Despite the importance of digital security and privacy for Human Rights Defenders in carrying out their work, the development of effective digital security strategies still present a numerous challenge. Human Rights Defenders have to contend with an ever shifting landscape of technologies and threats, limited understanding of behavioral factors and the lack of customization for a number of the tools, among others.
On Wednesday 29th November 2017, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) in partnership with Outbox held a one-day clinic at Outbox seeking to build the digital rights knowledge as well as digital security and safety capacity of human rights defenders, media, vulnerable women organisations in five African countries — Burundi, Ethiopia, South Sudan, Tanzania and Rwanda through digital security workshops.
The one day event was attended by up to 47 participants; Software Developers, Human Rights Defenders and media practitioners with facilitators from ISACA Uganda and Defend Defenders.
The event was opened by Juliet Nanfuka from CIPESA giving an overview of the clinics, followed by Miss Immaculate Nabwire from Defend Defenders presented on the interplay between Digital Security and Human rights.
Topics covered during the training include the following;
- Policies, identities and harm mitigation in use of social media with focus on safe practices and behaviors when using social media apps.
- Protecting data, looking at basic data backup practices, and how to create and manage multiple strong passwords.
- Safer Browsing — Anonymity and Circumvention, exploring safer browsing practices, and how to remain anonymous online, and circumvention for accessing blocked or censored content
- Malware protection, looking at how to protect devices and data from malware. What practices can be adopted to lessen exposure to them
To build a sustained uptake of digital security and privacy practices, follow-up clinics were conducted in 4 days, 7th, 8th, 11th and 12th December 2017, for 2 hours each day. The tools that were chosen for the follow up sessions were based on the feedback of participants from the one day clinic.
Safer Browsing Anonymity and Circumvention tools; The Tor Browser, The DuckDuckGo Search Engine, Opera Free VPN
Malware Protection tools; Free Antivirus for Computer & Mobile; Avast & Sophos, Quad 9 DNS
Encryption tools; Veracrypt
Password Management tool; KeePass
Other components covered include the following;
1) Risk Register
- Creating a workable risk register.
- Creating a compliance schedule; Creating Global security Documents, Security Override documents.
2) Incident management
- Incident management and how to do the Root cause Analysis using the 5 whys.