IT Security and NGOs - A Little Knowledge?
16/09/07 13:12 Filed in: NGO Security | Technology
The other night I was having dinner with some NGO friends when the subject of government eavesdropping on NGOs came up. One of the people at the table said that in the past they had used an email trick to allow sharing sensitive information amongst team members. Essentially the premise was that one could sign up for a free web mail account and share the account password amongst team members. Members would draft emails as usual but rather than sending them they would simply leave them as drafts. Other team members would then read them by going to the account.
The idea was that as long as the email wasn’t sent it couldn’t be monitored. Unfortunately it is just not true as Nart Villeneuve points out here
I recalled the conversation a few days later and wondered what the problem was. It is not that my friends weren’t aware of the potential risks, and they are certainly not unintelligent. I think the issue is that most aid workers already have more than enough work to do without trying to keep up with the latest developments in IT security. So the problem becomes one of learning about IT security in small, manageable, easily absorbed bits.
Fortunately there are resources that can help. Thanks to Bruce Schneier at Schneier on Security
. I don’t think it is meant to be funny but it does present IT security in a straightforward and comprehensible manner. Subscribe to the RSS feed to make it even easier.Privaterra
is a good resource that covers data privacy, secure communications, and information security for Human Rights NGOs.
Over course you shouldn’t miss Nart’s blog
. It isn’t NGO specific but it covers Internet privacy, freedom of expression, censor-ware, security, surveillance and anonymity. Whether you are interested in "Cyber-Cafe Monitoring in India
" or need to know how to avoid internet filtering Nart’s blog is a good place to start.