MY SHADOW - A DIGITAL SECURITY PROJECT
Project Background
In Kenya, oil, gas, minerals, forests, wildlife and other natural resources are found in abundance. However, indigenous communities who depend on these ecological environments are often disregarded by corporations and governments who exploit these resources. Out of this situation, a network of Journalists, Bloggers, Human Rights Defenders (HRDs) and Activists emerges. Nonetheless, the HRDs work is plagued by threats, assaults, arbitrary-arrests, detention, kidnappings and sometimes murder. Their rise on online activism has prompted the government to develop/deploy surveillance technologies in monitoring communications, censoring digital-information and cracking-down on HRDs. Given these challenges, Journalists, Bloggers and HRDs are asked to enhance their Digital Security.
As a direct consequence, many HRDs and other ‘At-Risk-Individuals’ across Kenya are deciding not to communicate or share information online, because of security risks involved, fear for their safety, partly due to the introduction of Cyber-crime Bill of 2016 and because of State sponsored system hackings.
The Enduring Voices Foundation is working together with HRDs and other ‘At-Risk-Individuals’ in carrying out non-violent Capacity Building training programs and outreach activities that will help then in accessing:
As a direct consequence, many HRDs and other ‘At-Risk-Individuals’ across Kenya are deciding not to communicate or share information online, because of security risks involved, fear for their safety, partly due to the introduction of Cyber-crime Bill of 2016 and because of State sponsored system hackings.
The Enduring Voices Foundation is working together with HRDs and other ‘At-Risk-Individuals’ in carrying out non-violent Capacity Building training programs and outreach activities that will help then in accessing:
- Assessing and better understanding their Digital Security risks as well as online censorship circumvention tactics available to minimize these risks.
- Incorporating Physical, Hostile Environments Awareness Training (HEAT) and Integrated Situational Awareness Skills necessary to address their needs.
Project Urgency
This project, aims at filling the gap in the holistic adaptation of Kenyan Journalists, Human Rights Defenders, Bloggers and other ‘At-Risk-Individuals’ to shifting socio-technical landscape, emerging Digital Security threats and evolving internet privacy practices. However, this can only be achieved through Digital Security trainings and Capacity Building on Digital Security carried out within communities, within existing networks of At-Risk-Individuals’ and within collaborative structures.
For many HRDs operating under high-risk Environments, the ability to integrate Digital Security practices following a stand-alone training is limited due to heightened limitations in physical spaces. This has prompted us to respond to their urgent and increasing need for a holistic approach in Capacity Building for technical-skills on Encryption, Safer communication, Data-Transfers, Online Censorship-circumvention, Cybersecurity-law, Internet of Things, knowledge on Policies, Privacy Rights and Freedom of Expression.
That is why for the next 12 Months, the proposed ‘My Shadow’ project will bring together over 800 participants from organizations with diverse representations and democratic leadership structures comprising of: Indigenous People’s Representatives, Rights Activists, Environmental Activists, Gender and Sexual Minority Rights Activists, Human Rights Defenders, Journalists, Bloggers, LGBT movements, Internet and Technology Rights Activists, the Civil Society, Scholars and other ‘At-Risk-Individuals’, to collectively share struggles, find connections, talk and strategize around the internet: the politics of it, what it means for their work, online violence against Journalists and HRDs, the nature of the harms that they experience, and critically strategize on the kind of internet safety and offline privacy they want to build and see after the completion of this project. One of the outcomes of these project, will be an evolving document with ‘At-Risk-Individuals” Principles of the Internet (ARIPI) – critical yet proactive in not only creating a safer gender based internet, but also a respectful and Human Rights friendly internet.
For many HRDs operating under high-risk Environments, the ability to integrate Digital Security practices following a stand-alone training is limited due to heightened limitations in physical spaces. This has prompted us to respond to their urgent and increasing need for a holistic approach in Capacity Building for technical-skills on Encryption, Safer communication, Data-Transfers, Online Censorship-circumvention, Cybersecurity-law, Internet of Things, knowledge on Policies, Privacy Rights and Freedom of Expression.
