DOCSLIB.ORG

STAND UP! Security Guide for Human Rights Defenders in Africa

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
STAND UP! Security Guide for Human Rights Defenders in Africa STAND UP! Security guide for human rights defenders in Africa DEFENDDEFENDERS.ORG 1 – STAND UP! SECURITY GUIDE FOR HUMAN RIGHTS DEFENDERS IN AFRICA Stand Up! Security guide for human rights defenders in Africa Published February 2017 East and Horn of Africa Human Rights Defenders Project | Human Rights House Plot 1853 | Lulume Road | Nsambya | P.O. Box 70356 | Kampala | Uganda Phone: +256 (0)393 265 820 | +256 (0)414 510 263 E-mail: [email protected] | [email protected] Web: www.defenddefenders.org This publication is available online in PDF-format at: www.defenddefenders.org/our-publications Made possible by the generous support of Open Society Initiative for Eastern Africa (OSIEA), the Swedish International Development Cooperation Agency (Sida) and Soleterre - Strategie die pace ONLUS. Attribution should be made to: DefendDefenders (East and Horn of Africa Human Rights Defenders Project). This report is distributed at no charge. This work is licensed under the Creative Commons Attribution 4.0 International License. PREFACE Stand up! The rights of our families, social movement, and in your digital communities, and fellow citizens must life. be protected. And YOU are the one to defend them! They have the right to Book One covers personal, physical, live in peace, to enjoy liberty, to speak and organisational security planning. freely, to live in healthy environments, Learn the essential framework for to enjoy democratic process... in short security analysis and planning as well to enjoy the promises of states made as the support mechanisms available in the Universal Declaration of Human at the regional and international level Rights. for human rights defenders. But these rights are not claimed easily Book Two covers digital security in Africa. Human rights defence is not for your devices, accounts, and “a walk in the park”. Human rights communications. Extend the lessons defenders across the continent are of security management into the threatened, harassed, imprisoned, digital realm with risk assessment of dislocated, and even killed because of your electronic workspace and learn their convictions and the work they do the essential steps to lock down your challenging the status quo. human rights work as you do it from Have you read the news? From your phone, computer, email, websites, Algeria to Zimbabwe we see an A-Z social media accounts and more. of repressive and heavy-handed measures restricting civic space to Turn the recommendations in these associate, assemble, and express for two books into action in your life the common good. While there are and support your colleagues and differences in severity, even in the communities to do the same and most advanced, open, and stable of you will see tangible results in the democracies you will find pushback form of more safety consciousness, when your work threatens the interest better communication and planning of the powerful. within communities of human rights defenders, and robustness of response You hold in your hands a tool to reduce when threats do manifest themselves your exposure to the risks inherent in as attacks. your goals. Use it to better understand the opposing and supporting factors Stand up! Let’s do it together, and let’s in your environment, identify your do it safely. vulnerabilities, and create new capabilities to stand up to adversity. This tool is composed of two books written to meet the range of security concerns you may face in your personal life, in the life of your organisation or BOOK I PROTECTION AND SECURITY MANAGEMENT BOOK I Table of contents Introduction 8 Concepts Definition 9 • Who is a human rights defender? • Definition of security, safety and protection • Why is security management important for human rights defenders? • Common obstacles and impediments to human rights defenders’ safety and security • Security management steps Context analysis 12 • Why it is important to undertake a context analysis • Key factors to consider when carrying out a context analysis Security Incidents 14 • Examples of security incidents • How to react to security incidents Threat Analysis 16 • Definition of threat • Why are human rights defenders threatened? • Case studies Risk Assessment 18 • Definition of Risk • Common examples of risks in the sub-region • Risk assessment steps • Vulnerabilities • Capacities • Factors contributing to increasing risk levels for human rights defenders • Common mistakes about risk management Security Planning 21 • What is a security plan? • Security policy and security plan • How to develop and implement a security plan? • Implementation of the security plan • Practical ways of putting in place security measures Existing protection mechanisms for human rights defenders 23 • UN Special Rapporteur on Human Rights Defenders • The Special Rapporteur on Human Rights Defenders of the African Commission on Human and Peoples’ Rights • National mechanisms for human rights defenders protection Annex 25 • Summary of the UN Declaration on Human Rights Defenders INTRODUCTION Physical and organisational security management The adoption of the United Nations This manual reflects DefendDefenders’ Declaration on Human Rights Defenders experiences over the past 11 years, in 1998 and the establishment of the focused on ensuring defenders’ safety, mandate of the UN Special Rapporteur security and protection through on the situation of human rights trainings on security management, defenders in 2000 