Thank you Jane and Edna for opening this question. My perceptions below might be implicit in your comments.
For some (A), there is no definition of hrd but a definition of the activities and for others (B), a definition of hrd activities is not a 'non definition of hrd'.
A) will avoid legiferation on hrd protection arguing that:
to pass a law on something one needs to know what it is.
B)would probably not bother about that just as Brazil has done by adopting a decree on hrd that basically copies and pastes the UN definition (activities that define a hrd): Decreto Nº 6.044, de 12 de febrero de 2007 (it's a link).
In both cases it is a question of political will.
If a (C)exist, it could be somewhere where human rights are not seen as accessories.
Any way, if the UN declaration is implemented litterally then a hrd is a hrd the length of an activity.
What about other simultaneous activities? or before or after that one? and coherence? Plus the many other perspectives of which some have been mentioned by you both: hrd who are not aware of it and a partial hrd is not a hrd.
(I'd add: some victims also can be unaware of being victims).
The difficulty is to talk about all hypothesis if the criteria of the UN Declaration on hrd are not enough to draw conclusions about such and such cases. (I refer to the declaration as it is 'universal').
One way out could be to take one example.

Somehow the UN declaration makes it accessible to a wider range of people to be/become/cease to be hrd. It speaks of rights/duties/actions etc. and attitude to carry them out (without violence which for me is slightly different than peaceful, but it might be a question of language) and less of 'status/identity'.
At the end of the day it sounds close to the concept of 'who we are matters less than what we do with who we are'...the actions define the hrd.

From the protection point of view, the Un declaration defines well who does what (who is who): primary, duty-bearer and key stakeholders.
From the security/protection point of view, it's fundamental.

I mostly meet hrd who know they are hrd (some simply because they have a sense of who they are or they have become aware because they are part of hrd networks etc) and are part of the wider civil society with its many shades.
They are not necessarily aware of the existence of texts and mechanisms (this is another item of this dialogue more related to advocacy/protection)

Marie

Hi Todd,

Thanks for sharing this inspiring and creative work!  Learning about each others' work and growing our global community of HRDs through this dialogue is an important element in increasing our security. I am grateful to add each of you and your organizations to my list of allies and resources!

I really like this definition for a WHRD, and by extension the application of #s 3, 4, and 5 to all Human Rights Defenders. I hadn’t thought of it before reading these definitions, but characteristic #4 seems particularly relevant to this discussion about security. I believe that in many ways what defines us as HRDs is our willingness to take on risk.

Human Rights work assumes an environment where Human Rights are not respected. Anyone working to change this environment - often opposing powerful, entrenched interests - takes on some risk. We can work to minimize risk by implementing strong security practices, but risk is inherent in the work. And importantly, HRDs are willing to take on risk, to give up a little of their personal security, because they know that the end they are working for will justify the personal risk they assume.

Greetings to all,

This dialogue has been so helpful and rich, thank you to everyone. I really appreciate the discussion on who is a human rights defender, because it has very practical implications in our work. If you are 'recognized' as a human rights defender, you have increased access to protection. You, and your work, are visible. And valued. If you are not, then you have less access, visibility and voice. 

So, in reflecting on our dialogue around this, it seems to me that we are facing two key issues.

The first, is that there are many activists, journalists, violence survivors, survivors of discrimination (LGBTIQQ people for example), artists, academics, etc. who are fighting for human rights and don’t know that they are entitled to protection -- because they may not identify as human rights defenders themselves, or because others would not recognize them as human rights defenders.

Secondly, as Marie points out, there are many human rights defenders who do recognize their work as human rights defense:

‘I mostly meet hrd who know they are hrd (some simply because they have a sense of who they are or they have become aware because they are part of hrd networks etc) and are part of the wider civil society with its many shades.’

However, even when human rights defenders know this is a title they can claim, they don’t know that this category gives them access to protection, and what forms of protection they are entitled to, as Marie elaborates:

‘They are not necessarily aware of the existence of texts and mechanisms (this is another item of this dialogue more related to advocacy/protection)’

I suggest, as a step forward from this dialogue, that we do the following to ensure a much broader and deeper protection framework for hrds:

1. Help elaborate the principles and characteristics that define a human rights defender (see some of the points suggested below). Critically, this should be a process where human rights defenders define themselves. The UN Declaration is broad enough that we can positively say that these are people who must be included within it. This can be developed within key coalitions who would take it on, and supported by the UN Special Rapporteur on Human Rights Defenders.
2. Ensure that all people who defend human rights know that they are entitled to the title of human rights defender and that they there is a protection framework that is mandated to support them.
3. Engage human rights grantmakers in this process.
4. Tackle some of the hard issues of defenders who are excluded from the ‘human rights defenders’ world, discuss what ‘non-violence’ really means.

 I thought it might be helpful to recap some of the points raised in the dialogue for our review, specifically:

1. Key principles and characteristics of human rights defenders
2. That all people defending human rights must be recognized as human rights defenders
3. Points of discussion and elaboration

a) Key Principles

Edna referred to three minimum standards identified in the Declaration as follows: 

1. Acceptance of the universality of human rights: Human rights defenders must accept the universality of human rights as defined in the Universal Declaration of Human Rights. [3] A person cannot deny some human rights and yet claim to be a human rights defender because he or she is an advocate for others. For example, it would not be acceptable to defend the human rights of men but to deny that women have equal rights.
2. Human rights defenders must be defined and accepted according to the rights they are defending and according to their own right to do so. Whether or not they are legally correct is not relevant in determining whether they are genuine human rights defenders. The key issue is whether or not their concerns fall within the scope of human rights.
3. Peaceful action i. e  actions taken by human rights defenders must be peaceful in order to comply with the Declaration on human rights defenders. (Marie noted correctly that there is a difference between the concept of ‘non-violence’ and ‘peaceful action’, and this is significant on the spectrum of both who is a human rights defender, and also, what measures are appropriate to protect human rights defenders.)