That is why for the next 12 Months, the proposed ‘My Shadow’ project will bring together over 800 participants from organizations with diverse representations and democratic leadership structures comprising of: Indigenous People’s Representatives, Rights Activists, Environmental Activists, Gender and Sexual Minority Rights Activists, Human Rights Defenders, Journalists, Bloggers, LGBT movements, Internet and Technology Rights Activists, the Civil Society, Scholars and other ‘At-Risk-Individuals’, to collectively share struggles, find connections, talk and strategize around the internet: the politics of it, what it means for their work, online violence against Journalists and HRDs, the nature of the harms that they experience, and critically strategize on the kind of internet safety and offline privacy they want to build and see after the completion of this project. One of the outcomes of these project, will be an evolving document with ‘At-Risk-Individuals” Principles of the Internet (ARIPI) – critical yet proactive in not only creating a safer gender based internet, but also a respectful and Human Rights friendly internet.
Project Aims & Missions
With this project, we aim at filling the gap in the adaptation of ‘At-Risk-Individuals’ to shifting socio-technical and the evolving Digital Security threats. This can only be achieved through Capacity Building within existing HRDs networks, collaborative structures and project sustainability.
Therefore, the Digital Security training and Capacity Building project to be implemented within 12 - Months is directed at HRDs and other ‘At-Risk-Individuals’, who work in very high-risk environments across Kenya.
Capacity-Building, which constitutes the key component of this project aims at helping HRDs in developing highly effective security management techniques, to ensure their own safety both online and offline; and while working in very high-risk environments. The second component of this project, aims at equipping HRDs and other ‘At-Risk-Individuals’ with twenty first century skills, technologies and technical tools necessary to effectively defend Human Rights in their respective areas.
Additionally, this project aligns with our aims and objectives of developing a ‘Train the Trainer’ (ToT) programme, meant to complement the work of the Enduring Voices Foundation’s staff in meeting the training needs of HRDs and other ‘At-Risk-Individuals’.
Therefore, the Digital Security training and Capacity Building project to be implemented within 12 - Months is directed at HRDs and other ‘At-Risk-Individuals’, who work in very high-risk environments across Kenya.
Capacity-Building, which constitutes the key component of this project aims at helping HRDs in developing highly effective security management techniques, to ensure their own safety both online and offline; and while working in very high-risk environments. The second component of this project, aims at equipping HRDs and other ‘At-Risk-Individuals’ with twenty first century skills, technologies and technical tools necessary to effectively defend Human Rights in their respective areas.
Additionally, this project aligns with our aims and objectives of developing a ‘Train the Trainer’ (ToT) programme, meant to complement the work of the Enduring Voices Foundation’s staff in meeting the training needs of HRDs and other ‘At-Risk-Individuals’.
Project's Goals
This project’s key goals are:
- To strengthen the capacity of Human Rights Defenders (HRDs) to work effectively in Kenya
- To reduce HRDs vulnerability to the risk of persecution,
- To advocate for a favorable legal and policy environment in Kenya.
- To carryout non-violent Capacity Building training and activities that:
- Defends the internet freedom, freedom of speech and promote Digital Security, by raising awareness through all-inclusive-participatory programmes.
- Progressively advocates for conducive working environment for HRDs.
- Contributes non-violent strategies to ensure the safety and security of HRDs.
- Strengthens responsive and sustainable protection mechanisms for HRDs in Kenya.
- To strengthen Institutional development, organizational performance and sustainability of EVF.
Project’s Objectives
- To assess the Digital Security and online/offline privacy of HRDs in Kenya.
- To work with HRDs and other ‘At-Risk-Individuals’ in defending their internet freedom and freedom of expression.
