Minds of the Movement
An ICNC blog on the people and power of civil resistance
The Right2Know Campaign (South Africa) challenges state and private security when laws, policies, or practice obstruct protest, including through the electronic and offline surveillance of activists. Source: Twitter account @r2kcampaign
A growing obsession with digital security among human rights organizations and progressive donors in East Africa seems to be compromising the efficacy of once-impactful movements. How? For one thing, it’s detracting from planning offensive movement strategy. Second, it’s diverting focus away from countering widely prevalent traditional forms of repression and surveillance (such as spying, trailing, and co-optation).
Imagine a defensively sound football team, lacking talented strikers, that continues to blow its money on additional defenders. These prolific defenders train only in preventing opposing goals and form no counter-attacking strategy. At best, this team will turn a few would-be losses into draws, but will not often win matches.
In the past year, I have received invitations to attend no less than five trainings on digital security. These trainings, usually facilitated by foreigners or professionals with no experience in grassroots organizing, are often held at luxurious hotels owned by the well-connected. I have not personally attended any. (I'll explain why and unpack how training can sometimes be counterproductive for movements in a future post.)
It’s hard to pinpoint exactly where the trend of heavy investment in digital security began. Perhaps East Africa’s smartphone proliferation has triggered such explosive interest. Human rights organizations and institutional partners now ask those of us at Solidarity Uganda about our security protocols more than any other topic, despite the existence of our innovative, well-organized rapid response department that continues to effectively leverage the power of backfire against those who abuse us. I often wonder whether these comrades want us to eliminate all risk to our defense before beginning the important offensive work.
The Real Surveillance Challenge in East Africa
In 2015, Privacy International published a report on the Ugandan government’s use of FinFisher malware and secret partnerships with European security tech firms like Hacking Team. I would have been pleased to find Uganda the exception as an East Africa surveillance state, but unfortunately, all countries in the region are as Orwellian as one may fear.
Digital espionage notwithstanding, the greater threat to East African lives is the traditional surveillance networks upon which dictators continue to rely. I have been followed regularly, and even attacked in Uganda. I have been detained with others I later learned were spies. I’ve sat in meeting after meeting with those I know to be imposters. In the course of researching minority activists in Juba, South Sudan, the National Security—an extrajudicial armed group of plain-clothes operatives—tailed a colleague and me throughout the city.
Sadly, my experiences align with those of many others doing even modest human rights work. The offices of politically moderate NGOs are being raided and shut down across East Africa.
As much as digital surveillance is increasingly worrisome, autocrats in the region are still predominantly relying on old-school espionage. Their main weapons are humans: taxi drivers, shop owners, teachers, churchgoers.
Infiltrating Espionage Networks
The way human surveillance in the region often works is that an elite person employs vigilantes directly under them. These vigilantes delegate intelligence-gathering tasks to community members who are on no official state payroll but receive cash payments from their immediate superiors.
This method is fairly cheap for the government, but it also creates vulnerabilities. Since the structure relies on the trust of community members, targets of state surveillance are often able to penetrate the same structure from the bottom, to gather information on top officials. As Sun Tzu’s The Art of War aptly advises, spies are often committed to no particular ideology and can be co-opted through various means.
I’ve attempted to find activists in East Africa consciously trying to leverage the existence of community spy networks to their own political advantage, and came across someone who uses the pseudonym Faluk Umuhoza. Umuhoza, like many activists in East Africa, has more than her fair share of surveillance agents tracking her moves, but she decided to withdraw from political activities recently. This has given her insight into how the system works. She told me:
“I’ve gone completely neutral. I don’t appear at human rights conferences or engage in inflammatory political discussion on social media like I used to.”
“When I tell [people who are surveilling me that] I’ve stepped away from political affairs—and in most manners of speaking, I have—it builds a certain kind of trust,” she said. “Sometimes they even open up to me about their surveillance duties. I’ve learned about their structure.”
How to Know When You’re Not Passing the Ball to Your Strikers
So how can we know that we are developing an obsession with digital security that is becoming counterproductive to our goals? The following are a few examples of warning signs:
- Discussions around risk management are gravitating toward risk elimination, and they’re crowding out other movement work to the point of paralysis
- Members will not take much action—even safe action—until they are given security training
- The CIA’s instructions in the Simple Sabotage Field Manual are being unintentionally put to use
When I push back against overinvestment in security, it is often misheard as a radical purist’s desire to embrace danger. I advocate nothing of the kind for the vast majority of movements participants. My hope is to divert resources away from unproductive defensive work, and toward the urgent and more impactful work of nonviolent resistance.
Taking risks that are not strategic will not benefit our struggles at all, but neither will stepping onto the playing field without a plan to win.
Common Sense Tips
When digital security experts make a two-hour visit to organizations (or organizers) and assess their practices and situations, they're often able to provide very context-specific suggestions that can be implemented. This to me is more impactful than a five-day workshop on digital security at the Hilton.
But most people don’t have regular access to digital security experts. Thankfully, activists have the agency to improve their own security by embracing some general guidelines:
- No sensitive names or places shared over phone, text, or Facebook messenger.
- Download appropriate apps to all relevant devices for encrypted messaging, email, website hosting, cloud storage, etc.
- Know that you are always being followed (even if in reality you are not), and inform trusted people where you are going and when you intend to return. Become comfortable with the reality that your opponents have the necessary resources to manually track you at will if they wish to do so.
- Get professional psychological support as often as possible, even if you don’t think you need it. Create structured time to talk about fears with your comrades. Living permanently in a hypervigilant state produces trauma, and a traumatized brain cannot easily strategize.
- You cannot be 100% vigilant 100% of the time. When disaster inevitably strikes, you'll need a working group ready to act on your behalf. This team should be able to decide when their goal is simply to ensure your survival, and when their goal is to leverage the incident back against your transgressors to disincentivize future repression (see Brian Martin's "Backfire Basics").
- Your community is your best security.
- Your team should be aware of these above tips and put them into practice, and it helps to have one or two trusted tech-savvy experts meet with you from time to time to lend a hand.