constitute major technical support, security guidelines milestones in the protection of human for defenders most at risks and rights defenders around the world. organisational support. It was However, defenders continue to face developed by the Security Management threats and risks despite the existence team within the Protection Department of these mechanisms. of DefendDefenders, with support from colleagues, national human rights Across Africa, human rights defenders defenders coalitions and HRDs in the working to promote and protect human sub-region. rights in volatile political contexts face major risks, such as killings, This manual adds to the existing physical attacks and assaults, arrests, materials on security management as intimidation and shrinking civic space. it contextualises security management States constantly fail to investigate knowledge and tools for defenders in violations against defenders. the region of East and Horn of Africa sub-region and the entire the continent. To ensure their security and the continuity of their work, defenders have taken steps to manage individual and organisational security by assessing risks and putting in place effective strategies to mitigate potential threats. Dedicating time and resources to managing security helps HRDs to continue their human rights activities and ensure their safety and security. DefendDefenders’ (the East and Horn of Africa Human Rights Defenders Porject) contextualised manual on security is intended to serve as a tool for human rights defenders in the East and Horn of Africa sub-region to equip them with necessary strategies and responses to the often volatile environment they operate in. 8 – STAND UP! SECURITY GUIDE FOR HUMAN RIGHTS DEFENDERS IN AFRICA CONCEPT DEFINITIONS WHO IS A HUMAN RIGHTS DEFENDER? For the purpose of this manual, security Human rights defenders are people is defined as ‘‘the state of being free who, individually or with others, act from intentional harmful acts’’ while to promote or protect human rights safety is defined as ‘‘the state of being enshrined in the United Nations free from unintentional harmful acts’’ Universal Declaration of Human both security and safety include the Rights 1948 (UDHR). The 1998 United element of danger. Protection are Nations Declaration on Human Rights measures taken by HRDs or other Defenders refers to “individuals, actors to enhance security2 and safety. groups and associations contributing to the effective elimination of all violations Examples of protection measures: of human rights and fundamental • Visitors access procedure; freedoms of people and individuals.”1 • Closed-circuit television (CCTV) surveillance and alarm; Anyone can be an HRD regardless of • Electric fencing; educational background, professional • Fire extinguisher; qualifications, gender, age, race, • First aid kit. social group, or nationality. If a street vendor or a banana seller denounces "During the September 2013 demonstrations the mistreatment of fellow sellers by local tax authorities, s/he is considered in my country, HRDs were killed, detained, and an HRD. In some cases, HRDs can be found in both private and government tortured by police and national security because sectors. All actions taken by HRDs must be peaceful. we did not think about our security, we did not DEFINITION OF SECURITY, SAFETY, do risk assessments and never thought about AND PROTECTION security strategies to mitigate imminent risks." Understanding the concepts of security, safety and protection, and the WHY IS SECURITY MANAGEMENT similarities and differences between IMPORTANT FOR HUMAN RIGHTS these concepts, will help HRDs conduct DEFENDERS? risk assessments and develop and implement effective security strategies HRDs, as people who stand up to protect and measures. the rights of others are subjected to 1 The Declaration’s full name is the “Declaration on the risks, and their fundamental human Right and Responsibility of Individuals, Groups and Organs of Society rights are regularly violated. to Promote and Protect Universally Recognized Human Rights
Load more

Recommended publications
  • Operating System Boot from Fully Encrypted Device
    Masaryk University Faculty of Informatics Operating system boot from fully encrypted device Bachelor’s Thesis Daniel Chromik Brno, Fall 2016 Replace this page with a copy of the official signed thesis assignment and the copy of the Statement of an Author. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Daniel Chromik Advisor: ing. Milan Brož i Acknowledgement I would like to thank my advisor, Ing. Milan Brož, for his guidance and his patience of a saint. Another round of thanks I would like to send towards my family and friends for their support. ii Abstract The goal of this work is description of existing solutions for boot- ing Linux and Windows from fully encrypted devices with Secure Boot. Before that, though, early boot process and bootloaders are de- scribed. A simple Linux distribution is then set up to boot from a fully encrypted device. And lastly, existing Windows encryption solutions are described. iii Keywords boot process, Linux, Windows, disk encryption, GRUB 2, LUKS iv Contents 1 Introduction ............................1 1.1 Thesis goals ..........................1 1.2 Thesis structure ........................2 2 Boot Process Description ....................3 2.1 Early Boot Process ......................3 2.2 Firmware interfaces ......................4 2.2.1 BIOS – Basic Input/Output System . .4 2.2.2 UEFI – Unified Extended Firmware Interface .5 2.3 Partitioning tables ......................5 2.3.1 MBR – Master Boot Record .
