Taking MENA Holistic Privacy Practice and Digital Security Research to Next Level

From IFF Wiki
Jump to: navigation, search
Taking MENA Holistic Privacy Practice and Digital Security Research to Next Level
Presenter(s) Ramy Raoof (Egypt), Tarakiyee (Jordan), Abir Ghattas (Lebanon), Kaustubh Srikanth (India), Alp Toker (Turkey)
Country(ies) MENA / Global South
Social media https://twitter.com/RamyRaoof - https://twitter.com/Tarakiyee - https://twitter.com/AbirGhattas - https://twitter.com/houndbee - https://twitter.com/atoker
2017 theme Training & Best Practices

What's Going On?

Research into surveillance and information control patterns, as well as threat models, helps inform development of holistic security tools and practices, as well as modes of digital privacy support provided to civil society and individual actors. Furthermore, in an increasingly unjust and despotic environments such as in the MENA, the production and dissemination of evidence based research to dispel mainstream and state driven discourse and to provide an alternative narrative becomes an essential act of resistance, crucial to both activism and awareness building

More than ever, conducting such research and investigations has become increasingly challenging, and what used to be effective research and data collection techniques are now obsolete and evidence-based efforts became extremely high risk due to volatile political climate. Digital security and privacy practitioners from MENA in particular, and the global South in general, are highly dependent on resources that are difficult for them to access, in contrast to those from global North countries where there is more support and pervasive rule of law.

While collaboration and expertise-exchange has proven to be a successful core mechanism for digital security practitioners and researchers from different countries, the gap in resources and the huge disparity in risks often results in the loss of relevancy and contextualising information during the process. This reflects itself in the quality of research, tools, and analysis available.

Lets Brainstorm & Setup

This is not a presentation or lecture, its a conversation and opportunity to share our thoughts from different countries based on our experiences in the past 2~3 years, so we can learn and improve. We will facilitate the discussion and we encourage all of you to think about the questions and feed-in the conversation with what you think.

  • How are the political and legal changes impacting our ability to produce research and customize digital security and privacy advices?
  • What resources are we missing? specific skills? knowledge? tools?
  • Are there tech challenges making our duty more difficult: infrastructure limitation, surveillance, targeting?
  • How can we do it differently?

Join Us

We welcome political and info-activists, techies, academics, journalists, feminists, pirates, penguins and anyone who has intermediate-to-advance knowledge of the topic to join this problem-solving discussion session to crack creative solutions for these new challenges in order to enhance evidence-based surveillance research and digital security support in the Middle East in particular.

When & Where

Wednesday 8 March 12:15PM @ Theater

Notes From the Session

Live Raw Notes

Turkey: Security situation affecting civil society and ordinary people. Digital transparency project: they keep a middle ground and stay engaged with the government and ISPs. Its difficult because you get enemies for being close to the government, and close to activists. Monitoring internet connections. Coup: reduce legal access to support and there is a tendency for people to get labeled as terrorist. Tools: awareness regarding privacy is not good and people are too worried about day to day issues. Some groups use Telegram is not the greatest but their is a community stuff in it and this is the balance between practicality and security.

Lebanon: Challenges that we face as digital security trainers and people working on research. Work within the Lebanese context and several Arab countries (GCC) Lebanese context: there is not an extensive research done to digital security, it is always under the umbrella of bloggers, freedom of expression and threats. Internet in Lebanon is controlled by the government and distributes to all other ISP which contributes to a very crappy infrastructure that cannot be mapped. Reports and leaks reveals that if you ranked up high somewhere, they have access to everything. Hacking team leaks the army purchased hacking products but it got no attention.

What do we need as practitioners and digital security trainers: Why did we even start doing this? because i need this as an activists on LGBT and migrant work activists in Qatar and Saudi Arabia. If we do not personally secure our communication, we will be “screwed”. Training is not enough. It is not clear who is trusted to teach you more about securing digital securities. We need capacity building and female digital security trainers in the Arab world.

