For most of us, the Internet just happened. We didn’t train for it and we didn’t take classes at university; it was introduced at work, at home or at school as a means to a goal. For a long time we even talked about it as though it wasn’t a completely integral part of our lives.
Effectively we are now – metaphorically speaking – all driving around in vehicles without a driver’s license. Some have a knack for it; others learned how to drive a tractor in the fields back home and now have an upper hand; but effectively most of us don’t really know how the vehicle operates or what we need to do to reduce the risks associated with this form of transportation. More importantly, we are driving on a network of roads for which we have no map and do not understand enough to predict and mitigate potential dangers.
In life, changing habits is probably one the hardest things to do, so asking someone who has been driving around for a long time without a driver’s license to start taking classes is a difficult task. On top of that, the fear of the unknown and the utter lack of agency that is too often the consequence of not understanding how the Internet works paralyzes us and stops us from adapting to our new reality. We simply do not carry our situational awareness of risks as we would “in real life” to our online behavior, and we find the cost-benefit ratio between the costs in time and resources and the benefits as we perceive them to securing our data to be too high.
As implementers our role is twofold: to disseminate knowledge and skills through trainings to at-risk individuals while practicing what we preach. The latter is what we seem to struggle with the most. In mapping and understanding our networks, we often fail to realize that when we take risks, we are not only taking them for ourselves and our organizations, but in fact we are taking risks on behalf of the network of individuals we work so hard “in real life” to protect.
What the Edward Snowden NSA revelations have done for us is quite positive. It has allowed us to see the truth behind what we had previously considered assumption and allows us to work from the baseline that is the reality: The data of every single individual connected to the Internet is being monitored and stored. Good. Now we know. So how do we move from here? It is crucial to understand that this data will exist for a very long time. It will be overseen by different types of governance, subject to changing laws and policies, and sold and resold to entities whose intentions we cannot predict.
We need to consider this new reality in the way we interact with each other but also in how we write our proposals and implement our programs. In other words, we need to live it. Digital hygiene practices and digital tools should not be confined to the trainings we give to our beneficiaries in repressive or conflict countries. It should be something we do, something we encourage our colleagues and everyone in our networks to do, something we pass on, and more importantly something we all personally commit to. In every other aspect of our professional work, we would intervene if a colleague was taking great risks with severe consequences, yet we accept when our professional network completely disregards even the most basic measures of digital security. We can change that. We can increase the value and appreciation of the hard work and achievements in media development if we jointly commit to a process of implementation in digital security practices within our own organizations.
On a practical level, too often have I seen the conversation go from 0 to 100 mph in seconds when it comes to the “big” topic of digital security, with no bridge between the ordinary human users on the ground and highly complex mathematical challenges in encryption algorithms. This contributes to the resistance toward incorporating and adapting digital security practices on a practical daily level. We need to understand and talk about each challenge in its own realm and not muddle the conversation by talking at too many levels at the same time.
For this reason, I want to highlight five practical tips for the human behind the screen and the machine attached to it:
And last but not least Back up – like Nike: Just do it
Useful resources:
https://securityinabox.org/ – a resource for online security tools
https://prism-break.org/en/ – click on the device you want to secure communications on, and it shows you the tools available and what they do
https://pressfreedomfoundation.org/encryption-works – a great resource as to why security is important and to understanding the bigger picture
Oktavía Jónsdóttir is program director of the IREX SAFE initiative focussing on delivery of integrated digital, physical and psychosocial trainings to at-risk journalists in three regions.
Source: http://gfmd.info/index.php/news/tech_corner_why_does_digital_security_have_to_be_so_hard/