Thank you for joining Daniel D’Esposito of HURIDOCS, Enrique Piracés of Benetech and the New Tactics online community for a conversation on Working Safely and Effectively with Documentation Tools held from June 9th to the 13th, 2014.
Documentation is a crucial aspect of the quest for justice, accountability and transparency. Whether our goal is to raise awareness about an issue, build a case for human rights court or commission, or collect evidence for a criminal proceeding, documenting what happened (or what is happening) is often the first step towards positive change.
The information we are collecting is sensitive by nature. It often includes information about human rights abuses such as victims' testimonies, names of perpetrators, witnesses, and locations. It may include digital evidence like video or images. How can defenders, who are not technologists, ensure that their information is secure? How can defenders reduce their own risk of harm throughout the documentation process? How can defenders make sure that they have the ability to uphold their commitment to safeguarding the information of vulnerable populations?
Although advancement in technology has made the documentation process easier and more manageable, there is still risk involved. How can defenders ensure information stored is secure? Are modern mediums for documentation more dependable than that of the past? Is social media a trusted form of documentation? Many of these questions are discussed during this conversation, as well as key tools and topics around security, risk, transparency, convenience, and accessibility.
Tools Designed for Human Rights Documentation:
- CaseBox is designed to support the needs of litigation NGOs which are looking for an integrated and web-based application to manage their caseload. (but this tool is flexible enough to be used for any kind of case-management) Built by HURIDOCS
- Corroborator is intended to help journalists, researchers and civil society activists cope with modern large scale data. It is designed to help analysts create verifiable chronologies of events (Incidents) based on information submitted from a multitude of sources (Bulletins). Built by eQualit.ie
- Martus is a secure information management tool developed by Benetech that allows you to create a searchable and encrypted database and back this data up remotely to your choice of publicly available servers. The Martus software is used by organizations around the world to protect sensitive information and shield the identity of victims or witnesses who provide testimony on human rights abuses.
- OpenEvSys is a free and open source database application developed by HURIDOCS and is built on the Events methodology for recording violations and the “who did what to whom” data model
- RightsCase - RightsCase helps you to securely record, collate and analyse information and evidence of past and ongoing human rights violations. RightsCase allows you to access meaningful statistics through visualisations of collated data. Built by eQualit.ie
- Ushahidi is a data management system that rapidly collects data from the crowd and visualizes what happened, when and where.
Why is security important to human rights documentation?
Security is important to human rights documentation, especially due to its unique nature: documentation of human rights violations generates resistance from different adversaries that will depend on context. Not only are documentators at risk, but so are vulnerable populations with which human rights defenders work because of the nature of data collection. Future security needs to also be considered: what is our responsibility to the populations for whom we are collecting data? are there ethical principles that exist for the human rights community about documentation? One participant suggests the community should have a say how data is collected, managed, and used; this includes informed consent and say to terminate a project.
Where & when does documentation happen and how we can make it more secure?
In this discussion, questions were raised concerning ways of documenting, best ways to collect data, and ways to both protect and deal with sensitive data.
The role of tool-developers: One participant asked: is it the ethical responsibility of tool developers to make tools that are easy to use and secure? if it was, would it even be practical to do so?
Documentation tools can be made safer by improving builder-user relationships. These relationships should be informed and iterative, instead of a dichotomy, through responsible data aspects.
As developers and users, it is important to consider convenience vs security of data: the convenience and utility of the methodology of collecting data matters. Another participant suggests security vs convenience is more of a balancing act: it is integral to understand the consequences of a security breach and weigh it against the convenience factor.
Also highlighted was the importance of using Information Tool Development, as well as projective lifecycle considerations and organizational policy in dealing with sensitive data in management and collection processes. One idea shared is to create some sort of protection system to think about data collection and management more responsibly, especially as data collection is increasingly being done by people with no in-depth training on data management, privacy, and security.
The role of the organization: It is helpful to have security policy and a security level classification system in place in order to try to reduce the possible consequences of a security breach. One participant reiterates the importance of this policy: awareness and policy can aid people to make more sensible decisions when balancing convenience vs security. Security can be built in the workflow so that it does not seem so inconvenient. Organizational culture can help ensure such convenience by using short term goals. Policy and procedures can help complement short term goals. For cultural change to occur, there needs to be a “champion” in the organization. This champion needs to identify right partners, think from the inside about what information security means for them, and drive the process. As this champion both convinces more and more colleagues and important improvements are being made, policy becomes more effective. Speculation on prerequisites for such a culture to form can be found here.
The role of intermediaries: Many agreed the role of intermediaries is critical to the awareness of human rights issues, educating responders, and filtering information. One participant asks: how do we better integrate citizen witnesses (or those ‘first on the scene’) into more formalized documentation efforts?
How do we select the right to approach to documentation?
Participants list many tools that can be used for human rights documentation purposes. But how do we know which one to choose? One participant share a list of fifteen criteria for choosing the right human rights documentation tool.
These human rights documentation tools can be incorporated into the tools documenters use more traditionally. These can be incorporated into newer documentation tools so that documentation information can both be substantiated and dispel certain doubts over the outcome; doing so also allows stakeholders like investigators and courts to carry out more inquiries.
Each of the following three levels requires different security approaches: original documents, digital documents, and data collection. Threats to security include:
- information loss (most common threat, but also easiest to avoid)
- privacy loss
- natural threats
Security measures, such as properly implemented encryptions, proper monitoring, and/or giving a proper response (to both people at risk and the wider pubic) helps diminish threat.
To focus on what threats are more likely to happen give your context, it is helpful to perform risk analysis. It is important to make conscious and informed decisions when selecting the tools and approach for human rights documentation. This questionnaire can help organizations with risk assessment.
In addition to selecting the right tool, you should consider the possible sources of information you will use to collect your data. Utilizing open sources is important for meaningful documentation. The point when documentation occurs both helps sensitize data and makes using open sources easier. One participant shared examples to show how organizations have used open data effectively by using information management systems.
Effective & safe collaborative documentation and information sharing
Collaboration in documentation is becoming more and more apparent in the human rights field. Fortunately, new technologies are making it safer, more efficient, and easier for collaboration across sectors. One medium for information sharing is mobile phones. There are both pros and cons apparent when using mobile phones in the field. While accessibility to information is faster and easily spread with a mobile device, accessibility to the Internet and electricity is often a major challenge. It is also important to consider both the risks and opportunities that go along with transferring information via cell phone.
Articles, Guides and Reports:
- