humanitarian.info

Michael Kleinman poses the question:

how best to secure sensitive information and communications in the field. A post which could just as easily be titled “how to try and keep the Sudanese Government (or insert other oppressive regime) from reading everything on your computer.”

It’s no secret – here at humanitarian.info, we believe that the humanitarian community is criminally negligent when it comes to protecting its information, particularly when it comes to beneficiary information. Dear NGO: although the Sudanese government is wading through your computer files right now, it probably had access to them even while you were still in the country, usually by applying pressure to your national staff to co-operate, so it’s a bit late to start complaining.

Still, there are solutions: Michael points to NGO Security in a Box, a product which I have no hesitation in endorsing, so download it today and use it immediately. You might also want to check out the McCumber Cube as a useful analytical tool, and get your IT and security staff sitting around the same table for once. How else can you start?

• Encryption. GnuPGP is free – why not use it on documents and communications that you wouldn’t like the secret police to see? Even Windows can manage PGP encryption, although you’ll probably need to budget for it.
• Anonymisation. There are some great resources for activist bloggers – start with the Handbook for Cyberdissidents, the chapter Technical Ways to Get Around Censorship to help you shield key communications.
• Physical partition. Keep sensitive data – for example, personal information about beneficiaries – physically and digitally separate from non-sensitive data. Why not make different staff responsible for different datasets?
• Backup. At least two backups of all vital data – one onsite, one offsite, preferably both updated daily. Go and do it now. You can use services like DropBox to synch across machines.
• Geek out, and work entirely from a portable USB stick that never leaves your key-chain.

There’s literally hundreds of steps that you can take to inform yourself and improve digital security for yourself and your organisation, but I’m comfortable saying that most international NGOs working in Sudan weren’t doing any of them. I’m ranting again, aren’t I? I’ll go and lie down.