by Phil WilmotOctober 30, 2019
A growing obsession with digital security among human rights organizations and progressive donors in East Africa seems to be compromising the efficacy of once-impactful movements. How? For one thing, it’s detracting from planning offensive movement strategy. Second, it’s diverting focus away from countering widely prevalent traditional forms of repression and surveillance (such as spying, trailing, and co-optation).
Imagine a defensively sound football team, lacking talented strikers, that continues to blow its money on additional defenders. These prolific defenders train only in preventing opposing goals and form no counter-attacking strategy. At best, this team will turn a few would-be losses into draws, but will not often win matches.
In the past year, I have received invitations to attend no less than five trainings on digital security. These trainings, usually facilitated by foreigners or professionals with no experience in grassroots organizing, are often held at luxurious hotels owned by the well-connected. I have not personally attended any. (I'll explain why and unpack how training can sometimes be counterproductive for movements in a future post.)
It’s hard to pinpoint exactly where the trend of heavy investment in digital security began. Perhaps East Africa’s smartphone proliferation has triggered such explosive interest. Human rights organizations and institutional partners now ask those of us at Solidarity Uganda about our security protocols more than any other topic, despite the existence of our innovative, well-organized rapid response department that continues to effectively leverage the power of backfire against those who abuse us. I often wonder whether these comrades want us to eliminate all risk to our defense before beginning the important offensive work.
In 2015, Privacy International published a report on the Ugandan government’s use of FinFisher malware and secret partnerships with European security tech firms like Hacking Team. I would have been pleased to find Uganda the exception as an East Africa surveillance state, but unfortunately, all countries in the region are as Orwellian as one may fear.
Digital espionage notwithstanding, the greater threat to East African lives is the traditional surveillance networks upon which dictators continue to rely. I have been followed regularly, and even attacked in Uganda. I have been detained with others I later learned were spies. I’ve sat in meeting after meeting with those I know to be imposters. In the course of researching minority activists in Juba, South Sudan, the National Security—an extrajudicial armed group of plain-clothes operatives—tailed a colleague and me throughout the city.
Sadly, my experiences align with those of many others doing even modest human rights work. The offices of politically moderate NGOs are being raided and shut down across East Africa.
As much as digital surveillance is increasingly worrisome, autocrats in the region are still predominantly relying on old-school espionage. Their main weapons are humans: taxi drivers, shop owners, teachers, churchgoers.
The way human surveillance in the region often works is that an elite person employs vigilantes directly under them. These vigilantes delegate intelligence-gathering tasks to community members who are on no official state payroll but receive cash payments from their immediate superiors.
This method is fairly cheap for the government, but it also creates vulnerabilities. Since the structure relies on the trust of community members, targets of state surveillance are often able to penetrate the same structure from the bottom, to gather information on top officials. As Sun Tzu’s The Art of War aptly advises, spies are often committed to no particular ideology and can be co-opted through various means.
I’ve attempted to find activists in East Africa consciously trying to leverage the existence of community spy networks to their own political advantage, and came across someone who uses the pseudonym Faluk Umuhoza. Umuhoza, like many activists in East Africa, has more than her fair share of surveillance agents tracking her moves, but she decided to withdraw from political activities recently. This has given her insight into how the system works. She told me:
“I’ve gone completely neutral. I don’t appear at human rights conferences or engage in inflammatory political discussion on social media like I used to.”
“When I tell [people who are surveilling me that] I’ve stepped away from political affairs—and in most manners of speaking, I have—it builds a certain kind of trust,” she said. “Sometimes they even open up to me about their surveillance duties. I’ve learned about their structure.”
So how can we know that we are developing an obsession with digital security that is becoming counterproductive to our goals? The following are a few examples of warning signs:
When I push back against overinvestment in security, it is often misheard as a radical purist’s desire to embrace danger. I advocate nothing of the kind for the vast majority of movements participants. My hope is to divert resources away from unproductive defensive work, and toward the urgent and more impactful work of nonviolent resistance.
Taking risks that are not strategic will not benefit our struggles at all, but neither will stepping onto the playing field without a plan to win.
When digital security experts make a two-hour visit to organizations (or organizers) and assess their practices and situations, they're often able to provide very context-specific suggestions that can be implemented. This to me is more impactful than a five-day workshop on digital security at the Hilton.
But most people don’t have regular access to digital security experts. Thankfully, activists have the agency to improve their own security by embracing some general guidelines:
Phil Wilmot is a former ICNC Learning Initiatives Network Fellow, co-founder of Solidarity Uganda, and a member of the Global Social Movement Centre and Beautiful Trouble. Phil writes extensively on resistance movements and resides in East Africa. Write to Phil at phil@beautifultrouble.org.
Read More