Ali offered some very practical points primarily around human rights defenders’ activities (what they do) and approaches (how) -- as well as raising a core concept -- that there is no academic or professional requirement to ‘become‘ an hrd:  

• HRD is an individual who promotes and protects human rights.
• Neither preaches nor supports violence
• Expose corruption of state actors
• Reports and documents human rights violations
• Doesn’t have personal and political agenda
• Reports and document human rights violations
• Support government in protection of victims and their families and raise voice for remedies for them
• Does constructive criticism on government policies, plan and legislation
• Respects GOOD laws and oppose bad laws
• No particular academic qualification or degree is required for being HRD. Any individual who is lawyer, doctor, teacher, businessman and journalist who promote and protects human rights can be hrd  
• Support government in making pro human rights policies, strategies and plans.

Jacqueline raised some key characteristics of a WHRD that emerged from the Mesoamerica meeting.

“Drawing from our experience, these are the characteristics of a WHRD: This definition cannot limit itself by closing itself off to the enormous diversity in the identity and the struggles of WHRDs. Nevertheless, we believe that the following characteristics must be taken into account by every WHRD:

1. Consciousness of the oppressions that we are subject to as women...;
2. An ongoing commitment to advancing women’s struggles...;
3. Fighting for the transformation of society in all spheres, from the personal to the public to the political, and including civil society...;
4. Consciousness that we are living at risk due to our work...;
5. Defending human rights is not a profession...; and
6. We do not all identify as feminists....

 b) Ensuring that all people who defend human rights are recognized as human rights defenders.

Todd and Sarah talked about human rights defenders who are not traditionally recognized as such, those who use art/creativity/expression:

Todd: These folks are sometimes artists and sometimes community organizers ... typically they wear many hats and it is hard to fit them into one vocational category. The danger can be just as severe as that experienced by other HRDs, but is often experienced in isolation.

Sarah: Academics (professors, public intellectuals, writers, scientists, and sometimes artists) who, by the nature of their academic work are threatened by state and non-state actors seeking to silence dissent. The practice of their trade in free thinking and new ideas -- assuming a natural right to academic freedom -- puts them in harms way 

Shaun and Saira also raised a critical issue in defining who is a human rights defender and understanding the complexities of security from the perspective of LGBTIQQ defenders. Shaun in particular also elaborated the issues around defenders who are facing multiple discriminations.

 c) Key Issues for discussion

Edna’s point about self-identification is extremely important -- she asks us to ‘recognize the interchangeability of 'human rights defender' and ‘human rights activist' and to honor how individuals and groups working for human rights  would prefer to identify themselves.’

Marie brought up a key point about a literal interpretation of the UN Declaration, which could cause us to limit the definition of a human rights defender to the time in which they are perceived as active in human rights defense. She asks: What about other simultaneous activities? or before or after that one? and coherence? Plus the many other perspectives of which some have been mentioned by you both: hrd who are not aware of it and a partial hrd is not a hrd.

Jacquelyn also commented on the idea that human rights is not a profession, saying: ‘Personally, I am particularly interested in knowing how other practitioners respond to #5, as it generated some dissonance with my own definition of an HRD.  The report elaborated on this idea as follows: “Defending human rights is not a profession. It is not an office job carried out from 9AM to 5PM.  The defense of human rights is fed/nourished by problems from everywhere, from the street, from the neighborhoods, from everyday work and from contact with other people.”

Saira further questioned the binary of separating and supporting different genders of defenders -- how do groups who support ‘women’ human rights defenders expand in their understanding of who is a ‘woman’ in a world where we understand that there are many different gender expressions than simply ‘male’ and ‘female’ -- there are gay male defenders, transgender defenders, intersex defenders, and many defenders who choose not to identify according to gender at all. Are we excluding them?

I have many thoughts on all of these questions, but for now, will simply include them here as a recap. My apologies if this doesn’t properly represent everyone’s views, it is just my take on them at the moment.

Greetings,

For me, its not possible to separate the defense of human rights and vigilance about safety/security of the human rights defender.  A silenced human rights defender (whether its through death, kidnapping, loss of visa, etc.) can no longer defend human rights.  In my work with Christian Peacemaker Teams (accompanying communities/organizations at risk of violence due to the armed conflict) we were very diligant about our personal safety because our ability to bring attention to the threats our Colombian partners were receiving, depended on staying safe ourselves. That does not mean the work does not require risks and acceptance of the possibility of death or kidnapping, but we did not see time spent on strategizing to minimize those risks as a waste of time.  I look forward to our mutual learning about how to increase our security in the discussion thread on that topic!

Michele Braley

Dear Marie, 

Thanks so much for your thoughts on this. We have indeed spoken with hundreds of human rights defenders around the world about this question, and it is an integral and essential (rather than existential) part of the integrated security workshops that we've been running over the past years. Some of these conversations are reflected in What's the Point of Revolution if we Can't Dance? , Insiste, Persiste, Resiste, Existe: Women Human Rights Defenders Security Strategies and Integrated Security -- The Manual (forthcoming 2010).