- To work with Internet Stakeholders, Journalists, Bloggers, HRDs and other ‘At-Risk-Individuals’ in putting in place preventive measures to mitigate online and offline privacy risks.
- To equip HRDs and other ‘At-Risk-Individuals’ to better understand their Digital Security risks, through Capacity Building on 21st Century technologies, technical tools and internet censorship and circumvention tactics meant to minimize those risks.
- To develop Digital Security Materials for further dissemination.
Anticipated Project Outcomes/ Impact
Besides the development of tracking, monitoring and evaluation tools to inform policy and implementation on Digital Security and Cybersecurity and Privacy in Kenya. It is anticipated that the impact of this project will be felt through:
- Advocacy and embracement of direct nonviolent grassroots activism and organizing through Capacity Building of Indigenous Peoples, HRDs and other ‘At-Risk-Individuals’
- Contribution to knowledge, increased awareness on Digital Security and enlightenment of HRDs and other ‘At-Risk-Individuals’ to take seriously their security, both offline and online.
- Advancement of knowledge through sharing of ‘Best Practices’, discourse patterns and enhancement of policies affecting HRDs and other ‘At-Risk-Individuals’ in Kenya.
- Contribution to a greater realization of the HRDs and other ‘At-Risk-Individuals’ rights to privacy, freedom of speech, freedom of association and to a dignified life.
- Furtherance of collaborations, project partnerships and increased efforts in providing better project outcomes to enhance data on Digital Security for HRDs and other ‘At-Risk-Individuals’ and for comparison with other experts across the region.
- Stimulation of further engagement with the indigenous people in their own communities, through capacity building, training and dissemination, thereby contributing to their quest for self-determination.
- The creation of multimedia materials for further dissemination by the respective HRDs communities and networks.
Project Methodology
This project will engage participants through open-participatory and active learning approaches, which emphasizes on critical reflection and peer-to-peer learning. It will also involve interactions between participants and instructor, quizzes and various group activities. In every session, 10 to 20 participants drawn from within Indigenous Peoples’ communities, existing HRDs Networks, Media Associations and the Civil-Society, will be engaged with high-level Capacity Building activities.
Project Timeline
(What Happened & When?)
Project Date & Activity Description - 01st May 2018 - 31st May 2018
Consent and Participant Selection: Seeking permission for the United Nation’s stipulated Free, Prior, Informed, Consent for participation in to the proposed ‘My Shadow’ project.
Assessment and selection of potential participants using the following criteria:
Assessment and selection of potential participants using the following criteria:
- Technical and basic Digital Security knowledge.
- Connection with HRDs networks and other ‘At-Risk-Individual’ communities.
- Connection with Internet based technology communities.
- Involvement in activism, social change, and advocacy work.
- Language and computer skills.
- Suitability to adapt different pedagogical tactics and level of institutionalization.
Project Date & Activity Description - 01st June 2018 - 31st July 2018
Capacity Building on how to:
- Identify threats, capacities and vulnerabilities
- Carry out Basic Computer Hygiene to protect their information from physical threats
- Assess the Risk Matrix: Probability and Impact.
- Manage Security Risks: risk analysis and management
- Authenticate: Access control, passwords, two-factor authentication
- Identify and prevent Malware Types, attack vectors, preventing infection
- Protect networks and communications: Fundamentals, security challenges, standards
- Utilize Network security: firewalls, virtual private networks, intrusion detection / prevention
- When their defenses fail: Cybersecurity laws, recovering from attack.
Project Date & Activity Description - 01st Aug. 2018 - 30th Sept. 2018
Hostile Environments Awareness Training (HEAT):
Besides Digital Security training, this project will also incorporate Physical, Hostile Environments Awareness Training (HEAT) and Integrated Situational Awareness Skills necessary to address HRDs needs.
In this Module participants will learn:
Besides Digital Security training, this project will also incorporate Physical, Hostile Environments Awareness Training (HEAT) and Integrated Situational Awareness Skills necessary to address HRDs needs.
