Another important tool in helping us to monitor our security situation are security indicators. A security indicator is anything out of the ordinary that we notice which may have an impact on our security. Security indicators can include concrete incidents such as receiving declared threats, attacks against partner organisations, or suspicious behaviour of persons we may notice; however, they also include more subtle developments such as changes in the behaviour of our devices, or our health and well-being. What these have in common is that they may indicate a change in our security situation, and they should be shared and analysed among trusted friends and partners in order to establish their meaning.
We are used to monitoring situations and noticing if we no longer feel safe – as explored in Section I, we have an intuition for this. Developing the practice of analysing security indicators just means taking a more deliberate and organised approach. It is a good idea to develop the habit of noting, recording, sharing and analysing security indicators with colleagues and allies regularly as this helps us be more objective about our security situation.
Identifying security indicators
We are already quite good at noting peculiarities that may affect our well-being in daily life – this is our intuition at work. But our intuition is not infallible which is why it’s a good idea to explicitly establish a base-line of normality: analysing and getting to know what we consider to be 'normal' in our socio-political environment, digital devices, daily life, and state of physical health and emotional well-being. Once we establish what 'normal' means to us, it is easier to notice a change in our environment - something we may consider 'abnormal'. Below are some tips on establishing base-lines and noticing abnormalities in these different areas. However, keep in mind that you yourself are best placed to know where to identify indicators in your own context.
Keeping an eye on the political, economic, social, technological, legal and environmental situation in which we operate is vital for ensuring our security and the continued success of our work. Helpful steps in monitoring our socio-political environment include talking to trusted friends, colleagues, and fellow organisations, following and documenting the news and meeting with experts when beginning work in new areas.
See the chapter on Situational Monitoring and Analysis for more information on how to go about this, or read the full-length version of this chapter for detail on what to look out for.
Identifying security indicators in the digital realm does not often come naturally to us, and we may have to be quite deliberate abut it. However, with increasing use of electronic surveillance against human rights defenders, the importance of learning how to look out for digital anomalies cannot be overstated. Start by establishing a baseline of what you consider to be a 'normal' state of your digital hardware (such as computers, phones, routers, hard drives, servers, etc.) and their behaviour while you use them. Monitor the outcome of the activities below, periodically check and identify any changes, and see if they amount to a security indicator. If you suspect that something may be awry, talk to a trusted expert.
Scan devices with an anti-malware program.
Check your firewall.
Check your computer for any unauthorised processes or programs.
Use two-step authentication for your online services where possible.
Make physical marks (such as with UV marker) or use tamper-tape on your devices and take pictures of them to help you verify if they have been tampered with.1
For more in-depth information, see Appendix A in the manual.
In day-to-day life, there are many opportunities to check for security indicators. These will be different for each of us, depending on our habits, routines and the manner in which we go about our work. The exercise linked below is an opportunity to establish what a normal day looks like for each of us personally. Some aspects to consider include how you travel from home to work, what activities you do in the course of a day, what devices you carry with you and who you interact with. By thinking about these things it is possible to get a different perspective on your routines and identify what factors could signal a change in your security situation.
Health and well-being
It can be easy to overlook our health and well-being, but changes in our health can indicate a reaction to an external problem such as increased stress, which in turn impacts our security situation. As activists we sometimes continue to push ourselves, but in doing so we risk causing lasting damage to our health over time, or hindering our ability to analyse our security situation. We may not be used to monitoring our own health and changes can occur gradually, so adopting a methodological approach to our physical, emotional and psychological selves is a good start. One way of doing this is by making a stress table, like in the exercise below.
Sharing, analysing and keeping track of security indicators
Sharing and analysing security indicators with trusted friends, colleagues or partner organisations is important in helping us to identify whether there are any patterns, which in turn helps us to identify threats. Furthermore, it is a key practice for checking our perception and trying to keep it accurate.
As security incidents are generally 'sensitive' both as pieces of information and in terms of their impact on us emotionally, it's good to discuss and analyse them in a 'safe' space. Consider including security indicators as a regular agenda item at meetings to ensure that they talked about action can be taken if necessary. Use the table below to guide analysis of concrete incidents, such as declared threats, attacks or accidents. For indicators relating to health and well-being, it is advisible to analyse them in a more informal way, ensuring that the affected person feels supported in sharing.
Steps to follow in the analysis of security indicators2
In the case of particularly important security indicators, such as concrete incidents, it may be useful to ask the following questions as a basis for analysis.
- What happened?
- When did it happen?
- Where did it happen?
- Who was affected?
- Was gender-based violence involved? This is especially important in the case of concrete incidents involving third parties. Consider physical and psychological factors.
- In the case of aggressions – who was responsible?
- Why do we feel this happened? Try to avoid being accusatory here but rather establish the facts of the incident.
- What was its origin? Was this related to common delinquency, environmental factors or our work and activism?
Whatever your work situation, it is important to create a space where you can record security indicators in as much detail as possible, in order to later share and analyse them. This may take the form of a document or spreadsheet which should be periodically analysed (weekly or monthly) so that any trends in the indicators can be noted. You can use the questions above to help structure your register. This list should be considered highly sensitive.
1) For more on physical protection of devices, see Security in a Box: “Protect your data from physical threats” https://securityinabox.org/en/guide/physical
2) Based on Peace Brigades International Mexico Project (MEP, 2014) Programa de Asesorías en Seguridad y Protección para Personas Defensoras de Derechos Humanos, p.82