▇▇▇▇ [1113], picture of Brian J. Matis, January 2012 (Flickr)

(Read in French) As outlined in both our Campaign Playbook and Full Report, the Direct Diplomacy team advocates a series of important recommendations for campaign organizers for safe participation in the digitally enabled era of direct action.

As the impact and influence of online citizen movements have increased, so too have efforts to weaken and undermine them by repressive governments. These governments have long used physical intimidation tactics to disrupt political organization. Now that organization is moving online, they are increasingly turning to digital tactics.

This is why it is essential that movements are aware of the digital environments in which they operate. While the Internet is truly a global phenomenon, it has become increasingly divided along national jurisdictions. Content regulations, domain blocking technology, and comprehensive surveillance systems are all part of state government’s growing digital presence, and form the relative digital environment that campaign organizers operate in. For example, countries that have pervasive government surveillance systems, robust content blocking technology, and repressive freedom of expression laws would be considered to have a risky digital environment. Campaign organizers need to educate themselves and their participants of how they are vulnerable to digital risks. More than that, organizers need to learn about and equip themselves with the proper tools to protect themselves in risky digital environments.

Rapidly advancing and ever prevalent, we categorize these digital risks under three broad classifications: surveillance and censorship, phishing attacks, and Distributed Denial of Service (DDoS) attacks.

Content censorship and Internet surveillance has now become commonplace in both authoritarian and democratic societies. The degree to how much content is filtered and blocked in a country will vary, but projects like the OpenNet Initiative do extensive testing to map out blocking activity worldwide. Organizers will have to be aware of the local laws that dictate what content is illegal, to ensure that potential participants can access important information, campaign material or digital tools. Fortunately, for organizers or citizens in such countries, censorship circumvention tools like Psiphon allow users to access the open Internet.

Surveillance systems offer potentially more pervasive and insiduous risks to campaigns. Armed with these systems, governments are complicit in infiltrating mobile devices and computers, recording the activity of campaign participants, with damaging repercussions. The Occupy Central campaign in Hong Kong (see Samuel Wollenberg’s post on OCLP and distributed leadership) showed just that, as Chinese state authorities were suspected of multiple accounts of monitoring and registering activists. Some participants were even refused entry into Mainland China after being connected with the protests. For such campaigns, digital anonymizers like Tor can help ensure participants and organizers isolate themselves from retroactive punishment via state surveillance systems.

The Occupy Central campaign also witnessed instances of malicious pshishing activity, where campaign participants were sent suspicious messages with links to malware and other nefarious software. These threats are easily avoidable with simply refusing end-user acceptance (i.e. just don’t open strange links), but educating participants on how to identify phishing messages is encouraged.

DDoS attacks, while less prevalent than the other risks we have categorized, are difficult to defend against. The attacks are attempts to make a machine, website, or network resource temporarily or indefinitely unavailable to intended users. With multiple methods of attack, DDoS require significant technical resources to properly mitigate threats. However, as the attacks require sophisticated coordination and resources to execute, campaigns should focus most of their defensive efforts to mitigate against the more prevalent digital risks.

Fortunately, many citizen campaigns are already educating and protecting themselves. The Internet Ungovernance Forum (IUF) was a 2014 campaign part of the wider Internet freedom movement in Turkey. Operating in the riskier Turkish digital environment, the campaign organized sessions identifying digital risks facing citizen journalists and activists, and even held workshops on how participants can utilize protective tools like Psiphon or Tor.

The IUF has set an important and positive example for citizen campaigns operating in the digital era. As campaigns begin utilizing digital tools for organizational capacity and direct action, they must be mindful of the digital environments where they operate. And as repressive technology continues to advance, so too does the positive technology empowering citizens worldwide.

See also this The Economist’s multimedia content on how prostestors evade digital censorship :