In this Module participants will learn:
- Hostile Environment and Situational Awareness
- Kidnapping and Navigating Checkpoints
- Personal Security and Self Defense (Online and Offline)
- Emergency First Aid
Project Date & Activity Description - 01st Oct. 2018 - 31st Oct. 2018
Current trends and issues on Digital Security and privacy:
- Differences between Online and Offline Environments, use of Mobile Devices and public Wi-Fi Environments.
- Understanding basic Digital Security Concepts: (e.g. encryption, anti-virus, malware, hackers, secure web browsing, cookies, web history, metadata, etc.)
- Protecting their devices from malware and hackers.
- Tools Trainings: Introduction to the right tools & Digital Security tactics
Project Date & Activity Description - 01st Nov. 2018 - 01st Dec. 2018
Ensuring Digital privacy, examining personal Online and Offline information:
- Protecting sensitive files on their computer through encryption.
- Authentication: access control, passwords, two-factor authentication
- Digital profiles, password protection, privacy measures, and encryption
- Recover from information loss
- How to secure their files in cloud storage
- Destroy sensitive information
- Secure their online collaborations and keep their online communication private.
Project Date & Activity Description 31st Jan. 2019 - 28th Feb. 2019
Advanced Digital Security Tools trainings & Digital Security tactics:
- How to remain anonymous and bypass censorship on the Internet
- Understanding Internet Censorship and specific Circumvention proxies
- Anonymity networks and basic proxy servers
- Protect personal data on social networking sites
- Use mobile-phones and Smartphone as securely as possible
- Mobility and the vulnerability of information
- Text based communications, Basic functions, trackability and anonymity
Project Date & Activity Description - 01st Mar. 2019 - 30th Apr. 2019:
- Project wind-up and preparation of project materials in archival format – to be archived by the A.J. Muste Memorial Institute and The Enduring Voices Foundation for further dissemination.
- Planning programme Follow-up and Publications.
- *Final Project Evaluation and Report Writing: Detailing project participatory planning, project activities, overall project implementation, project expenditure, Project results and outcomes, project challenges, met and unmet goals.
Project Follow-Up
Given the multitude of hostile and High-Risk Environments, the continually shifting contexts of Human Rights Defenders, ever changing Internet Privacy practices and shifting socio-technical landscapes, there can be no one-size-fits-all approach to Digital Security awareness and training. With that in mind, the following attributes will lead to better project outcomes:
To achieve this success, EVF will establish in-person communication plans with participants, in order to get in touch with participants in the future. Thus far, the potential Follow-Up Trainings that could follow these efforts include:
- Proper participant selection (motivated by need, risk and with similar skill levels);
- Proper preparation; low trainer-to-participant ratio; co-facilitation (training in pairs or teams);
- In depth understanding of the local context and threats faced;
- Creation of a 'Safe Space' for training; and
- Planning comprehensive Follow-Ups with participants.
To achieve this success, EVF will establish in-person communication plans with participants, in order to get in touch with participants in the future. Thus far, the potential Follow-Up Trainings that could follow these efforts include:
- Mentorship programs that recognizes the training beneficiaries’ uptake on their Digital Security and in sharing their skills with others, thereby enabling further the spread of knowledge.
- Project dissemination via Internet Society- Kenya Chapter digital/internet, TrueCrypt and Diaspora platforms.
- Tri-Annual ‘Train-the-Trainer’ events coordinated and conducted in partnership with the Internet Society -Kenya Chapter, to evaluate the lessons learnt, to improve where possible and to share the Best Practices from the these efforts.
Project Sustainability:
Potential mechanisms for sustaining this project is by developing, keeping the beneficiaries constantly informed and engaged through up-to-date resources for information on evolving Digital Security threats and new mitigation tactics. This way, the applicant will identify persistent barriers to Digital Security learning and ineffective Privacy practices. In so doing, EVF has drawn together a set of recommendations intended to foster increased sustainability and effectiveness in Digital Security training beyond this project life-cycle. These measures will include:
- Facilitating closer cooperation within the existing HRDs Communities and Networks to enable dissemination of ‘Best Practices’ and provide a shared advocacy platform.
