As regimes in China and beyond increase their monitoring of online activity, cybersecurity has become a key battleground for journalists, activists and ordinary citizens. In a new manual, human rights organization Safeguard Defenders shows how to protect one’s computers and phones against snooping. Some of the advice will be particularly useful for Taiwanese Internet users.
In an article on Taiwan Sentinel in September I described how the Chinese government enjoys full access to a majority of Chinese social media services. The risks associated with such monitoring became obvious during Taiwanese activist Lee Ming-che’s recent show trial, where content from messaging services such as WeChat and QQ was used as evidence against him in a Chinese courtroom.
More notably, the court indictment also accused Lee of having “attacked China’s government” on Facebook “and the like.” It is simply not enough to refrain from using domestic Internet services in order to steer clear from being monitored by the Chinese authorities, especially given that companies like Facebook are increasingly cooperating with the Chinese regime in a bid to gain market access. Cybersecurity awareness is therefore more important than ever.
To address this, human rights organization Safeguard Defenders is releasing this week its free manual Practical Digital Protection — Defense Beyond Technology in four different languages. It offers extensive instructions “for those at risk in hostile environments” on how to protect one’s computer and smartphone, as well as strengthening digital security in general. Based on years of evolving practises, the manual has been developed together with local lawyers, rights defenders, journalists and NGOs.
The extensive 128-page English-language manual is a direct translation from the Chinese version, and tailored for readers who have to cope with conditions in a Chinese context. For their part, the Vietnamese and Turkish manuals were authored with help from local activists to better address specific conditions in those countries.
Delete for real
While the primary target group is rights defenders or individuals who risk detention or interrogations related to their work, the advice provided in the manual is also useful for anyone concerned about maintaining greater digital security. So says Michael Caster, a human rights advocate who was involved in creating the manual: “[The manual] is designed to be practical and can easily be translated into the daily routines of average citizens.”
Many digital security manuals, Caster says, are too universal to address local threats and needs. Practical Digital Protection therefore focuses more on behavioral measures than technical solutions. With relatively simple changes in user behavior, it is possible to considerably increase security and safety for yourself as well as your partners and sources.
“Perhaps the most important points is the emphasis on maintaining a dual browser and rethinking deletion.” he says. That means keeping one Internet browser with higher security settings where passwords or data is never saved. “People seldom realize that when they click ‘delete’ they aren’t really deleting anything,” Caster says, adding that the chapter on deletions is particularly important for information that could be harmful if it were recovered by a hostile party.
With relatively simple changes in user behavior, it is possible to considerably increase security and safety for yourself as well as your partners and sources.
Other behavioral changes includes the concept of a “zero inbox” and something as simple as never using the “reply” function to reply to an e-mail. (Writing a new mail will exclude the text from earlier correspondence that would otherwise appear below.)
The manual also explains how to share information with someone who might be at risk, and which cloud services do a good job protecting your data. There are also recommendations on which safe apps to use, as well as safe browsers and settings for those. The detailed guide for encryption will also be useful to many.
The manual consists of four parts. The first focuses on knowing your risks and is designed to help people analyze their specific situation and potential threats. It also includes some recommended basic settings and steps to make a computer safer. The second part — the longest and most important — deals specifically with computer security and includes chapters on encryption and secure browsing.
Much of the advice is also relevant for smartphones, and the third part of the manual addresses security for hand-held devices. As a phone will always be more vulnerable than a computer, it is therefore advisable to limit as much of the potentially sensitive activities to one’s computer. A fourth, short part covers preventive security.
The manuals can be downloaded online for free. Readers who have no time to read the full 128 pages can also benefit from the 20-page introduction and summary of the full report called The Introduction: Behaviour-based Cybersecurity.
Useful in Taiwan
Caster maintains that much of the advice made in the manual is especially useful for a Taiwanese audience, as China is becoming more assertive regarding its territorial interests there. “As China becomes more emboldened it will likely continue to [target] Taiwanese citizens as it has in China, Hong Kong, or indeed around the world,” he says, adding that the manual is just as relevant for rights defenders within China as for anyone who might be targeted by the Chinese government elsewhere.
“This certainly includes Taiwanese citizens from anti-death penalty advocates and democracy researchers to anyone active in social media,” he says.
If anything, the fate of Lee Ming-che is proving just that.