The key to thinking about security/safety and well-being is first recognizing that we are as valuable as human beings as the human rights work -- and as the people we are fighting for. So that at its core, we see our security/safety/well-being as vital (and this equally and intrinsically applies to our IT/communications security). The simple message is that it is worth the 'effort' to be safe and well.

The second message -- and this was raised in our earlier conversation -- is that it is also possible to be safe and well. That every human rights defender is already doing so many things naturally to protect others (and themselves) -- many of the best strategies are within us, but just aren't recognized as strategies yet.

In our workshops, we spend a lot of time sharing those strategies among human rights defenders -- giving them space to share with, and learn from, each other. 

So I completely agree with your point that: 

the security of hrd has got several entry points: the risk to get to speak about the psychological and motivation dimension or the latter to get to speak about security. And many other entry points.

The simplest tactics for training on security/safety/well-being involve:

• Finding the right entry points (as you mention) -- because the important thing is that we begin the conversations -- and weaving security/safety/well-being into all of our work
• Giving human rights defenders the safe space, and time, that they need to discuss their concerns about their work and their lives (removing the idea that some things are 'private' and 'public', therefore we should only speak about 'public' threats/challenges)
• Supporting human rights defenders to share strategies among themselves and hear strategies from others around the world
• And then introducing specific tools that they can use and adapt -- not strict protocols, policies or plans, but ideas that help them create their own flexible prevention and response strategies

Dear Sarah,

Personnally, I think it does although it might appear as superfluous given that, often, in the common language, the same acception is attributed to both of them.

Words mean and evoke things, ideas.

The interpretation you mention is interesting. I personnally associate safe with status and secure with action: security providing (more probability of) safety (result).

Thanks for your question as in fact I had just decided to skip talking about safety vs security on the assumption that we were talking of security although using the word safety. Thanks.

Marie

Hi Sarah:

I think it's more than just semantics.  I think the terminology 'security' has increasingly become part of our everyday language especially since after 11/09.  In the Philippines - we tend to associate  'security' with the State counter-insurgency policy that extends to curtailment or restrictions of basic rights and freedoms of activists.  We use 'safety' when referring to securing, protecting, ourselves as activists and those close to us; and also pre-empting the foreseeable dangers that are likely to come and underscoring that all these are temporary measures.   There are reservations, too,  amongst some activists - not only in the Philippines - with the word 'security' - also because of their view that they can never be secure in a very insecure environment which they have no control over.   And finally - there is the question of translation.  In our language - 'safety' has a direct translation while 'security' doesn't have.  This ilustrates that indeed there are nuances  and difference around the terminologies that we use and adopt as part of our global language and those of activists on the ground due to the latter's context -specific realities. it's always important to clarify, describe what we meant, negotiate, adjust and finally agree on what is the most appropriate terminology without losing the essence of what we meant. 

Greetings! 

Thank you all for raising this important question: the difference between the terms 'safety' and 'security.'  I agree with Edna that it really depends on contexts and language/translation.  There are many places (Kurdish cities in Turkey, Palestine, the Philippines, to name only a few) that are so militarised and repressive against activists that the thought to consider one's own security seems almost irrelevant.  We see this regularly in grant requests when a WHRD is facing serious threats and will request funds for an awareness raising campaign for instance, and not for immediate measures for her own security. 

My question in these cases is, when physical (not to mention emotional, financial, or otherwise) security is seemingly so unattainable that it's not even considered, would there be any distinction between the terms and/or concepts of 'security' vs. 'safety?'  Or does it again depend on language and context.  I believe that may well be the case but I'm not totally sure.  This will indeed require some further thinking on my part...

In terms of languages, contexts, and translations, the situation Edna describes in the Philippines is similar to that in some parts of the Arab world.  In Arabic for instance, the term for security is rather clear and often always associated with the state or state apparatus.  However, there are different words for safety (one is the same as the word for security) that are used more for the individual state of being.  One term for safety (salaama/salaameh), has at its root, the word for peace and also means integrity.  I will stop here because if I launch into a discussion on Arabic etymology it may never end.

Lastly, the term 'security' can also set off some red flags within the philanthropic community in the US.  Particularly post 9-11 with all of the so-called counter-'terrorism' measures that are increasingly posing obstacles to the funding world.  Our colleagues at another US fund that is much larger than ours, have strongly advised us to specifically abstain from using the word 'security' when discussing grants via email that are in our Protection and Security category because it may well be flagged by authorities.  Which authorities?  I do not know for certain but could guess.  They have requested us to use 'safety' instead.  I note that they are a much larger fund than UAF because one would think there is less scrutiny on such large funds with their teams of expert lawyers but apparently not.

Thank you all for the thought provoking posts.

Until tomorrow

Peace

Saira

To me: Safety means protection against something and security protection against someone..............safety is protection against  fire, electric shock etc which is result of an accident and there is no conscious effort behind it ...it happens due to a mistake or negligence….. Security is protection against someone/person's or an organization's action which deliberately try to harm defender to achieve an objective....

