Overview
Advocacy organizations must operate under the assumption that their communications operate under continuous adversarial scrutiny. Securing message content alone is no longer sufficient; organizations must also actively defend against forensic analysis of communication patterns and behavioral networks.
End-to-End Encryption (E2EE)
Core Principle
All sensitive organizational communications should be routed exclusively through platforms using End-to-End Encryption by default.
How E2EE Works
| Step | Process |
|---|---|
| 1 | Data encrypted locally on sender's device |
| 2 | Transmitted in encrypted form |
| 3 | Decrypted only by recipient's device |
| 4 | Service provider cannot read plaintext |
What E2EE Protects Against
| Actor | Protection |
|---|---|
| Service provider | Cannot read message content |
| ISP | Cannot intercept content |
| Law enforcement | Cannot compel provider to produce content |
| Network attackers | Cannot intercept readable data |
Recommended Platforms
Secure Messaging: Signal
Signal is the gold standard for secure text and voice messaging in high-risk advocacy environments.
| Feature | Description |
|---|---|
| Cryptographic primitives | AES-GCM, ChaCha20-Poly1305 |
| Safety Numbers | Verify contact identity out-of-band |
| Disappearing messages | Auto-delete after set time |
| Screen security | Prevent screenshots (optional) |
| Sealed sender | Metadata minimization |
Safety Number Verification
To prevent man-in-the-middle attacks:
- View Safety Numbers in Signal
- Compare with contact via separate channel (in-person, phone)
- Mark as verified if matching
Secure Email: ProtonMail
| Feature | Description |
|---|---|
| Zero-access encryption | Provider cannot read inbox contents |
| End-to-end encryption | Between ProtonMail users |
| Password-protected emails | For non-ProtonMail recipients |
| No IP logging | Enhanced anonymity |
Migrate Away From
| Platform | Issue |
|---|---|
| Gmail | Business model relies on scanning user data |
| Outlook/Hotmail | Microsoft can access content |
| Yahoo | History of government cooperation |
Voice and Video Communication
Encrypted Options
| Platform | Use Case | Encryption |
|---|---|---|
| Signal calls | 1:1 voice/video | End-to-end |
| Jitsi Meet | Video conferencing | End-to-end (when enabled) |
| Wire | Group calls | End-to-end |
Video Conferencing Considerations
| Platform | Encryption Status |
|---|---|
| Zoom | E2EE available but not default |
| Google Meet | Not end-to-end (Google can access) |
| Microsoft Teams | Not end-to-end |
Metadata Protection
Understanding Metadata
| Category | Content | Metadata |
|---|---|---|
| Definition | The actual message | Data about the message |
| Example | "Meet at the safe house" | Time, sender IP, recipient, duration, location |
| Protection | Secured by E2EE | Highly difficult to obscure |
Why Metadata Matters
Adversaries do not need to read content to cause damage:
| Metadata Analysis | Reveals |
|---|---|
| Communication patterns | Mapping entire activist networks |
| Location data | Tracking physical movements |
| Timing analysis | Inferring relationships and activities |
| Contact networks | Identifying anonymous sources |
Metadata Retention
Current legal frameworks offer exceptionally weak metadata protections:
- Government agencies routinely purchase metadata from commercial brokers
- Bypasses warrant requirements
- Achieves surveillance goals without accessing content
EXIF Data Removal
The Risk
Digital photographs automatically embed Exchangeable Image File Format (EXIF) data:
| Data Type | Risk |
|---|---|
| GPS coordinates | Precise location where photo was taken |
| Date/time | When event occurred |
| Camera model | Device identification |
| Unique identifiers | Traceable to specific device |
Exposure Scenarios
If images with EXIF data are uploaded:
- Adversaries can locate activists
- Safe house locations revealed
- Event attendance documented
- Device ownership traced
Metadata Scrubbing Tools
| Tool | Platform | Features |
|---|---|---|
| ExifCleaner | Desktop | Batch processing, multiple formats |
