OBJECTIVE |
To enhance knowledge of digital risks To identify practical solutions to digital risks Participants to make at least 2 practical improvements to their digital protection |
TIMING |
90-120 minutes |
TIME BREAKDOWN |
Introduction - 5 minutes Introductory Activity - 10 minutes Presentation & discussion - 60 minutes Practical session - 15 minutes Optional working group - 30 minutes |
RESOURCES |
Internet and projector |
When planning and facilitating this session, it is important to consistently apply an intersectional lens to each participant's identity and experiences, and their protection needs. Overlapping systems of discrimination and privilege, such as gender, sexual orientation, religion, disability, racial and/or ethnic origin, economic status/class, marital status, citizenship, age and physical appearance, can have a profound impact on human rights defenders' and their communities' perception of and experience with risks and protection.
Preparation:
- in an ideal world, a digital protection expert with knowledge of the context of the participants would be part of your facilitation team (See: Best Practice for Working with Experts)
- if one is not available to attend the workshop, ask a digital expert if they can:
- send a video of their presentation
- or some slides, relevant information for the specific group and further reading
- if you don’t have access to an expert, you can still develop the knowledge of participants with low expertise by using one or two of the sessions below
- look at Security-in-a-Box and prepare one or more sessions based on the participants’ needs.
- if you have participants who have some expertise, plus you have a reasonable internet connection, choose the Group Learning exercise
Introduction: 5 mins
- Digital technology is essential for many HRDs to communicate, expose violations and build strong networks
- Digital protection is increasingly important for HRDs as authorities and other opponents increasingly target HRDs through technology
- Digital protection is important for us as individuals to safeguard our personal, private and activism-related information, as part of our Right to Privacy.
Introductory activity: 10 mins
Digital race
The title is to make it funny, so participants feel more relaxed.
The exercise should be held in a fun way (you could pretend to be a sports commentator) to illustrate the safe practices and can be used as an introduction to digital protection.
Ask for 4 or 5 volunteers. Start directing questions starting with “Take one step forward if you…”
Examples to complete the sentence are secure practices such as:
- Use passwords longer than 15 characters
- Use different passwords for all your social media accounts
- Update online accounts passwords more then each year
- Deactivate GPS location on your mobile when not using it
- Deactivate Bluetooth on your mobile when you do not use it
- Updated all your devices' operating system, programmes and apps during the last 7 days so you do not have any pending updates
- Have encrypted disks on your devices
- Use antivirus programme on your computer and mobile
Digital Protection Presentation and Discussion: 40 mins
Ideally to cover the following (see the end of this session for resources):
- Explain the scope of the session: what is digital information and digital protection?
- What is sensitive information and what do you have?
- one way of doing this is to firstly ask participants (collectively) to "map" the locations where their information is stored.
- an explanation of this activity, and subsequent inputs, can be found at: https://level-up.cc/curriculum/protecting-data/data-backup-basics/activity-discussion/data-backup-matrix-creating-information-map/
- what general risks to this information and themself do participants identify?
- potential outcomes: confidentiality, anonymity, integrity of information, availability (information loss, inaccessibility of services, etc.) - How the internet works
- explained for example as a role-play of sending email or accessing information on file cloud service, or use video to explain this eg https://www.youtube.com/watch?v=Sfzo4xm5eX8 (English, Chinese, French, Russian and Spanish)
- how the mobile network works
- where are risks in both of these systems (internet and mobile networks), who is posing them - Physical protection of devices and work space
(including paper information, disposing of information and devices, carrying or storing information and devices, connecting to internet, connecting devices, etc)
See: https://securityinabox.org/en/phones-and-computers/physical-security - Fundamental decisions: what device is used for what information or communication?
- Basic digital protection (operating system version, upgrades, updates, which apps/programmes you can/should remove, OS settings, AV)
- Android
- IoS
- Windows
- Mac
- Linux - Passwords (what a strong password means, password managers, difference between offline and online managers)
- https://securityinabox.org/en/passwords/passwords-and-2fa - Protection of stored information (encryption of disk / full disk / files, backup offline/online, disposing information and traces of work)
- https://securityinabox.org/en/files/secure-file-storage - Protection of accounts by 2FA
- https://2fa.directory/ and one time password
- apps for Android: Aegis and for iOS/iPhone: Raivo OTP - Communication channels/services (email, instant messaging voice/text/video, internal/external communications
- Community (social media)
- Publishing information (website, blog, social networking)
Group Work Activity Option: 30 mins
Note: a structured presentation as above is the most effective for learning. In the absence of that consider using online resources and the resources in the group.
Split the group into small groups of 4 or 5. Each group should prepare 3 questions on digital protection (to which they believe they know the answer). All the questions are put into a container and each group takes 3 questions. After 10 minutes discussion in small groups, each group explains the questions they received and the answers. Participants should challenge answers not believed to be accurate, in which case the trainer not currently facilitating should check Security-in-a-Box or other reputable sources.
Practical session:
Facilitators should aim that participants have 2 practical improvements to their digital protection. The ones which may be relatively easy to implement and effective include:
- Password improvement (see https://digitalsafetymanual.org/card/passwords-and-account-protection/ and https://securityinabox.org/en/passwords/passwords-and-2fa)
- Downloading a safer call/chat app such as Signal (if legal in your country) (https://securityinabox.org/en/phones-and-computers/android/ or https://securityinabox.org/en/phones-and-computers/ios/)
Resources:
- Digital Protection - Front Line Defenders
- Security-in-a-Box
- Digital Safety Manual
- Digital First Aid Kit
- Surveillance Self-Defense
- Security Planner
- Zebra Crossing: an easy-to-use digital safety checklist