Quoting Edna : “Thinking of one's own safety or security before that of others can therefore easily become a source of guilt or mental baggage to many activists or HRDs coming from that similar milieu I just described”

Apart from the many other assumptions on which the ‘guilt feelings’ might be based on, there might be also the one of having to choose between the ‘others’ and oneself as if the security of both was not interrelated and there were no choices possible that contemplated the security of hrd as also the security of the groups they are working with. An increased security of hrd means also an increased seurity of the groups. If a hrd is hit individuals and group are hit too and viceversa.

Marie

Thank you all for your comments on Kyrgyzstan.  We've been helping a scholar there who has committed his academic life to human rights law and working across ethnic divides.  As an ethnic Uzbek, he can no longer go safely to his university and is barricaded in his home with his family, leaving only for the sparse basic necessities now available in his city.  Our program is offering assistance to get him to a university outside of his country for a year, in hopes things calm enough for his return.  In the meantime, he is stifled and his voice is not being heard.  He says he would take more security risks, but he has family to provide for and to worry about.  This brings home the difficult choices human rights defenders have to make in bringing their work home or bringing their home to work. 

Meanwhile, we (www.scholarrescuefund.org) are monitoring the situation as closely as possible from afar.   Jane, thank you for your list of organizations to connect to. The International Crisis Group, HRW and Amnesty have had their usual good coverage and continue to impress upon the international community that the next flare up may be imminent, and may be much worse.  It seems that international intervention is absolutely necessary.  Until then, how much longer can people remain prisoners in their own homes?

Sarah

Connecting human rights defenders to embassies in their countries has been brought up a few times in this dialogue (such as the quote below from Jane) and it piqued my interest.

I read the Front Line Handbook titled 'What Protection Can EU and Norwegian Diplomatic Missions Offer?' and found it very helpful with great suggestions on all the different ways that defenders can strengthen their relationships with this diplomatic missions.  Here is the checklist of 'overall pointers' that the Handbook offers at the end of the document:

• Provide complete, credible, detailed, and up-to-date information about your case. Diplomats will only want to take action on your case if they feel they have adequate information.
• Be professional and impartial in your work. Diplomats will more easily take action, especially if it is public action, on behalf of a HRD who enjoys a reputation of integrity and whose work is respected.
• Make yourself and your work known to the diplomatic community. While their policies require that diplomats be proactive in contacting HRDs, they will not always be so.
• Have contact information of the staff of diplomatic missions (mobile phone numbers, etc.) with you at all times; provide your contact information to diplomats.
• Collaborate with international human rights organisations in relation to your work and your own situation. Diplomats are more likely to take action in relation to issues and cases that the international human rights organisations bring to their attention. Give a personal reference of an international organisation you work with.
• Engage ambassadors and foreign ministries. Make efforts to ensure that decisions on whether to take action in relation to your case are not left only to less senior staff at embassies. However, be wise in your approach – write a letter giving a clear and accurate account of your situation and ask for a meeting. Then follow up with a phone call.
• Know the UN Declaration on Human Rights Defenders and refer to it when reporting on your situation or the situation of local HRDs.
• Understand the structures and processes (such as political dialogue) of the EU and Norway so that you know how and when you should lobby for attention for your situation or the situation of local HRDs.

Now, I am curious to know more about how defenders can utilize the Special Rapporteur on the situation of Human Rights Defenders - any Handbooks on this out there?

Many of the participants have already made references to Protection mechanisms and I would like to just mention that in the Library of PI, www.protectionline.org, under PI publications, there is the following manual that I hope can add to the tools at hrds’ disposal:

Protection of human rights defenders: Best practices and lessons learnt
Volume I: legislation, national policies and defenders’ units.

Where legislation and national policies have been developped for the hrd defenders (mostly in some countries of Latin and Central America), the rate of violations against hrd has not necessarily decreased.
The manual also illustrates some non governmental initiatives by hrds' units. Hrds'units are set up by the civil societies. Their sole mission is the protection of hrds. For example, in Guatemala: Udefegua; in Colombia: Somos defensores; in Uganda: EHAHRDP.

Hi Ali,

Your point on raising the visibility of women hrds through public recognition is important.  While we discuss the importance of security measures that help to shield the identities of hrds who could be harmed for their work, we should remember that the press, advocacy campaigns and other high visibility mechanisms are yet other means to protection.  Each case is unique of course and the choice to "go public" is complicated and must be weighed with all potential repercussions. But as your examples illustrate, it can be effective and a shield in itself.

Sarah

I believe that open source philosophy and "hiding in plain sight" are the only way to go in disseminating security tools and associated knowledge. If "keeping tools secret" from the "other side" is your primary protection against compromise, that's a weak boundary to say the least.

Trying to be secretive about security tools is a distraction in my opinion. While there is no need to overshare or save your adversaries time by telegraphing unnecessary details, "They" know all about the tools in play and/or can pay others who do. Good security tools and platforms (TOR, Public Key Encryption, OTR, Linux) can stand the scrutiny and it makes them better.

That is distinct from being secretive about tactics, strategy and senstive knowledge and data; that's the stuff you want to keep off radar using the free and open security tools. Verification strategies fall into the category of things to be circumspect about.

But tools and protocols? The way you stay one step ahead is to follow best practices with proven tools and platforms, and show others how to do the same. Hide in plain sight!

Thanks Ali for sharing Patrick Meiers guide. Links are very useful. In internet communication and browsing, softwares and secure emailings improves security.  Not only this, these systems gives sense of security.

In contexts, where i have worked or working hushmail emailing and true crypt are well tested and reliable. Will definitely check others.

