The internet has become a hotly contested space, one where governments, civil society groups, journalists and human rights defenders struggle to support (or control) the flow of information and opinion.
Governments in particular have shown an increasing tendency to securitize the internet and crack down on certain types of online activity, most often citing reasons of national security. The United States, for example, has dramatically scaled up its ability to conduct cyberwarfare, crafting rules of engagement and establishing its own Cyber Command.
Nowhere is the trend toward securitization more evident today than in Syria, where the Assad regime is engaged in the unapologetic surveillance of its citizens and a ruthless cyberwar campaign against online critics and opponents. Syria’s efforts to control its online space include the use of social media to identify (and spy upon) political opponents, online misinformation campaigns and strategic shutdowns of the internet in regions facing political unrest.
These internet blackouts often coincide with kinetic (real world) attacks, revealing a clear disposition to treat the internet as a legitimate zone of conflict. Particularly troubling is the government’s public support of the government’s public support of the Syrian Electronic Army , a zealous pro-government hacker group whose stated goals are to intimidate online critics, disrupt their activities and ultimately silence dissent.
But every war has its collateral damage, and the Syrian cyberwar is no different. In male-dominated societies, the internet offers an unprecedented opportunity for women’s voices to be heard and for women’s human rights defenders (WHRDs) to collectively organize, both with local and international partners. However, the securitization of the internet, and the spillover of conflict into online spaces, is quickly eroding this platform for free expression.
In the midst of the Syrian conflict, the work of women’s human rights defenders has become highly constrained. Limited access to ICTs, self-censorship due to widespread surveillance and a general lack of technical knowledge permeate the space and expose WHRDs in particular to inordinate risks.
In spite of the dangers, Syrian women continue to actively use the internet, organizing demonstrations via social media, documenting the widespread use of rape as a weapon and posting videos in protest of the regime’s brutal tactics. However, those WHRDs who choose to use the internet for their work are taking a great risk, as the regime and the SEA are quick to retaliate against anyone deemed to be spreading ‘misinformation’.
Social media as a weapon
Popular social media sites have become a double-edged sword for WHRDs. While sites like Facebook and Twitter are an effective means of reaching a wide audience quickly, they are a godsend to government security agencies intent on surveillance.
Facebook and Twitter’s obfuscated privacy policies and lack of sufficient safeguards mean that WHRDs may be inadvertently putting themselves at risk, sharing their private information without their consent or knowledge. Link analysis of social media profiles can be used to map activists’ networks and may render friends and family guilty by association.
While these risks are no doubt important, Assad’s regime has chosen to engage the social media space directly. Rather than rely on mere passive surveillance, government security forces have sought to actively compromise the social media accounts of activists.
After having blocked Facebook since 2007, in February 2011 Syrians went online to discover that the site was spontaneously available again. However, unbeknownst to its users, pro-government hackers had spoofed the login page through a compromised security certificate. Those who attempted to log into the site had then unknowingly transmitted their usernames and passwords to an unknown source, leaving their profiles wide open.
Drawing further parallels with traditional warfare, the Syrian cyberwar has seen the rise of proxy groups wreaking havoc in online spaces. The pro-regime Syrian Electronic Army (SEA) has conducted an extensive online campaign of disruption and terror since the conflict began, spamming opposition Facebook groups and critical media articles and defacing websites deemed to be hostile to Assad.
Like many paramilitary groups, the SEA has shown little discrimination in selecting its targets, defacing the websites of local businesses and organizations which are at best only tangentially related to the opposition movement.
While they claim no outright affiliation to the government, the SEA has received public support from Assad himself who openly praised their activities, labeling the group a “real army operating in virtual reality.” A consequence of the group’s unofficial status is the complete lack of accountability. Nevertheless, owing to the government’s tacit support, the SEA appears to operate with impunity and makes little distinction between armed revolutionaries and peaceful critics.
