPN providers have good intentions. TCU can provide you with a free code, please let your Community Lead know.

Step Two: Selecting Secure Locations and Venues

Your venue choice will be influenced by who you are inviting, their various threat levels, and the political context of the location you are organizing within. It is important to center the most vulnerable participants invited.

For example, are you bringing together people who have openly advocated for LGBTQI+ rights within a state that criminalizes LGBTQ expressions?

Would selecting a more tourist-friendly location limit targeting and potential threats? When considering your locations, also center the mode of transportation for each participant, how easily and safely can they get to the space?  Would coordinating with other members safer transportation options than public transportation be possible?

If you are organizing within a location that targets specific activists, and spaces where activists face prosecution, death threats and physical harassment, which locations or forms of gathering will be less suspicious. Are universities, or book shops spaces where gatherings are common? Are these spaces where the gathering is able to happen among other crowds without raised brows or targetting? Are you selecting institutions where workshops or trainings happen frequently?

Similarly, consider the political context. For example, Rwanda limits public gatherings in open spaces such as parks. However, the same gatherings can happen in enclosed spaces that are coffee shops or creative hubs. Depending on the political context, some venues may be targeted by some form of digital surveillance like cameras, recording devices or  spyware.

When organizing in physical spaces, think about the travel journey of participants, including:

  • points of exit and entry of the venue
  • the feasibility of travel to the location
  • Mode of travel  

Designing a Secure Programme

When labeling your programme, make sure that it aligns with the official communication of the pseudonym used. If you are meeting at Goodman gallery or Gallérie Ste Céline, perhaps a programme will involve a gallery walk and a reflection after the walk. Consider using creative names and descriptions, what matters is that your gathering has a clear programme and participants can engage within their capacity.  Creative programme designs will also inspire alternative ways of engaging with the community, in playful, artistic and light ways.

Security of Organizers and Attendees

Ensure that each person attending is following key security protocols, listed below. Share security tips and information with all invited participants, including:

1. Before the gathering, all participants need to ensure that their devices are password protected. Face and fingerprint IDs need to be disabled before attending any meetup in case phones are stolen or confiscated. If using an iphone, disable access to the control center when your phone is locked.

2. Provide tips on how to spot and avoid phishing attacks

3. If possible, participants should turn off their GPS location tracking on their devices or turn on airplane mode. However, this may be more complicated especially when considering the mode of traveling of the participants. If participants are going to an unfamiliar location, they might have to use map services to navigate. You can inform participants that google maps work offline after the navigation data has loaded.

4. Scan locations for cameras, and do not type passwords or unlock devices within the camera view. Locations also include transport, transit and gathering locations.

5. If possible, participants should avoid connecting to public wifi

6. We encourage that photos should not be taken during the gathering. However, if you want to take photos to document the moment, take photos without unlocking one’s phone, and before sharing, scrap the metadata by screenshotting the image and uploading the screenshotted version.

7. Phones may get lost, stolen and/or confiscated. We encourage that before the gathering, back up the data on your devices, store the information in a secure location.

8. When attending a gathering, encourage participants to cover any identifiable features such as tattoos, piercings if possible. Note, participants should dress accordingly to where you communicated that you are meeting (For example, if you let them know you are going to an Art gallery, they should dress appropriately for that)

9. Even when your gathering is invite-only, you have to make sure that everyone that shows up is either known by you or by a trusted community member. For example, if someone shows up that you did NOT invite, it's important to find out who they are and how they got there. They could be someone’s partner, or they could be someone with bad intentions. Don’t be scared to directly ask questions. Most people will not react negatively, given that they know you are doing this for safety and security reasons. If people do react negatively, that may be a red flag to you that something is wrong.

Designing Safe Engagements

Security and safety also mean that participants do not feel threatened while engaging with others. This is why it's important to create Engagement Guidelines, that you can co-design with your community members and/or the organizing team. These guidelines help participants understand

1. How people should engage with each other (Rules of engagement)

2. The type of culture you are creating collectively together

3. Behaviors to be avoided.

Below are some tips, and you can also check out TCU’s Cultural Guidelines, Security Policy and Code of Conduct.

Questions or areas that you may want to consider addressing with your community or organizing team:

- Do participants want to avoid being photographed, or quoted while at the event?

- Do you want to discourage the use of social media about the event itself and what is discussed?

- Do participants want to use neutral pronouns and language? Note: It is advised that you do not force people into disclosing their gendered and sexual identities, as this can create unease and a somewhat hostile space. This, for example, can be put into your Engagement Guidelines.

In addition, safe and collaborative environments always include a Code of Conduct (COC) also known as Code of Practice, which includes a list of harmful behaviors or actions that will not be tolerated, and will result in expulsion from the event. We recommend that you start off using an existing COC, such as TCU’s  and then update it with your community and/or organizing team.

A Code of Conduct must also be backed by a process. This includes having a group of team members that can receive reports of harmful actions, making decisions of what the consequences will be (for example, if someone says a racist statement are you banning this person or giving them a warning), implementing the decisions, and also ensuring that the “victim” of a bad action is supported.   However, note that it is not easy to implement a Code of Conduct - it takes time to both build the team and process.

