Most Comments

Peanut Gallery

Not My Tribe on Facebook
Tweets from Not My Tribe
Second Life
Boycott Israeli Goods Granma essays of Fidel Castro
Click to buy St Patricks Day parade t-shirts
Click for more on COLORADANS FOR PEACE

Pantheon of Heroes

Bradley Manning
GI Wikileaker
Massimo Tartaglia
Berlusconi pugilist
Muntadhar al-Zaidi
shoe thrower
Tim DeChristopher
Bidder 70
Glenn Spagnuolo
R68 rabblerouser
Andrew Meyer
Don't taser me Bro
Rachel Corrie
Palestinian rights
Ken O'Keefe
Human shield


Adrian Lamo
James O'Keefe, fraud
Hannah Giles, fraud
Brandon Darby, FBI informant
Neda Agha-Soltan, *
Yoani Sanchez, fiction
John Yettaw, spoiler
Rebecca Joseph, UCSB Tova Hausman, UCSB Greg Mortenson, tool Prince Harry
wannabe killer
Scott Robinson
RNC Kicker

Popular Culture

Book reviews:
Three Cups of Tea -- 1000 White Women - Harry Potter dead zone
Film reviews:
Dolores Umbrage Bush Twilight - Happy Feet -
The Queen - King Kong

Homer for gen. Simpson
The authoritarian M.O.
Plastic flower of youth

—- Internets —

NotMyTribe banner for general distribution
Colorado Springs Progressive Blogs
Local coverage of the arts on SPRINGS CULTURE CAST
Newspeak Moblog
Blog News Net Colorado Lefty Blogs Lefty Blogs Boycott AP Lewis Links Riseup dot net Add to Technorati Favorites Creative Commons License Let iCab Smile
Not My Tribe 60×60 button
Free Bradley Manning Left List US IWW Wobblies Socialist Party aim-native-american-indian-movement-peace-sign.gif Troublemakers Union Organic Consumers Association ACORN EZLN Black is Back

Reference Library

NMT Calendar

APRIL 2010
19-25 - Week of Solidarity with Latin America
22- CC lecture: Paul Watson

MAY 2010
1- International Workers Day
4- Day of Solidarity with the People of Nicaragua
15- Day of Solidarity with Palestine
22-29 Week of Solidarity with Africa

JUNE 2010
6- Anniversary of Israeli seizure of Gaza
20- International Day of Disarmament
25-26 G-20 summit, Huntsville, Ontario

JULY 2010
26- Day of World Solidarity with the Cuban Revolution

AUG 2010
3- Day of World Solidarity with the Struggle of the People of Guinea-Bissau and the Cape Verde Islands
6- Day of World Solidarity with the Struggle of the Japanese People
18- Day of Solidarity with the Afro-American People

SEPT 2010
12- Day of Solidarity with the People of Zimbabwe
21- UN International Day of Peace, sponsors PTP, UF & CPI
23- Day of Solidarity with the People of Puerto Rico
25- Day of Solidarity with the People of Mozambique
30-10/6 - Week of Solidarity with the Peoples of Asia

OCT 2010
8- Day of the Heroic Guerrilla
10- Indigenous Peoples Day
12- Day of Solidarity with Laos
19- International Media Democracy Day



Data security

The Ruckus Society has been working with Aspiration and Midnight Special Law Collective to evaluate and develop stronger security protocols, here they discuss why we should all take steps to improve our security – and not just for our own sakes, but also for each others’.

From “An Introduction to Security Issues,” the Ruckus Society.

Why should people care about security?

As information becomes a more critical part of the work we do and the power we build, we need to be aware of the vulnerability of the information we create. When people talk about security it’s really a matter of your expectation of privacy and being able to communicate over the internet – an infrastructure that’s extensively monitored and extensively insecure. Security is a critical part of doing effective work for any group that uses computers or the internet.

In a digital world, what do we have to be aware of when communicating electronically?

First and foremost, if you’re sending information over email, make sure that you’re doing it in a way that is difficult for people to gain access to. Regular email travels in “plain text,” which means that it’s transmitted across the ‘net in a format that is readable by anyone watching the wire. So if you want security when you send those emails, you should encrypt them, so they’re scrambled in transmission and only unscrambled when received by the (intended) recipient.

What about the physical computers themselves?

At a bare minimum, any computer with any kind of sensitive or important data should have passwords at every level: it should prompt you for a password when you turn it on, when it wakes up out of sleep, and when a screensaver is interrupted. These measures won’t make it bulletproof, but they help assert an expectation of privacy. You’re making it clear that you don’t want anyone to look at your data. Laws are structured around this expectation. To a degree, the more you show you have an expectation of privacy, the more privacy you get.

That said, it is obviously possible for a skilled adversary to steal your computer and gain access to your data without regard to your passwords. That’s why it’s important to encrypt your hard disk, so that someone with physical access to your disk will not be able to unscramble the information on it. Similarly, you’ll need to encrypt your backups, and store them offsite. You also need policies for memory sticks, too.