- Supporting the development, piloting and iteration of new Digital Security training models and approaches which encourages sustained learning with a long-view on impact/effectiveness and building critical reflection into Digital Security training methodologies and developing channels for sharing project outcomes and results.
- Shifting the Digital Security training focus to Networks, Communities and Collectives to foster improved security and sustained technical tool usage through shared ‘Best Practices’ and workflow integration.
- Honouring roles which emerge through Digital Security trainings; improve support for participants who bear the burden of championing Digital Security within their wider networks.
- Co-developing a theory of change to position Digital Security trainings within a more defined, community-wide strategy.
Project Evaluation
The Monitoring and Evaluation of the proposed ‘My Shadow’ project will be guided by the Enduring Voices Foundation (EVF) through specific internal instruments and partner involvement, the elaboration of a baseline and quarterly progress reports. In order to ensure donor compliance, implementation and successful completion, EVF will develop and review specific indicators for the importance of the learning gained by the target groups, designed to identify stages of progress, project compliance and to provide technical support for similar project implementations, strengthening of HRDs networks and Indigenous communities’ collaboration with scholars, scientists and academia in the facilitation of similar projects in the future.
Additionally, an external Evaluation will be carried out by the PPD Consultants Ltd. The East Africa Research Council (EAPRC) will implement the Quantitative component, while the Community Research Group (CRG) will implement the Qualitative component of this project, with funding from a minimal budget allocation from the A.J. Muste Memorial Institute Award, to be administered through the Enduring Voices Foundation (EVF).
The objectives of this Evaluation will be to assess the:
Additionally, an external Evaluation will be carried out by the PPD Consultants Ltd. The East Africa Research Council (EAPRC) will implement the Quantitative component, while the Community Research Group (CRG) will implement the Qualitative component of this project, with funding from a minimal budget allocation from the A.J. Muste Memorial Institute Award, to be administered through the Enduring Voices Foundation (EVF).
The objectives of this Evaluation will be to assess the:
- The Long-term Impact on the proposed Capacity Building programs on Digital Security Training.
- A preliminary review on methods, needs, challenges and the shifting socio-technical issues, emerging Digital Security threats and evolving Internet privacy practices.
Project Impact
While Article 31 of the Constitution of the Republic of Kenya (2010) guarantees the right to privacy, including the right to not have information relating to one’s family or private affairs unnecessarily revealed, and to not have the privacy of one’s communications infringed, a crucial piece of legislation to enforce this law is yet to be adopted. The Data Protection Bill, 2013 was formulated to give effect to this constitutional provision. It articulates requirements for the collection, storage, protection, security, access, disclosure and misuse of personal electronic information. Currently Online and Offline privacy of Kenyan citizens depends largely on the mercies of ‘National Security’. Some of the Cybersecurity laws in place include:
- The Kenya Information Communications Act (KICA), Chapter 411A
- The Computer and Cybercrimes Bill (2016).
- The Data Protection Bill, 2013.
- Strengthened and empowered HRDs who exercise their freedom of speech both Online and Offline
- Improved Digital Security footprint and safety of HRDs and other ‘At-Risk-Individuals’.
- Improved and conducive working environment for HRDs.
- Improved nonviolent defense of internet freedom and freedom of speech
- Strengthened responsive and sustainable protection mechanisms for HRDs and other ‘At-Risk-Individuals’ in Kenya.
- Strengthen Institutional mechanisms to respond to protection of HRDs across Kenya.
- Strengthened capacity of HRDs to work effectively and to reduce their vulnerability to the risk of persecution.
- Strengthened Policies formulated to safeguard Digital Security and Internet Privacy in Kenya.