Digital Security

  • Digitaalinen turvallisuus kuuluu kaikille

    English

    Auli Starck, Kepa, Suomi, CIVICUS-jäsenjärjestö

    DigitalSecurity FollowupGDPR-viestit, uutiset Facebookin tietoturvaongelmista ja sähköpostin tietojenkalasteluviesteiltä. Oman yksityisyyden suojaaminen on digitalisaation myötä yhä olennaisempaa myös kansalaisjärjestöille.

    Mutta miten digitaalinen turvallisuus liittyy kansalaisyhteiskunnan tilaan? Parhaimmillaan se tukee sananvapautta ja turvaa kansalaisyhteiskunnan oikeudet toimia. Pahimmillaan sen puute on turvallisuusriski. Digitaalinen turvallisuus on kuitenkin myös paljon muuta.

    Osallistuin kesäkuun alussa Civicuksen ja Access Now:n koulutukseen digitaalisesta turvallisuudesta ja sen linkittymisestä kansalaislaisyhteiskunnan tilaan. Armeniassa järjestettyyn koulukseen osallistui Euroopasta ja Aasiasta kattojärjestöjen edustajia sekä ruohonjuuritason toimijoita ja aktivisteja, joiden toimintamahdollisuuksia ja jopa turvallisuutta riittämätön tietoturva uhkaa.

    Itse mietin koulutuksen aikana digitaalista turvallisuutta pitkälti siltä kannalta, miten meidän suomalaisten järjestöjen kannattaisi toimia, jotta emme tahtomattamme aseta kumppaneitamme vaaraan. Kun toimitaan maissa, joissa internetin käyttöä rajoitetaan, puhelimia kuunnellaan, sähköpostia seurataan ja viestintää sensuroidaan, on tärkeää tiedostaa ja ennaltaehkäistä riskit. Näillä vinkeillä voit lähteä liikkeelle:
  • New digital security law a further blow to media freedom and free expression in Bangladesh
    • The Digital Security Act was passed despite protests from civil society and journalists
    • DSA  incorporates other legislation that has been systematically used to silence dissent
    • New law comes amid a growing, brutal crackdown on peaceful protests and dissent  
    • No safety of journalists in the digital age if impunity persists

      Statement at the 50th Session of the UN Human Rights Council

       Interactive Dialogue with Special Rapporteur on Freedom of Expression

      Delivered by Nicola Paccamiccio

      Thank you Mr President,

      We welcome the report of the Special Rapporteur and share the concerns over the increasing vilification, targeting and criminalisation of journalists and media workers.

      Journalists play a critical role in reporting on violations of fundamental rights, and the ability of journalists to work safely and without fear is a critical component of civic space.

      In Sri Lanka and Kazakhstan, journalists have been attacked and arrested while reporting on protests. In Kenya and Mexico, attacks against journalists have continued unabated, with impunity. In Hungary, political interference by the government has significantly undermined media freedom. All five countries, along with Chad, are currently on CIVICUS’s Watchlist for their serious, and rapid decline in respect for civic space.

      The digital age has reinforced these existing threats and created new ones to the safety of journalists.

      “Fake news’’ laws are used to target journalists and media workers not in line with governments’ official positions. In Russia, journalists can face criminal penalties of up to 15 years in prison for disseminating allegedly ‘false information’ about Russian armed forces in Ukraine.

      Digital surveillance is increasingly used to monitor journalists. In India, the Pegasus Spyware has been employed to target at least 300 journalists, diplomats, and activists. Biometric technologies are utilised to identify and target protesters and journalists covering protests.

      Given that the digital age has brought further menaces to the safety of journalists and a chilling effect on freedom of expression, we ask the Special Rapporteur what States should do to end impunity for human rights violations against journalists and media workers?

       We thank you.
    • THAILAND: ‘Spyware was used to monitor protesters’ online activity’

      Sutawan ChanprasertCIVICUS speaks about the use of surveillance technology against civil society activists in Thailand with Sutawan Chanprasert, founder and executive director of DigitalReach, a civil society organisation (CSO) that promotes digital rights, human rights and democracy in Southeast Asia.

      What is DigitalReach working on?