    [Show full text]
  • Effective Crypto Ransomawre Detection Using Hardware
    Effective Crypto Ransomawre Detection Using Hardware Performance Counters John Podolanko Department of Computer Science & Engineering The University of Texas at Arlington Supervisor Jiang Ming, PhD In partial fulfillment of the requirements for the degree of Master of Science in Computer Science May 2019 Abstract Systems affected by malware in the past 10 years has risen from 29 million to 780 million, which tells us it is a rapidly growing threat. Viruses, ransomware, worms, backdoors, botnets, etc. all come un- der malware. Ransomware alone is predicted to cost $11.5 billion in 2019. As the downtime, data loss, and financial damages are ris- ing, researchers continue to look for new ways to mitigate this threat. However, the common approaches have shown to yield high false posi- tive rates or delayed detection rates resulting in data loss. My research explores a dynamic approach for early-stage ransomware detection by modeling its behavior using hardware performance counters with low overhead. The analysis begins on a bare-metal machine running ran- somware which is profiled for hardware calls using Intel R VTuneTM Amplifier before it compromises the system. By using this approach, I am able to generate models using hardware performance counters extracted by VTuneTM on known ransomware samples collected from VirusTotal and Hybrid Analysis, and I use that data to train the de- tection system using machine learning techniques. I have shown that hardware performance counters can provide effective metrics for use in detecting and mitigating the ever-growing ransomware threat faced by the world while ensuring no data is lost. ii Acknowledgements The author thanks the supervisory committee for all their guidance, support, and patience.
    [Show full text]
  • NETS1028 06 Backup and Change Mgmt
    Security Design Backup and Change Management System Examination System Configuration Firewalls and Filters Hardening Software Backups and Change Management Access Control and Authentication Virtual Private Networking Logging and Monitoring Security Policy and Management Support SELinux Linux Systems Security NETS1028 LINUX SYSTEMS SECURITY - DENNIS SIMPSON ©2015-2021 Backup • Security breaches can cast doubt on entire installations or render them corrupt • Files or entire systems may have to be recovered from backup • Many tools are available to help with this task in Linux • Two of the more commonly used ones are rsync and duplicity https://en.wikipedia.org/wiki/Rsync http://duplicity.nongnu.org/features.html NETS1028 LINUX SYSTEMS SECURITY - DENNIS SIMPSON ©2015-2021 Legacy Tools • cp is the original way to make a copy of files, but assumptions people make cause problems in using it • GUI-based drag and drop tools make the assumptions problem worse • cpio, tar are archival tools created to copy files to backup media (tape by default) - satisfactory for years but they make it cumbersome to manage backup media https://en.wikipedia.org/wiki/Manuscript_culture • Various software packages provide frontends to these tools in order to make backup/restore easier to manage and more robust NETS1028 LINUX SYSTEMS SECURITY - DENNIS SIMPSON ©2015-2021 Rsync • Rsync has a command line interface which resembles a smart cp, and provides a base for many backup software packages with GUIs • Can preserve special files such as links and devices • Can copy
    [Show full text]
  • Crypto Projects That Might Not Suck
    Crypto Projects that Might not Suck Steve Weis PrivateCore ! http://bit.ly/CryptoMightNotSuck #CryptoMightNotSuck Today’s Talk ! • Goal was to learn about new projects and who is working on them. ! • Projects marked with ☢ are experimental or are relatively new. ! • Tried to cite project owners or main contributors; sorry for omissions. ! Methodology • Unscientific survey of projects from Twitter and mailing lists ! • Excluded closed source projects & crypto currencies ! • Stats: • 1300 pageviews on submission form • 110 total nominations • 89 unique nominations • 32 mentioned today The People’s Choice • Open Whisper Systems: https://whispersystems.org/ • Moxie Marlinspike (@moxie) & open source community • Acquired by Twitter 2011 ! • TextSecure: Encrypt your