How to avoid being caught in the crossfire
First and foremost, it is crucial to recognize that women human rights defenders typically face much greater risks than their male counterparts. The report of the United Nations Special Rapporteur on the situation of human rights defenders found that women are most at risk because “women defenders are perceived as challenging accepted socio-cultural norms, traditions, perceptions and stereotypes”. In light of this, it is clear that technical training geared towards the specific and unique threats facing WHRDs is essential.
Despite this need, there has been a conspicuous lack of training dedicated specifically for women rights defenders, and the trainers themselves are almost exclusively men. This lack of technical knowledge jeapordizes the work of countless organizations and individuals and puts them in harm’s way unnecessarily.
For instance, many rights defenders place their trust in popular tools, most of which are not intended for high-risk users. Most popular applications were not designed with security in mind – they typically don’t use strong encryption and so leave their users vulnerable to passive network surveillance. However, there are many good, open source alternatives for secure communications – WHRDs need to be trained in the use of these cryptographic tools so that they can take appropriate precautions to protect their communications.
Whichever application one decides to use, it’s important to recognize that security is a mindset, not a set of tools. This is a problem that must be addressed at the communal and organizational level: women’s rights groups and their networks must foster a culture of security, following the mantra that everyone is secure or no one is secure.
The emerging use of the internet as a battleground shows no signs of slowing. Women rights defenders must adjust to this new reality or risk getting caught in the crossfire.
On the ground in Syria
GenderIT’s Jennifer Radloff spoke with Hadi Abu-Nassir of the Tactical Technology Collective a Syrian activist now living in exile.
What issues are you thinking about in the area of online security and privacy that have impact on your work with WHRDs?
“Razan Ghazzawi”:http://bit.ly/RWmQmn is an example of many women’s rights activists and documenting women’s rights abuses in Syria.
Overall we’ve found that WHRDs are not very aware of digital security and privacy risks. They often use Facebook and blogging sites that are not designed for documenting human rights violations and not secure enough to do this kind of work.
The use of these centralised, commerical tools for human rights work really does not work. They do not respect women’s human rights defenders – in fact it is the last thing that they think about. The policy of private companies is more about collecting data about people than protecting their privacy. So I think what actually is missing are secure alternatives to the tools that human rights activists are using right.
And there are other risks to using proprietary software to document human rights abuses. Youtube, for instance, has more than 200,0000 videos taken by activists who’ve witnessed or experience torture and other rights violations. But these servers may not be the most secure, and they could easily be removed by the private company who operates them. We could lose all that information and documentation.
There are some other tools available, but activists need to be informed about them and receive technical training to learn how to use them properly and safely.
What strategies can be implemented to ensure the security and safety of WHRDs?
There is an interesting initiative called Privacy by Design. It provides a framework for building privacy directly into products and services to make them more secure, not just for human rights activists but for everyone. It is tremendously important to support initiatives like this. _ _ Right now Privacy by Design is a very small groups of developers and does not have much funding. Governments, instead of protecting people’s privacy, are drafting surveillance legislation like SOPA and PIPA, and private companies are always coming up with new ways of tracking their customers and collecting their information.
Interestingly, it’s not just human rights defenders who need to communicate securely, but also the funding organisations and journalists who interact with them. It’s very important to create a culture of security that is based not just in using safer technologies but in behavioral change.
How can we best build a coordinated response to violations of internet freedoms specific to WHRDs?
The Connect Your Rights Dialogue was very useful because we finally had techies, lawyers and women’s rights activists in the same room. We need these different actors to come together and share expertise. Human rights activists know the contexts and threats and knowing these contexts is critical. Right now we always try to coordinate the work informally which takes more time. e.g I get a request from a human rights activist in Burma asking how to mitigate a threat to his website. Referring to different entities and networks takes time so I think building this network so we can coordinate faster and better would be beneficial to all.
We should also coordinate with organisations that work on privacy and security issues, as there is a lot of work being done in that space. We should combine our efforts rather than duplicate work again and again. We also need somewhere where all the tools and resources are collected in one place.
This article is a part of APC’s “Connect your rights: Internet rights are human rights” campaign financed by the Swedish International Development Cooperation Agency .