We see a lot of folks who are new to organizing engaging with our blog and work, so we thought it would be helpful share some best practice security protocols from our collective organizing experiences.
It is useful to remember that under our current police state nothing is “100% secure,” it is better to think of it as self-defense or harm reduction.
There is no reason to willingly serve ourselves to the state on a silver platter. COINTELPRO is very much alive today, and has transformed and grown since the 1960’s and especially post 9/11. Security is an ongoing process that is always changing and being updated in accordance to what the threat is, and I find it can help reduce stress to know you are proactively working on protecting yourself.
We would also add, security measures are best put in place before you need them and are only as strong as your weakest link. Often at the crisis point when you are already compromised, it is too late to retroactively close those lapses. It is best to view security as a regular practice.
Electronic Frontier Foundation (EFF) explains further: “Knowledge is Power. Good security decisions begin with having proper knowledge about your own situation. To start,ask yourself the following questions:
- What do I want to protect?
- Who do I want to protect it from?
- How likely is it that I’ll need to protect it?
- How bad are the consequences if I fail?
- How much trouble am I willing to
go through to try to prevent potential
consequences? —Once you answer these questions you can better
assess your digital security needs and create a
security plan, or threat model. You already have
more power than you think!”
- Use at least a 6 digit passcode on your phone, I suggest 10+ digits. Preferably use a computer generated code or other randomized
method such as the dice method. It may take a few days to memorize it, but it is worth it.
- Turn off fingerprint / face ID on your smartphone. Cops can force your phone to unlock without your permission. I know this is technically illegal in some states, but never trust the cops — it is best to have it off.
- Turn off location services. This can be used to track your movements. Steps to turn it off here. Best practice is simply not to carry your phone on you when doing direct actions, etc.
- Use the encrypted Signal app for all communications! It is a free app for both iphone, android, and desktop. It is both i) endto-end encrypted and ii) open-source software. It is one of the *most secure, but not 100% secure. If your phone is tapped, no encryption will be secure. I recommend using this app for communications instead of regular texts and calls. I also recommend turning on “disappearing messages” within the Signal app, which you can set to different time lengths, and deleting threads regularly. While the encryption protects the communication as it is happening, data stored in the form of threads and conversations should be regularly deleted off the device.
EFF describes these:
i. “End-to-end encryption ensures that information is turned into a secret
message by its original sender (the first“end”), and decoded only by its final
recipient (the second “end”).”
“End-to-end encryption only protects the content of your communication, not the fact that you are communicating in the first place. It does not protect your metadata, which includes, for example, the subject line of an email, who you are communicating with, and when. If you are making a call from a cell phone, information about your location is also metadata.”
ii. “Open-source software provides the opportunity for better security, but does not guarantee it. The open source advantage relies, in part, on a community of technologists actually checking the code, which, for small projects (and even for popular, complex ones), may be hard to achieve. It is the most secure, but again not 100% secure. If there is a tap on the physical phone itself, no encrypted app will make a difference.”
5. For more secure in person meetings, put your phones in a separate room wrapped in aluminum foil. This is basically a low cost,
home-made “Faraday cage” that interferes with cell phone signals. The mic on your phone can still be on, however, even if the phone itself is powered off. So it is best practice to store phones in another room out of ear range during organizing meetings or important conversations.
6. A piece of advice a lawyer once gave me, was that when posting online, imagine it being read in front of a grand jury. This is a useful thing to keep in mind when posting online.
7. When heading out to a protest, write important phone numbers with sharpie on your arm. This could be your lawyer, a comrade, or the National Lawyers Guild number. Best practice is to also have at least one of these numbers memorized.
8. Know Your Rights! We suggest reading a full Know Your Rights breakdown. At minimum, it is helpful to know the key phrases to say aloud in an interaction with police so it can later be used to help defend you in court, even if the police do not adhere to them on the spot.
• “Am I free to go?”
• “Am I being detained?”
• “I do not consent to a search.”
• “I am not resisting.”
9. If arrested, don’t say anything other than “I am going to remain silent, and I want to speak to my lawyer.” Anything you say can be used against you or your comrades, no matter how innocent you may feel their questions are. The police may use scare tactics, claim they have evidence, make threats, play good cop/ bad cop, etc. Responding to their questions will never help you or your community, regardless of their claims. Always speak to your lawyer first before saying anything.
10. Don’t voluntarily give out your data or information online. Often things will circulate on social media like “sign up to this antifa list” or something of that nature. Protect your data! Antifa never functions in a centralized manner. You don’t know who is aggregating that data and it is best to avoid giving out your information entirely.
For more detailed surveillance self-defense practices, go to Electronic Frontier Foundation’s website.