I always stress on seriousness and responsible attitude  towards security. In one communication loop if one member at the sending/receiving end doesn't follow the security rules and protocols can expose the whole group  even if rest of the group members are taking security very seriously and strictly following security protocoals. 

Great list! Thanks to everyone for sharing and pointing to specific resources. I already knew of some of these, but not all. This is quite useful. I've been researching software tools specifically for use in the human rights and NGO fields, and summarized some of results already (with apologies for the self plug). Obviously there's some debate about the efficacy and value of each, but there's no doubting the need for these kinds of tools.

I've been following this entire conversation with interest. Keep it up!

Greetings to Wojtek, Nils and Gunner!

I'm glad that Wojtek took a biG chunk out of important issues surring secure VOIP - It's a tough topic to address quickly, and requires both a high level and a low-level view of all the pieces, parts and participants in a relatively secure VOIP converstation.

Here are a couple of additional possibilities to consider, although they're not all neccessarily viable options for some:

1. The simplest (but not cheap!) way to get easy and relatively secure VOIP and/or video conferencing is to get two cheap(er) mac laptops and install the ZFone point-to-point plugin http://en.wikipedia.org/wiki/Zfone for encrypting VOIP clients that adhere to the SIP standard http://zfoneproject.com/prod_zfone.html.
2. A cheaper approach would be to use GTalk with ZFone
3. Or you could use Skype and take your chances.

While none of the possible solutions is optimal and/or completely free, each has its pros and cons:

1. Mac laptops aren't cheap (~$1,000?), and you're implicitly trusting Apple's proprietary VOIP client to do the right thing with your voice data.  The one huge advantage it does have however is that it's trivially easy to set everything up.
2. Using GTalk with ZFone is free, but you're also trusing Google's proprietary client to do the right thing with your voice data.
3. Skype is secure (in theory), but it's not been audited, and they have proven themselves to be to not be trustworthy by helping the Chinese government to censor conversations about Falun Gong http://blog.valeso.org/2008/10/06/skype-messages-monitored-in-china/

The one bit of good news here is that ZFone addresses all kinds of esoteric VOIP security problems and weaknesses, and is the brainchild of Phil Zimmermann http://en.wikipedia.org/wiki/Phil_Zimmermann . On top of that, it's incredibly elegant in the way it works and is extremely intuitive and easy to use with confidence.

So, with a bit of time, patience and luck, you may end up finding an Open Soure VOIP client that's compatible with ZFone and works on the operating system of your choice.  We're not asking for too much here, are we ;-)

Rick

Hi Kristin,

I have been using VaultletMail (which is a part of the "VaultletSuite 2 Go") on a daily basis for the last 5 years to protect both my personal and professional communications. I also use it as my main email system because I couldn't find what I wanted so I created it.  And I continue to improve and update the software on a daily basis.  So you could say that I'm intimately familiar and comfortable with how it's been designed and implemented :-)

What do I like about VaultletMail?  It's inherently multi-lingual, is built on an Open Source stack and runs on many, if not most, flavors of Windows, OS X and Linux.  It is easy to learn, adopt and use on a daily basis for non-technologists and is free for use by HRDs, activists, members of NGOs, journalists and academic institutions.  

It's also included and documented in the Security in a Box project (http://security.ngoinabox.org/en/vaultletsuite_main) and presents itself to its users in English, Spanish, Russian and French.  There is also exists the possibility and interest in having the interface translated into a number of other languages useful to HRDs in the near future.

Full disclosure: While the source code is owned by my company, VaultletSoft, it does come with a "source code for peer review license" similar to the one used by PGP.  The VaultletSuite 2 Go service is also hosted in the U.S.  I mention this because I have decided to release a completely free and Open Source version in late 2010 that NGOs and others can build and host for free in the jurisdiction of their choice. 

The Open Source version of the VaultletSuite 2 Go is currently called "Project Autonomy" whose goals and statement of purpose can be found here: http://www.valeso.org/ . If you are interested in collaborating on with me on "Project Autonomy", please let me know, there's plenty of room for all kinds of skills, interests and contributors.

So that's what I use - You are free to do so also: https://www.vaultletsoft.com/start/downloads.html

Rick

hi Kristin, nice question :-)

from my point of view there are few factors to consider when you make a decision which email server you should use:

• secure connection: does email server offers secure connection (for web-mail: https; and for email client: SSL or TLS enhanced versions of standard protocols like POP3, IMAP & SMPT). and secure connection should be use for all communication with the server, not only for login in.
• location of the server: which jurisdiction it falls under? and what relevance does it have to the work of the user.  authorities local to the server may always put pressure on the server owners to reveal the information that is on it or is communicated through it.
• trust in administrators and owners of the server: both in the more abstract sense of "do you share the same  values" but also in their technical abilities to protect the server against "hacking in". and of course one need to look carefully in the history of the practices of handling the information by the owners of the server.
• needle in a haystack effect: sometimes you may consider a great server located in the good environment but you will be the only person who will use it from your country/community. sometimes it makes sense to blend in the crowd. of course without compromising above elements.

in 'security in a box' we recommend two excellent servers who's developers we know personally and trust relationship easier. both of them are located in US which may be ok for some people and completely not ok for others. both of them offers secure connection and both of the are not very widely used by majority of internet users:

www.riseup.net - if you are looking for the substitute with a server that is used by many people mail.google.com would be good choice now. i do not want to get into discussion "should we trust google". but seeing it from the point of view of blending in the crowd and with taking additional precautions (see below) this is a good choice now.