texts and chat messages for Android • OTP-like forward security & Axolotl key racheting by @trevp__ • https://github.com/whispersystems/textsecure/ • RedPhone: Secure calling app for Android • ZRTP for key agreement, SRTP for call encryption • https://github.com/whispersystems/redphone/ Honorable Mention • ☢ Networking and Crypto Library (NaCl): http://nacl.cr.yp.to/ • Easy to use, high speed XSalsa20, Poly1305, Curve25519, etc • No dynamic memory allocation or data-dependent branches • DJ Bernstein (@hashbreaker), Tanja Lange (@hyperelliptic), Peter Schwabe (@cryptojedi) ! • ☢ libsodium: https://github.com/jedisct1/libsodium • Portable, cross-compatible NaCL • OpenDNS & Frank Denis (@jedisct1) The Old Standbys • Gnu Privacy Guard (GPG): https://www.gnupg.org/ • OpenSSH: http://www.openssh.com/
    [Show full text]
  • Encryption and Anonymity Follow-Up Report
    PALAIS DES NATIONS • 1211 GENEVA 10, SWITZERLAND www.ohchr.org • TEL: +41 22 917 9000 • FAX: +41 22 917 9008 • E-MAIL: [email protected] Mandate of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression Research Paper 1/2018 June 2018 Encryption and Anonymity follow-up report Contents I. INTRODUCTION ............................................................................................................................... 2 II. TRENDS IN STATE RESTRICTIONS ON ENCRYPTION AND ANONYMITY .............................. 3 A. An Overview of State Obligations ........................................................................................................... 3 B. State practice: examples and concerns ..................................................................................................... 4 (i) Bans on Use and Dissemination of Encryption Tools ......................................................................... 5 (ii) Licensing and Registration Requirements .......................................................................................... 5 (iii) Intentional Weakening of Encryption ................................................................................................ 5 (iv) Government Hacking ......................................................................................................................... 7 (v) Mandatory Data Localization and Key Escrows ................................................................................. 8 (vi)
    [Show full text]
  • Taxonomy for Anti-Forensics Techniques & Countermeasures
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by St. Cloud State University St. Cloud State University theRepository at St. Cloud State Culminating Projects in Information Assurance Department of Information Systems 4-2020 Taxonomy for Anti-Forensics Techniques & Countermeasures Ziada Katamara [email protected] Follow this and additional works at: https://repository.stcloudstate.edu/msia_etds Recommended Citation Katamara, Ziada, "Taxonomy for Anti-Forensics Techniques & Countermeasures" (2020). Culminating Projects in Information Assurance. 109. https://repository.stcloudstate.edu/msia_etds/109 This Starred Paper is brought to you for free and open access by the Department of Information Systems at theRepository at St. Cloud State. It has been accepted for inclusion in Culminating Projects in Information Assurance by an authorized administrator of theRepository at St. Cloud State. For more information, please contact [email protected]. Taxonomy for Anti-Forensics Techniques and Countermeasures by Ziada Katamara A Starred Paper Submitted to the Graduate Faculty of St Cloud State University in Partial Fulfillment of the Requirements for the Degree Master of Science in Information Assurance June, 2020 Starred Paper Committee: Abdullah Abu Hussein, Chairperson Lynn A Collen Balasubramanian Kasi 2 Abstract Computer Forensic Tools are used by forensics investigators to analyze evidence from the seized devices collected at a crime scene or from a person, in such ways that the results or findings can be used in a court of law. These computer forensic tools are very important and useful as they help the law enforcement personnel to solve crimes. Computer criminals are now aware of the forensics tools used; therefore, they use countermeasure techniques to efficiently obstruct the investigation processes.