| Dangerzone | Desktop | Sanitizes documents, images |
| ObscuraCam | Mobile | Removes metadata, blurs faces |
| MAT2 | Command line | Comprehensive metadata removal |
Mandatory Protocol
Organizations must mandate metadata scrubbing:
- Before transmission
- Before publication
- Before social media upload
- On all digital artifacts (photos, documents, videos)
Network Traffic Protection
Virtual Private Networks (VPNs)
| Feature | Benefit |
|---|---|
| IP masking | Hide true IP address |
| Encrypted tunnel | ISP cannot see traffic content |
| Location spoofing | Appear from different location |
VPN Selection Criteria
| Criterion | Requirement |
|---|---|
| No-log policy | Provider keeps no traffic records |
| Jurisdiction | Outside surveillance partnerships |
| Open audit | Independent security verification |
| Wire protocols | WireGuard, OpenVPN |
Recommended VPNs
| Provider | Key Feature |
|---|---|
| Mullvad | Anonymous accounts, no email required |
| ProtonVPN | Integrated with ProtonMail |
| IVPN | Privacy-focused, open source |
Tor Browser
For maximum anonymity:
| Feature | Description |
|---|---|
| Onion routing | Traffic bounced through multiple relays |
| IP obscuration | Origin completely hidden |
| ISP blindness | Cannot catalog browsing history |
Secure Information Sharing
Coalition Challenges
Sharing information across organizational boundaries expands the attack surface:
- Breach in one partner organization can compromise entire coalition
- Different security standards create vulnerabilities
- Data governance becomes complex
Data-Sharing Agreements
Grassroots coalitions must establish explicit agreements:
| Element | Specification |
|---|---|
| Encryption requirements | How shared documents are encrypted |
| Key management | Who holds decryption keys |
| Retention schedules | How long shared data is kept |
| Access revocation | How access ends when campaign concludes |
Secure File Transfer: OnionShare
| Feature | Description |
|---|---|
| Tor routing | Traffic routed through Tor network |
| Direct transfer | No third-party servers |
| Metadata protection | Obscures origin and destination |
| Ephemeral sharing | Links expire after use |
Use Cases
| Scenario | Tool |
|---|---|
| Large sensitive files | OnionShare |
| Regular document sharing | Encrypted cloud (Tresorit, SpiderOak) |
| Real-time collaboration | CryptPad |
| Code sharing | Private Git repositories |
Recipient Verification
The Problem
Digital communications can be intercepted or spoofed:
- Email can be sent from forged addresses
- Accounts can be compromised
- Man-in-the-middle attacks possible
Verification Methods
| Method | Implementation |
|---|---|
| Out-of-band confirmation | Verify via separate channel |
| Safety Number comparison | Signal identity verification |
| Code words | Pre-established verification phrases |
| Video confirmation | Visual verification for sensitive transfers |
Implementation Checklist
Encrypted Communications
- [ ] Deploy Signal for messaging
- [ ] Migrate email to ProtonMail or equivalent
- [ ] Establish encrypted video platform
- [ ] Train staff on verification procedures
Metadata Protection
- [ ] Deploy ExifCleaner/Dangerzone
- [ ] Create metadata removal SOP
- [ ] Configure VPN for all staff
- [ ] Establish Tor use guidelines
Coalition Sharing
- [ ] Draft data-sharing agreements
- [ ] Deploy OnionShare or equivalent
- [ ] Create access revocation procedures
- [ ] Train partners on security protocols
Verification
- [ ] Establish Safety Number verification culture
- [ ] Create verification code word system
- [ ] Document recipient verification procedures
Quick Reference: Platform Comparison
| Platform | E2EE | Metadata Protection | Best For |
|---|---|---|---|
| Signal | Yes | Partial (sealed sender) | Messaging, calls |
| ProtonMail | Yes | Limited | |
| OnionShare | Yes | Strong (Tor) | File transfer |
| Tor Browser | N/A | Strong | Web browsing |
| Wire | Yes | Limited | Group communication |
Related Resources
- Information Protection - Data security
- Rapid Response Security - Field operations
- Surveillance Technology - Understanding surveillance