Create a dynamic space: listening, use storytelling, and co-design a guideline with the participants to ensure that your manual is frequently updated to fit the evolving needs of the community.

Have an incident response plan

An incident response plan is an essential component of any group's safety strategy. It is usually a set of tools, procedures, or processes that your team can use to identify, eliminate, and recover from safety threats or emergencies. It is designed to help your team respond quickly and uniformly. Having a plan at least outlined or resources identified can help reduce damage, minimize downtime, protect your team's reputation, and improve preparedness in the future.

You do not need to be organizing in a risky or dangerous context to have an incident response plan. Even if you are organizing in a safe(r) environment, an incident response plan can help you address incidents like climate/environment emergencies; medical emergencies; external incidents (protests, crackdowns, etc). In short, this is the plan to fall back on when a crisis or an unanticipated incident occurs.

Adapted from the cybersecurity framework of incident response planning, in an organizing context, a team should think of these phases:

Preparation

This phase can encompass your planning and organizing time of the event, included in the steps above. Identify who among your team members should be involved when an incident occurs. This can include incident responders, technical team members, decision makers, or partner/support organizations. Document these roles and responsibilities so that the team knows who to notify or will act as decision makers. It is helpful to establish communication protocols for when an incident occurs: include how and when to communicate with participants, law enforcement, and other third parties. If time permits, develop drills or possible scenarios that could occur. You can practice your plan on scenarios that have been identified during your risk assessment prior to the planning of the event

  • Key questions to address:
    • Has everyone been trained and made aware of security policies?
    • Does the incident response team know their roles and the required notifications to make?
    • Have all incident team members participated in drills or exercises to address potential crises?
    • Has your team made collaborations or contact with the necessary rapid response or crisis support organizations
Identification

When an incident is discovered, it is important to determine the severity of the breach to help prioritize the proportionate response. Collect additional evidence, decide on the severity of the incident, and document the “Who, What, Where, Why, and How”. Evidence can take the form of screenshots, interviews, digital evidence, community alerts

  • Key questions to address:
    • When did the incident happen?
    • How was it discovered? Who discovered it?
    • Does the incident impact the operations, your event at-large, or specific participants?
    • Have any other areas been impacted?
    • What is the scope of the incident?

If the incident involves a code of conduct violation, then the team would follow those protocols. If the incident will have a larger impact on the event and participants, proceed to the next phase.

  • Containment: Once the incident is identified, the natural instinct can be to delete everything or get rid of the breach. This could hurt in the long run, since you’ll be destroying valuable evidence that you need to determine where the breach started and devise a plan to prevent it from happening again. If the incident is technical in nature (a hack, data breach, misinformation being spread online, etc) contain the incident so it does not spread and cause further damage. Disconnect affected devices from the internet or suspend accounts that have access to data. Have regular backups in place, to make sure that data is not lost. Have short-term and long-term containment strategies ready. If the incident is physical in nature (disruptive participant, medical emergency, etc), plan to have a safe physical space that can be used to isolate the participant.
  • Eradication / removal: Once you have contained the issue, you may need to remove the root cause. If the incident is technical in nature, this could mean removal of malware/virus or affected systems are patched or hardened. When it is a physical incident, removal may include relocating participants to temporary safe locations or spaces, and identifying the ways to mitigate the threat towards sustainable solutions.
  • Recovery: This is the process of restoring and returning affected systems and devices back into normal operating procedures. At this stage, you can make the decision to communicate widely or to targeted audiences about your incident. The choice to communicate or disclose details should depend on your context and nature of the incident.
  • Key questions to address:
    • When can systems be returned to production?
    • Have systems been patched, hardened and tested?
    • Can the system be restored from a trusted back-up?
    • How long will the affected systems be monitored and what will you look for when monitoring?
    • What tools will ensure similar incidents will not reoccur?
  • Lessons learned: Once the incident is resolved, hold an after-action meeting with all incident response team members, discuss what you’ve learned. Be sure to analyze and document everything about the incident. Determine what worked well in your response plan, where the response team was effective, and areas that require improvement. This will help the team develop more creative and accurate approaches to incident handling. Do not delay this step, as details or information are often forgotten if this portion of an incident response plan is skipped or not prioritized. Sometimes an incident can be connected to a series of attacks other groups of people should be warned about, so outreach and networking with partners are often needed at this stage in order to spread public alerts describing this kind of incident. Be mindful of the emotional or psychological impact of the incident on the team or participants. If further processing or interventions are needed, seek psychosocial care.
  • Key questions to address:
    • What changes need to be made to the security/safety plan?
    • How should team members be trained differently?
    • What weakness did the breach/incident exploit?
    • How will you ensure a similar incident does not happen again?

Resources: here

Finally, Learn from local organizers, how do they safely create formal and informal gatherings within your context?

— — — — — — — — — — — —


Digital Safety Resources

Personal Security: Guides and Trainings
Rapid-response helplines (in case of digital security emergencies or incidents)
Community Tools
Grants

Subscribe to Team CommUNITY's digital rights newsletter for weekly emails where we list open grants and funding opportunities. However, some worth mentioning: