My privacy – Your safety

A manual for activists to protect your privacy and security online

Table of contents

  1. Chapter 1: Introduction
  2. Overall context
  3. Safety vs Security
  4. The right to privacy and security
  5. Why online security and privacy are relevant for 2021 / Reflection on digital revolution post-pandemic
  6. Why we should pay attention to online security
  7. Chapter 2: Privacy Awareness
  8. “I have nothing to hide” argument and other excuses
  9. The risks of internet privacy
  10. When online surveillance and profiling exploit our democracy
  11. Chapter 3: Tips for online privacy and security
  12. Privacy tips
  13. Surveillance tips
  14. Chapter 4: Collection of resources for activists and organisations
  15. Good habits
  16. List of various resources, guides, tools
  17. Appendices
  18. Appendix 1 – A GDPR mini overview. Learn the law, use the law

Why we should pay attention to online security

There are many reasons why today we should pay attention to online security. We will talk about it more in the next chapters but for now we can start to introduce some of these fundamental concepts.

We need to pay attention to online safety and security to protect mainly three things:

  1. The worker (yourself and your colleagues)
  2. The information you hold in your archives
  3. The people you work with – in many cases, vulnerable people whose identity is known to HR, organisations and activists, who hold sensible data about them.

One of the most common issues we encounter is that most activists, youth workers and HR organisations active in the non-profit sector use free and open source tools in their remote working procedures. This could put the data you hold at risk of leak, and consequently the safety of your activities, of the people with whom and to whom you work with, and yours.

Taking care of these issues means also taking care of “communitarian health”: especially in a time when we all lack physical sociality we need to make sure we are all safe in our online spaces, the only ones where we can spend time together at the moment. In a broader sense, it also means taking care of the online environment we share, avoiding to pollute it with hate speech or fake news, that only increase polarization, especially when it comes to political issues.

 

In the past few years there have been some big scandals exposing the real threat that online surveillance and breaches of our privacy online constitute for our rights. They have led to catastrophic consequences on the democratic processes around the world and on our whole communities.

After Edward Snowden leaked NSA slides in 2013, two names became synonymous with the agency’s vast online spying powers: Upstream and PRISM. The US government was revealed to have authorised the use of Prism and Upstream systems to collect millions of citizens’ personal data. Those two types of surveillance work in different ways but pose similar threats to the privacy of Internet users around the world. In early 2017, the intelligence community rebranded them as “upstream” and “downstream”, but the surveillance is the same. Upstream surveillance involves collecting communications as they travel over the Internet backbone (copying all of the data flowing through the fiber optic cables), and downstream surveillance (formerly PRISM) involves collection of communications from companies and providers based in the US like Google, Facebook, Yahoo, Microsoft, Skype, YouTube, Apple. In both systems, the intelligence community can target any foreign person located abroad who is believed to possess “foreign intelligence information”, defined so broadly that it could easily include journalists reporting on foreign governments or entrepreneurs working to expand their businesses to new countries. 

The British marketing, behavioural research and strategic communication company SCL Group (that on its website presented itself as working on four branches: elections, commercial, defence, social) came to prominence through the Facebook–Cambridge Analytica data scandal involving its subsidiaries Cambridge Analytica and Crow Business Solutions MENA. It has been proven to have meddled in several elections, such as the Indonesian elections in 1999 (where their propaganda campaign led to the victory of Wahid, the opponent), and the mayor elections in Bogotá, Colombia, in 2011 (where they perfected influencing techniques based on the principle “people influence people”: 3000 individuals, pillars of their community, became the spokespersons of the candidate’s campaign).

And finally, the scandal of the past decade: Cambridge Analytica (2015-2017). Cambridge Analytica, a subsidiary of SCL whose key investors were Robert Mercer, Steve Bannon, Alexander Nix (alt-right billionaires, media executive and strategists), played a shady role during the Brexit referendum on EU membership and the US Presidential elections in 2016 that saw Donal Trump winning over Hillary Clinton. Cambridge Analytica’s mission was to use large-scale data analysis “to change audience behavior” (according to the company website). His strategy was to target micro-groups of voters with personalized messages based on their profiles (resulting from the analysis of big data related to online behavior) to influence how they voted or to convince them to abstain. It was based on persuasion digital marketing and behavioral science, classifying people based on the OCEAN five-factor personality model that defines different traits in personality (Openness, Conscientiousness, Extraversion, Agreeableness, Neuroticism).