India: Most surveillance activities by gov facilitated by theInformation Technology Amendment Act by 2008. Facilitated by the Bombay attacks, this bill became an act within a month. It allows the gov the surveillance without the need of a court order. which set the stage of multiple surveillance schemes e.g 900 million devices Mat Gray: surveillance agencies linking their data make them searchable, driver licence issues, and real time monitoring without the need for a court order. Adhar; biometrics ID: accesss to welfare and benefits, stores your finger prints and access to data. Who has access to data, and it has been built by large corporation outside of india. Right to information requests on how is this information shared were rejected under national security. A new party in the house of parliament forming the two thirds enforced the foreign contribution regulatory act which allow civil society to receive funding. This is cancelled thousand of licenses for civil society to receive funding. Not only civil society organisations like Green Peace and Amnesty whose funds were frozen, but also smaller organisations like the Centre for Internet and Society.

There is a disconnect: policy industry and human rights defenders. No one is talking to each other. What does an environment activists living in central india need? their primary device is their mobile phone and they are kidnapped and receive. No one is thinking about these activists. That is something we need to bridge in that region. Internet Freedom Foundation is a new foundation that brings everyone together hr defenders and industry.

Jordan: - There is a serious supply issue and we don’t have trainers, the time, the resources, to cover the needs. - Consumers to digital security tools with little contribution to research and guidelines, but the digital security tools are developed in western countries. These organisation set the base and the counties. - There is a need for developing our own practice and sustainable manuals. Solutions from within. Best experience was in the World Social Forum especially the communication conversion. Though it does not get as much attention though it is very important for sustainability.

Egypt: Research issues: - Bandwidth is an issue as they cannot support VPN and other technical tools. When a software is developed in the country where is a big bandwidth cannot support internet infrastructure with smaller bandwidth. - Raspberry Pi is not allowed in Egypt. During the crackdown, we wanted to buy digital scanner to digitise documents: servers and equipments were taken from us. - Physical attacks: police rampage of offices supporting digital security. - DPI encryption: enabling and disable specific packets. We stopped some of our servers because we couldn’t speak to our servers as packets were filtered.

Bahrain: attacks are doing on GCC level not only Bahrain as there is a corporation between countries. Hacking team and gamma intervention have a good relationship with government and the UK government help train the cyber unit of Bahrain. Attacks against twitter and Facebook users. If someone’s account was hacked, they don’t inform people and the government use that account to hack into other accounts. Activists are only using tools and not changing behaviours.

Crowd Questions: 1. What is your perspective on pursuing information about the import/export industry of EU government tools? There needs to be a solution that hold these businesses accountable for human rights abuses. but not restrict researchers from looking at the code. PI uncover some of these companies. but its not easy to uncover because some use really cheap fishing techniques and sometimes open source. Egypt: We took the government to court after announcing the purchase of surveillance product on social media. We lost the case after 3.5 years but we made more expensive for them to do that. Turkey: lack of regulation and transparency make grants to increase the access to infrastructure sometimes used in monitoring and surveillance.

2. It has been a year and half since HT teams. What kind of impact did that have? or didn’t? Lebanon reported on it, it has been a year but we know that military purchased software. Egypt ;after the leaks HT asked the government to stop using the program but it make it more difficult for them.

3. How do you get people to develop solutions locally? That is an amazing way of building strength and bridges. it gives us credibility in our own countries. There is a common idea, if you wanna change the world you have to mainstream activism. Main stream activism is not possible but main stream security: for example, we need to start put pressure on these tools to actually adopt main stream security like the whatsapp case. I have problem believing that people do not care about privacy. I don’t think people do not want privacy, they just don’t know how to achieve it.

Format Conversation
Target Groups Security Trainers, Front Line Activists, Journalists, Advocacy/Policy Professional
Length 1 Hour
Skill Level Intermediate
Language English

Session Outputs

Next Steps

Additional Notes

Relevant Resources