www.vaultletsoft.com - Rick wrote about it. basically it offers another layer of encryption. sort of encryption trick that you encrypt your email before it is being send from your computer. and only person who can decrypt it is the recipient of the message.
if you are looking for substitute to this option i suggest using gmail with GPG/PGP encryption software (for example Thunderbird + Enigmail + GPG). it is not super easy but offers very strong protection of the content of communication. again, by using this option one may put him/her self into risk because usage of those tools may be considered as a manifestation of bad intentions by local authorities.

there are also many other servers but to make it simple i will stop here with the listing of the servers.

than there you need to be sure that all the way to recipient your email is secure. you can protect your side. you can learn about tools, good practices, etc. but how about the recipient side of your email communication? you need to make sure that recipient understands this as well. you need to somehow almost educate the recipient. point to the right tools and practices. this is not easy.

let me add some general tips on the end of this already long message to inspire thinking on how to increase the security of the email communication:

• wipe traces of work on the computer
• use good password skills
• use circumvention tools
• maybe choose anonymous login name
• analyse what you write, develop code system
• never reply to, forward or even open spam and spoofing email
• use several email accounts. e.g. for private communication and for signing up to Internet services
• use BCC field when sending to a group of addresses
• and of course make sure you have no spy ware and there is nobody snooping over the shoulder :-)

Wojtek Bogusz
Information Security; Front Line - The International Foundation for the Protection of Human Rights Defenders; www.frontlinedefenders.org

We know that as human rights defenders, we must be very careful about how we use social media and our mobile phones. Facebook, Twitter, and using mobile phones can compromise the safety of defender.  However, in certain circumstances, they can be that critical link to share information to an organized network.  Chris Mishek, in a post titled Egyptian activists’ use of mobile phones to alert their networks of harassment or arrest by police, wrote about several examples of how Egyptian activists have used Twitter, Facebook and mobile phones to protect defenders:

In New York City, a project called Holla Back was created to collect video and information on street harrassment via mobile phone. I'm not exactly sure how this would fit into a security strategy, but I thought it sounded like an interesting project.

What other ways can the use of mobile phones and organized networks protect defenders?  Or, are these tactics too dangerous?

Hi Edna - great question!  Yes, there are many great security tools that are "free" for anyone to use that are great resources for human rights defenders.  These tools may not cost any money to purchase, but I put "free" in quotations because of course it still takes the time and energy of someone to research, choose, install and configure these tools. Also, many of these tools are not "free" to develop so it is always good to donate money to the development of these tools as much as we can.  Lastly, in my attempt to list some helpful tools to look at, I want to emphasize Gunner's comment above that "Security is a set of values to be engendered and shared, not a pizza to be delivered." 

Many of the "free" tools are Open Source Software (but not all).  For example, this website is based on the content management system (CMS) called Drupal, which is open source software.  Drupal is free and public.

To find good, "free" security tools, a good place to start looking is on the Security in a Box website (a project by Tactical Tech).  This is a great list of Open Source security tools AND information on how to set it up AND examples of how they can be used.  How great is that?  Here are some examples of the tools listed:

• Rise-Up - secure email service
• Pidgin - secure instant messaging
• KeePass - secure password storage
• TrueCrypt - secure file storage
• Cobian backup
• Tor - anonymity and circumvention

Of course, none of these are completely unbreakable (nothing is), but they can be very useful.  Edna, you also mentioned that often defenders are burdened with having to purchase software for work.  I would recommend that you take a look at Open Office (it is like Microsoft Office, but Open and free).  Today there are more and more free and open versions of popular software.  I hope this is helpful!

I appreciate the great information on technological solutions that Allen (We're all in this together. Like a lifeboat.) Kristin (Some security tools for HRDs with min cost) and Ali (Secure Communication) have been sharing.  I'll definitely mention this dialouge to some of Christian Peacemaker Teams technology support people.  It makes a lot of sense to use some of these Open, readily available tools to improve our data security.   But I also agree with Edna that it can be a challenge for huamn rights organizations with limited resources to implement these tools.  It would be great if funders would provide some additional resources for tech resources, but I think many HR organizations struggle to come up with the funds just to stay afloat.  If we feel we have to choose between upgrading our technology and defending human rights,  we'll almost certainly choose the latter. 

One challenge that many HR organizations face is finding trustworthy Information Technology (IT) support.  Computer systems are only going to be as secure as the IT staff who design and maintain them.  With CPT's work in Colombia, many times we were forced to choose between buying a plane ticket for an IT support person to come to the project from the United States, or learning to install and maintain security and communications software ourselves.  And let's be honest, the skillset and interests that make a person a good human rights worker, often do not overlap well with the skills required to build and support a secure computer system.  CPT's Colombia Team has had to work hard to develop these skills internally, to avoid having to invite relatively unknown IT support people into our offices.  As a result, our security is pretty good, but we still have to rely, where at all possible, on limiting the amount of sensitive information we record and transmit.

We need to be careful about relying too much on computers systems that are only as secure as the people maintaining them. Sometimes the older, simpler technologies are safer and more secure.  I don't take a laptop into the field, I take an inexpensive pad of paper: it never runs out of power, it won't break, and it's easy to shred or burn after it is no longer needed.  Meeting in person with associates is almost always preferable to talking over the phone if security issues are going to be involved, and as others have mentioned, sometimes almost any discussion can impact security. 