    [Show full text]
  • Security Analysis of the Signal Protocol Student: Bc
    ASSIGNMENT OF MASTER’S THESIS Title: Security Analysis of the Signal Protocol Student: Bc. Jan Rubín Supervisor: Ing. Josef Kokeš Study Programme: Informatics Study Branch: Computer Security Department: Department of Computer Systems Validity: Until the end of summer semester 2018/19 Instructions 1) Research the current instant messaging protocols, describe their properties, with a particular focus on security. 2) Describe the Signal protocol in detail, its usage, structure, and functionality. 3) Select parts of the protocol with a potential for security vulnerabilities. 4) Analyze these parts, particularly the adherence of their code to their documentation. 5) Discuss your findings. Formulate recommendations for the users. References Will be provided by the supervisor. prof. Ing. Róbert Lórencz, CSc. doc. RNDr. Ing. Marcel Jiřina, Ph.D. Head of Department Dean Prague January 27, 2018 Czech Technical University in Prague Faculty of Information Technology Department of Computer Systems Master’s thesis Security Analysis of the Signal Protocol Bc. Jan Rub´ın Supervisor: Ing. Josef Kokeˇs 1st May 2018 Acknowledgements First and foremost, I would like to express my sincere gratitude to my thesis supervisor, Ing. Josef Kokeˇs,for his guidance, engagement, extensive know- ledge, and willingness to meet at our countless consultations. I would also like to thank my brother, Tom´aˇsRub´ın,for proofreading my thesis. I cannot express enough gratitude towards my parents, Lenka and Jaroslav Rub´ınovi, who supported me both morally and financially through my whole studies. Last but not least, this thesis would not be possible without Anna who re- lentlessly supported me when I needed it most. Declaration I hereby declare that the presented thesis is my own work and that I have cited all sources of information in accordance with the Guideline for adhering to ethical principles when elaborating an academic final thesis.
    [Show full text]
  • ERDA User Guide
    User Guide 22. July 2021 1 / 116 Table of Contents Introduction..........................................................................................................................................3 Requirements and Terms of Use...........................................................................................................3 How to Access UCPH ERDA...............................................................................................................3 Sign-up.............................................................................................................................................4 Login................................................................................................................................................7 Overview..........................................................................................................................................7 Home................................................................................................................................................8 Files..................................................................................................................................................9 File Sharing and Data Exchange....................................................................................................15 Share Links...............................................................................................................................15 Workgroup Shared Folders.......................................................................................................19
    [Show full text]
  • Is Bob Sending Mixed Signals?
    Is Bob Sending Mixed Signals? Michael Schliep Ian Kariniemi Nicholas Hopper University of Minnesota University of Minnesota University of Minnesota [email protected] [email protected] [email protected] ABSTRACT Demand for end-to-end secure messaging has been growing rapidly and companies have responded by releasing applications that imple- ment end-to-end secure messaging protocols. Signal and protocols based on Signal dominate the secure messaging applications. In this work we analyze conversational security properties provided by the Signal Android application against a variety of real world ad- versaries. We identify vulnerabilities that allow the Signal server to learn the contents of attachments, undetectably re-order and drop messages, and add and drop participants from group conversations. We then perform proof-of-concept attacks against the application to demonstrate the practicality of these vulnerabilities, and suggest mitigations that can detect our attacks. The main conclusion of our work is that we need to consider more than confidentiality and integrity of messages when designing future protocols. We also stress that protocols must protect against compromised servers and at a minimum implement a trust but verify model. 1 INTRODUCTION (a) Alice’s view of the conversa-(b) Bob’s view of the conversa- Recently many software developers and companies have been inte- tion. tion. grating end-to-end encrypted messaging protocols into their chat applications. Some applications implement a proprietary protocol, Figure 1: Speaker inconsistency in a conversation. such as Apple iMessage [1]; others, such as Cryptocat [7], imple- ment XMPP OMEMO [17]; but most implement the Signal protocol or a protocol based on Signal, including Open Whisper Systems’ caching.
