How to keep your digital devices and accounts safe when exercising your right to peaceably assemble.
IMAGE: MORENO BERTI/CC-BY-ND 2.0
There will be many watchful eyes taking notice of your activities this weekend. On Thursday, several days of planned protests started in Washington DC in anticipation of the inauguration of President-elect Trump. Tomorrow, the Women's March on Washington will kick off, with thousands expected to turn up. Naturally, law enforcement will likely be heavily surveilling these protests and others with all sorts of tech and spying gear. And it's not just the cops: when much of a protest is broadcast via tweets or live-steaming, those watching may also want to digitally target protesters, perhaps by identifying them publicly. So, if you're a peaceful protester, but you don't necessarily want your participation in a demonstration to follow you around or lead to harassment online, what sort of steps can you take around your digital security?
IMAGE: NEIL COOLER/FLICKR/CC-BY-2.0
Bring a clean phone… "They'll be, obviously, cell-site simulators," Matthew Mitchell, a founder of Crypto Harlem told Motherboard in a Signal call. These devices, otherwise known as IMSI-catchers or Stingrays, can record phones' geolocation, their phone number, and sometimes the content of texts and phone calls.
"If everyone is texting a couple of organizers, or calling a bunch of friends, that one friend that connected to all people could be identified," Mitchell said.
"What it'll say is this person was definitely at this place, at this time, and maybe you don't want that. Maybe you want to be able to show your support, show your political view, and having the ramifications for that, the cost of your free speech, to be low," he added. If you'd rather make it harder for any data that is swept up by these devices to be linked to you personally, you might consider buying a new, dedicated device for the protest. Maybe a $100 Android phone, Mitchell suggested.
"Your privacy is worth more than that," Mitchell said. You could buy this with cash or a gift card too so it's not linked to your credit card records. Don't turn it on when at home with your normal phone, and switch it off when you leave the protest. You may also want to quickly setup a new Gmail account, on public wifi, and then use that to download encrypted communication apps like WhatsApp or Signal (more on these below).
IMAGE: STEVE BARKER/FLICKR/CC-BY-2.0 ...Or bring no phone at all Of course, those are several hoops to jump through, it's easy to screw it up somehow, and you might not have $100 to spend on a temporary protest phone. So the simpler, and probably more effective approach for protecting privacy, is to not bring a cell phone at all and rely on more traditional methods of activist coordination.
Agree to meet friends at a certain place, at a certain time. Maybe decide on multiple locations in case the protest is broken up or cordoned off by law enforcement.
Ultimately, there is a trade-off to be had between convenience and privacy while at a protest, and how much you're willing to sway on either side of that is up to you. That also depends on what particular information you want to protect and from whom; something that can be summed up as your own 'threat model' (for more on this, take a look at Motherboard's Guide to Not Getting Hacked).
If you do bring your personal phone, encrypt it In the end, you may want to just use your own device when going out and protesting. Just keep in mind that it will be relatively easy for law enforcement to identify you and your movements if they do fancy accessing your phone records in some form.
If you're worried about cops, or anyone else, physically seizing and examining your phone, you should probably encrypt it too if you haven't already, and in general keep the device as free of unnecessary information as possible. Use these messaging apps Encrypted messaging app Signal recently introduced Disappearing Messages, which deletes messages in a conversation after they've been seen. If you don't fancy someone being able to rummage through your old chats if they do happen to get access to them, you could turn this feature on.
And although it's relatively unlikely an adversary is going to attempt to read your Signal or WhatsApp messages while in transit, it's probably worth verifying each of your protest contacts' cryptographic fingerprints: in Signal these are known as Safety Numbers and in WhatsApp, they are known as Security Codes.
Create new social media accounts "Media will be covering you, but you'll also be on livestreams and Twitter," Mitchell continued. Keep that in mind if you would rather your employer not know you're attending a protest for whatever reason, but also remember that plenty of other people will be monitoring social media looking for protesters to digitally harass.
If you did bring that phone and you're going to be sharing posts or photos yourself, you could make a new social media account for this purpose too. That way, those trying to dox protesters may have a harder time digging up your real identity.
"Understand that people who repost, retweet that the most—the timeline of where the original hashtag was created—all of that's of interest," Mitchell said.
Consider turning off location services on your phone If you want to share photos or updates on social networks such as Twitter and Facebook, without people knowing your exact whereabouts, you should turn off Location Services for those apps (you can do that on Android and iPhone).
Or, you could check you're not inadvertently sharing constant updates on your location via Twitter's metadata if you don't want to.