Hey,

Great question. Linux is definitely different, but each new version of Linux, especially Ubuntu Linux*, is increasingly easy to use. We ran a laptop lab at the US Social Forum in June and offered nothing but Ubuntu, and no one complained.

But usability is a personal decision. I recommend you "play" with Linux and see what *you* think. You can get CDs or USB memory sticks with which you can start your computer and "test drive" Ubuntu without installing or affecting your existing setup. Glad to explain more.

Linux is worth the challenge, it's profoundly safer for defenders and others who need to be secure and anonymous.

* Linux comes in different configurations, which each have a name, such as Debian, Knoppix, and Ubuntu. Ubuntu is the "distribution" that has the most focus on usability and end user experience.

Hi Marie,

I was recently approached by a long-time Windows user who wanted to purchase a new laptop who asked my advice about what they should do.

My short suggestion was to either purchase a laptop with Ubuntu Linux or OS X installed on it.  This suggestion was met with scepticism and disbelief, and included a response along the lines of "but... that's different from what I'm used to".  I persisted, offering to only provide free support if they chose one or the other, but not Windows.

Three months after purchasing an Apple laptop (and nary a last-minute tech support question), I asked this person how they felt about the change away from something they were used to, and got a big surprise: "It's more or less the same, sometimes just as baffling as my old Windows computer, but I no longer even notice the difference."

I've also received similar responses from people who've adopted Ubuntu.

Since most of us are multingual, why can't we be multi-plaform literate?

My conclusion: It's the change that people are averse to, even if it's for the better.

Rick

p.s.: Since I made the switch from RedHat Linux to Ubuntu Linux, I'be been pretty impressed with the sense of collegiality (sp?) that I experienced in the numerous and helpful Ubuntu support forums.  And that's not something that the Linux community has always been known for ;-)

I don't have any funders to suggest that aren't already well known to members of these discussions. Open Society Institute are wonderful funders, but they have very disciplined funding guidelines, so you need to be working on stuff in their programmatic focus. Hivos is also a very supportive organization, but again with substantial funding discipline. And depending on where you work, there are other excellent regional funders as well.

My main advice to those seeking funding for security (and technology in general) is to learn to include it as a line item(s) of *every* grant you write. Funders often have constraints that prevent them from straight-funding technology and "infrastructure" costs, but if it's a component of a larger proposal that falls within their funding parameters, that's got a chance.

I believe as NGOs and activists, we need to consistently assert to funders and other supply-side players the *real* technology and security costs incurred in doing the business of social change and social justice. It continues to frustrate me when I hear funders say "we don't fund technology" or "we don't fund infrastructure"; to me it's not a matter of covering optional components, it's a matter of supporting mission critical substrates.

Other people have more theoretical expertise, but I think a case example of how accompaniment (broadly defined) can provide visibility to HRDs and increase the political costs of harming them might be helpful, and may provoke more discussion.

In addition to physically accompanying HRDs, part of the work of Christian Peacemaker Teams involves bringing delegations of internationals to conflict zones around the world (see http://www.cpt.org/participate/delegation for more information).  These short-term (7-14 day) delegations are intended to educate people from the global North about specific conflicts and introduce them to HRDs and their work.

In Colombia one of the human rights organizations CPT accompanies is a federation of farmers and small-scale gold miners, who have been threatened with violent displacement, in part because of increased  interest in their land by multinational gold companies.   One delegation was hosted in cooperation with the mining federation, which took a small group of delegates from the U.S. and Canada to visit rural Colombian mining communities, meet with many small-scale miners and farmers, and learn first-hand about their struggles.  

An important part of CPT delegations is public action.  At the end of the mining delegation, after learning first hand of the concerns of  the mining communities and community leaders the delegates planned a public witness in the plaza in front of the Gold Museum in Bogota, to draw attention to these concerns.  This public witness was carried out with participation from the mining federation and from several other Colombian HR organizations.  At the end of the public witness, the delegates led a procession through the streets of Bogota to deliver a letter to the office of the Colombian president, asking for attention to Human Rights in the development of future mining agreements.  Copies of the letter were also sent to the political leaders of Canada, Great Britain, South African and the United States; other countries which are involved in the expansion of Colombian gold mining.

I think this kind of accompaniment accomplishes a number of things:

1. It educates and establishes strong connections between the North American delegates and Colombian HRDs,
2. It serves to raise the visibility of the HR organizations receiving accompaniment, and
3. It decreases the isolation of HRDs    

These connections may continue bearing fruit as delegates return to their home communities with new information and commitment to advocate for changes in foreign policy or advocate for international pressure on governments which are not protecting Human Rights.

I think all of these benefits serve to increase the HRDs security by increasing the political costs of harming the HRDs whose work has been highlighted by the delegation.  What other types of network-building efforts have been successful in increasing the safety of HRDs? 

Thank you Edna and Ali for this list of possible protection measures for defenders to explore!  I found these two particularly interesting - ideas that I hadn't thought of before:

• Working as intern/volunteer with an UN/other international institution within country or even with national institutions like Human Rights commission or Ombudsman office also deter/reduce the threat
• Admission in courses (journalism, law etc) where hrds can stay in boarding or campus where vice chancellor , dean or other university officials regularly monitor hrds situation. These tactics are proved very useful in contexts where threats were from non-state, illegal actors or state/legal actors wanted to perform illegally.