      DigitalReach is a digital rights organisation working in southeast Asia. We are looking at the impact of technology on human rights and democracy in the region. We initiated this project with a focus on the use of Pegasus spyware in Thailand and reached out to The Citizen Lab and iLaw for collaboration. This is because iLaw is a well-known organisation based in Thailand with a great connection with local activists, and The Citizen Lab is well-known for its expertise in spyware investigation.

      What were the main findings of this research?

      Pegasus spyware, which is produced by NSO group and sold only to state agencies, can infect devices (both iOS and Android) through a technology called ‘zero click’, which means that it needs no action on the part of the targeted user. Once the spyware is installed, it can gain access to everything on the device, including photos and text messages, and can turn the camera and microphone on and off.

      In Thailand, this spyware has been used against at least 35 iPhone users: 24 activists, three CSO workers, three academics and five opposition politicians. These infections happened between October 2020 and November 2021, which was peak time for the democracy movement.

      There were three reasons why the spyware was used against dissidents: to monitor protesters’ online activity, to monitor the protests and to find out more about the movement’s funding. On the basis of forensic evidence, The Citizen Lab confirmed that zero-click technology was used, exploiting vulnerabilities in the system to gain access to the devices.

      This was likely not the first time spyware was used against activists in Thailand, but we have no evidence to confirm this suspicion. Other digital surveillance tools have also been used: as detailed in our report, GPS devices were found attached to some dissidents’ vehicles during democracy mobilisations.

      How did the government react to your findings?

      On 22 July the Prime Minister said in parliament that he does not know anything about this spyware, and he added that such spyware would be unnecessary as we all knew what was going on from social media. The Deputy Minister of Defence also declared in parliament that it is not the government’s policy to use spyware against people or ‘generally’ violate their rights. Meanwhile, the Minister of Digital Economy and Society stated in parliament that spyware technology had been purchased but not by a department or agency under his authority. However, he referred to it generically as ‘spyware technology’, without ever confirming that he was referring to Pegasus.

      Is there anything CSOs and activists can do to counter spyware?

      Spyware is considered a dual-use item, which means it can also be useful in criminal investigations. However, we all know this is not always the case. In Thailand and many other countries, spyware has been used against dissidents and members of the opposition, which means that the technology needs to be strictly regulated so it’s not abused. However, it’s hard to see that happening under the current administration, as the government itself is the likely perpetrator. Only policymakers who care about human rights will be able to make progress on this.

      As for individual activists, there is no total solution to prevent a device from being infected by this kind of spyware. However, exposure to this threat can be reduced in several ways, such as by using two-factor authentication, using a security key or an authenticator app rather than an SMS, using a messaging platform with the disappearing message feature and by enrolling in Google’s Advanced Protection Program.

      What can the international community do to support Thai activists facing surveillance?

      This is a tricky question. Thailand doesn’t currently have an active local digital rights organisation, so working on this would be a good first step to increase digital security protection. The global community that works on digital security can play an important role. However, training activities offered in Thailand must be conducted in the local language and customised to fit the Thai context.

      There’s also a need for digital security work in Thailand that goes beyond training, including monitoring to watch for emerging digital threats against dissidents, more research and work with local activists and organisations to ensure their long-term digital safety with a sustainable approach. Funding is also needed because local activists and organisations must buy tools to support their digital security.

      Civic space in Thailand is rated ‘repressed’ by theCIVICUS Monitor.
      Follow DigitalReach via itswebsite and follow@DigitalReachSEA on Twitter.
    • We need new ways to protect people in the digital era

      By Danny Sriskandarajah

      In an age of ever-advancing, ever-encroaching technology, how do we ensure that our basic rights are protected? New technologies and the speed of progress these days may have many positive impacts on our lives but the fact that they are poorly regulated and hardly understood by the public, poses serious threats.

      Read on: The Sydney Morning Herald 

       
COMMUNIQUEZ AVEC NOUS

Canaux numériques

Siège social
25  Owl Street, 6th Floor
Johannesbourg,
Afrique du Sud,
2092
Tél: +27 (0)11 833 5959
Fax: +27 (0)11 833 7997

Bureau pour l’onu: New-York
CIVICUS, c/o We Work
450 Lexington Ave
New-York
NY 10017
Etats-Unis

Bureau pour l’onu : Geneve
11 Avenue de la Paix
Genève
Suisse
CH-1202
Tél: +41.79.910.34.28