Can you speak more about this ‘expectation of privacy’ issue?

With the 4th Amendment – our protection from unreasonable search and seizure – a lot of our protections are based on whether we had a “reasonable expectation of privacy.” This includes such things as keeping that information in a locked room, behind one or more passwords, or encrypting it.

People often give up their expectation of privacy without even knowing it. One example is Gmail. Part of Gmail’s terms of use allows Google to crawl your email to place ads targeted specifically to you; the fact that you allow Google this access is potentially giving up your expectation of privacy. (Most other major email providers have similar policies.) So it’s very important that, as you store information and use technology, you assert your expectation of privacy. That way you have a legal defense against a court order to produce information (like a subpoena).

Is it fair to say that not password protecting your computer, or using Gmail, is like leaving your front door unlocked and inviting the FBI in, rather than exercising your right to not answer the door?

Yes, that’s a perfect way of explaining it.

What kind of vulnerabilities do we have in storing our data and how do we determine what should not be stored at all?

Data retention policies are complex because they’re always based on your organization’s needs. You have to think about what information you actually need to keep – and what you can do without. Any information you store could be used against you in the future, or in ways you didn’t intend.

An example of what should almost never be stored is detailed information about who visits your website. It’s important to set your web server up so that it does not, over time, store uniquely identifying data about your site’s individual visitors, which protects your constituents’ privacy.

Another place where there’s tension around data retention concerns donation data. Fundraisers want to retain as much information as they can about supporters in order to do their job more effectively. However, that information is potentially revealing about your donors, and you may want to protect their privacy. There is no single right answer, but it’s important for organizations to figure out how to strike a balance between retaining the data they need while also protecting the privacy of the people who support them.

As the examples above about your website visitors and donors show, the data you store isn’t just about you. If you get targeted in the future, those third parties you have data on may get targeted, too, just for being associated with you.

The key thing is to make sure your organization reflects on data retention and implement a data retention policy that not only follows best practices for privacy and security, but also honors the privacy of the people whose data you store.

A lot of “security” that organizations do consists of making a few random changes to how they operate – like buying a shredder and changing their old passwords. How can we meaningfully approach digital security?

You can think about security awareness in much the same way that you would think about making your house secure: locking your doors, windows, possibly even installing bars on your windows or a second lock on your door. With the internet and computers there is a very large number of virtual eyes watching what you do remotely – and sometimes on your computer itself through viruses and spyware. So in the same way that you would lock your house to secure your belongings, you should think about security holistically when managing information and using technology. That way you’ll be protecting not only yourself, but the data of your allies and colleagues that you are storing.

It can be overwhelming to look at a giant list of random “security” practices. It’s more effective to think about your organization’s needs and adversaries, figure out your main vulnerabilities, and begin by addressing them. Having said that, encrypting data and thinking about online communication is going to be relevant for almost every group organizing for social justice.

How do you respond to people who say they have nothing to hide, and worry that by actively hiding data they imply that they’re doing something wrong?

I do not think the act of encrypting implies anything other than asserting your expectation of privacy. It’s like mailing a letter in a sealed envelope instead of writing it on the back of a postcard. If you get a lawful order to turn over encrypted information, you can choose to decrypt it, which is better than the government or corporations reading your messages whenever they feel like it.

There is also a notion of solidarity here. Part of why everyone should encrypt is so that messages encrypted for “important” reasons blend in with everyday communications that are also encrypted. Right now, the people watching the wires can see which emails are encrypted, safely assume that those communications are “important,” and then target the people sending and receiving them. The more that all of us use encryption, the stronger we’ll be as a community, even as the government and the corporations that control the infrastructure of the internet watch our activity online.

People who say they have nothing to hide should consider the possibility that they may at some point in the future want privacy, and so they should start asserting their expectation of privacy now. While some people say, “I have nothing to hide,” I don’t think anyone would say that they don’t have anything that they want to keep private.

What are the top three steps you’d recommend to improve data security?

1. Educate yourself. Find out what these security concepts mean, because you can’t really do anything effective until you become aware of them.

2. Secure your computer and your backup. Put passwords on your computer at all gateways so that anyone coming to your computer needs to authenticate before gaining access to it. And if possible, encrypt your data so that you’re confident that even if someone were to steal your computer (or otherwise gain physical access to it), it’s difficult to impossible for them to see the data stored on it. (Encrypt your backups, too.)

3. Think about internet communication. Be proactive about using encryption, and reconsider what online services (like Google scheduling and collaborative writing) you use.

Anything else?

Anyone who doesn’t think that we as movements for social justice are not being surveilled should look historically at FBI programs like COINTELPRO. Governments have spied on their citizens for decades – in some cases, centuries. Our adversaries – corporations, the U.S. government, and other international governments – all aggressively pursue data over the internet and via physical access to computers.

To the extent that we are trying to build power and be effective as movements, we need to be informed about how vulnerable we are, and take steps to make ourselves and each other more secure. Isn’t that what solidarity is all about?