Reading these ideas help me to better understand just how holistic an effective 'security' strategy can be.  The role of an international human rights orgs does not necessary have to be funding or training - instead its role can be that of a watchdog, by staying in regular contact with defenders via internships, volunteer positions, etc.  The term 'watchdog' has been brought up in this dialogue in other threads and now I am really starting to understand how a network of watchdogs can be created - universities, UN offices, human rights orgs, etc.  Thank you for all of these ideas!

Hello,

Going back to defenders who might not have access to technologies and adding the consideration that they might perceive themselves in a more vulnerable situation than those who have access to ICT.

Some Assumptions:
. vulnerabilities and capacities are two faces of the same coin
. the immensity and evolving possibilities in security and protection tools, texts, mechanisms etc for hrd
. sometimes we do things that do not necessarily relate to the objective
(ex. Look for the money/pictures/souvenirs, etc before running out of the house during an earthquake (while the 'security' objective is to stay alive and any action holding us back is 'counterproductive'/'useless' from the security objective point of view), etc.
Etc.

I think the question: 'what for? (What is the objective and how is the objective going to increase 'my' security'?) can help the hrd choose the 'useful' element/action from the many tools, measures etc at hrds' disposal.

I am thinking about all the hrd who currently do not have access to telecommunication (tel /internet etc) and that may think that because of that they are more exposed than others, based on the assumption that tel is fundamental instead of ‘a tool part of a more elaborated preventive/reactive security strategy etc)

They are exposed in a different way. Neither more or less than others with a phone.

What is fundamental is the 'critical thinking; the risk analysis and its updating, asking the right questions that help spot the cause instead of the symptom and is also 'solution-oriented"

Example: Real case (partial summary):
"A defender is attacked at night, at home. Defender has got a phone and calls for help. Help arrives in very, very short time and defender is ok".

Assumption: Phone saved defender's life. Phone is fundamental.

In the analysis conducted after, what came out was that:
- Defender had been away for some days before that night. Some unidentified people came to neighbourhood looking for defender's home. They found the home and asked the partner about the defender. (security incidents)
- Partner told defender is not there and also told when defender be back (security incidents)
- Partner forgot to tell defender. (Security incident)
-
Aggression happened after that progression of security incidents (Aggression is the culmination of a process)

If defender had known, defender might not have been at home that night.
Luckily:
* defender had a phone (charged and with credit);
* defender's friend hadn’t switch off phone at night
* they both lived next to each other
* a police patrol 'happened' to pass there to scare off the aggressors...
…

A lot of lucky circumstances (that might not repeat next time) instead of ‘thought out security strategy and plan’

Phone needed to be used before:

Partner to defender to tell what had happened and say don't come home or plan b or etc

Some organisations have got emergency lines. From the prevention point of view, defenders need to use it well before an event. Example, if defender had been informed by partner and had used the emergency line before going home, defender might have had support either to 'hide' or to have accompaniment or etc.

If the event happens and the defender can use the line, there will be reaction, not prevention. Yet, unless the reaction happens there and then, (local level/immediate) defender might not be there anymore.

In the real case above, defender ignored the analysis as partner didn't want to spend some nights away from home...aggressors came back that very night...defender still lucky (manage to run away)...

Other perspective of phone calls and security:

I agree a phone is a plus and hrds need to implement security when using the phone.
Depending on the security objective of its use, hrd could reduce the exposure to undue stress if, for example, hrd do not have access to secure phones.
I meet so many hrds who believe that because they don't have access to certain technologies (IT sceurity), they are more exposed than others. They simply forget the other face of the coin and that the potential aggressor has not waited for electronic technology etc (in fact, most of it has been developed by the potential aggressor).
Defenders forget the fundamental variable of the human behaviour which determines whether the phone will be a vulnerability or a capacity.

Examples (non exhaustive and partial)

A. emergency:

Unless the phone call can save the hrd (call and 'rescue reaction' triggered 'on time'), the hrd will probably have to do something else first that has a greater impact on their security (ex: scream to alert neighbours, run...).
Later, the hrd should analyse the facts (what really happened?). Hrd would probably reach the conclusion and that if security and protection had been implemented preventively, they might have not been there at the moment of emergency... (wrong place at the wrong time). Of course there many other variables)

B. if the point of hrd’s phone call is to let interlocutor know that hrd has arrived safely at home, hrd doesn't necessarily need extra measures knowing that:
- phones can be located (so potential aggressor knows where hrd is / or potential aggressor has picked the call from the interlocutor phone, thus they have heard the hrd, etc or simply, the hrd house is being watched, hrd is being followed, etc. Most probably the defender has not taken the battery off the tel so potential aggressor has just followed the 'red spot' on the map).
Let alone the fact that the hrd security will also depend on the house security...habits etc
In other words, the phone call is one element of the security.

C. communication of sensitive information over the phone':

Questions that can help choose the mean of communication:
. Is it 'vital' for the recipient to have it right now?
. Can it wait and travel differently?
. How much information over the phone etc

All that doesn't absolutely mean that security tech for phones should not be used, on the contrary. It needs to be used, as a safer alternative at a moment in time.
(Assumption: habits expose the defenders and must therefore be avoided)
Again, just thinking about hrd who simply do not have a secure phone and might not have it soon. They have already so many reasons to be stressed to have to add one more (stress has an impact on security).

Marie

Thanks Marie , thats true its not pre-condition but it helps....