    [Show full text]
  • Winzip Download Free Windows 10 Winzip App for Windows
    winzip download free windows 10 WinZip App for Windows. WinZip is a useful application for those who need to compress, extract, and archive files on a regular basis. It allows you to compress documents to save space on your computer and to make it easier to share files with other people. This software also allows you to extract any documents from archives and unpack compressed files. WinZip for PC is one of the most popular and well-known programs for compression. Interface. The interface is very straightforward and easy to use. WinZip for Windows has a basic layout with a toolbar and menu bar at the top. The toolbar has 5 buttons: New, Open, Extract, Send, and Exit. The left side of the screen is where the documents are displayed in a list. To view a file, just click on it in the list. The right-hand side of the screen is where the tools are displayed. The list of documents in the left-hand menu and the tools in the right-hand menu are an easy way to navigate through the interface. Usability. It is very easy to use. The interface is straightforward and the user interface is really simple. Free Windows WinZip is very easy to drag and drop files into the program and to select the desired compression level. The usability is very good and it is really easy to navigate through the interface. Functionality. It is perfect for compressing, extracting, and archiving documents. It allows users to select the compression level and the output format. Files can be compressed in any formats such as .zip, .rar, and .tar.
    [Show full text]
  • Winter 2016 E-Newsletter
    WINTER 2016 E-NEWSLETTER At Digital Mountain we assist our clients with their e-discovery, computer forensics and cybersecurity needs. With increasing encryption usage and the recent news of the government requesting Apple to provide "backdoor" access to iPhones, we chose to theme this E-Newsletter on the impact data encryption has on attorneys, litigation support professionals and investigators. THE SHIFTING LANDSCAPE OF DATA ENCRYPTION TrueCrypt, a free on-the-fly full disk encryption product, was the primary cross-platform solution for practitioners in the electronic discovery and computer forensics sector. Trusted and widely adopted, TrueCrypt’s flexibility to perform either full disk encryption or encrypt a volume on a hard drive was an attractive feature. When TrueCrypt encrypted a volume, a container was created to add files for encryption. As soon as the drive was unmounted, the data was protected. The ability to add a volume to the original container, where any files or the folder structure could be hidden within an encrypted volume, provided an additional benefit to TrueCrypt users. However, that all changed in May 2014 when the anonymous team that developed TrueCrypt decided to retire support for TrueCrypt. The timing of TrueCrypt’s retirement is most often credited to Microsoft’s ending support of Windows XP. The TrueCrypt team warned users that without support for Windows XP, TrueCrypt was vulnerable. Once support for TrueCrypt stopped, trust continued to erode as independent security audits uncovered specific security flaws. In the wake of TrueCrypt’s demise, people were forced to look for other encryption solutions. TrueCrypt’s website offered instructions for users to migrate to BitLocker, a full disk encryption program available in certain editions of Microsoft operating systems beginning with Windows Vista.
    [Show full text]
  • Message-Layer Encryption in Ricochet
    Message-Layer Encryption in Ricochet by Liam Kirsh Computer Science Department College of Engineering California Polytechnic State University 2017 Date submitted: 06/07/17 Advisor: Dr. Bruce DeBruhl Table of Contents Background.........................................................................................3 Project Goals.......................................................................................6 Stronger cryptography................................................................................................6 Support for relay nodes..............................................................................................6 Implementation...................................................................................7 Choice of cryptographic protocol...............................................................................7 GPGME cryptographic library...................................................................................8 Modifications to the Ricochet client........................................................................10 Future Improvements........................................................................10 Use of the Signal Protocol in Ricochet....................................................................10 Use of Off-the-Record Messaging in Ricochet........................................................11 Ephemerality in D-H................................................................................................11 Ricochet Relays........................................................................................................11
    [Show full text]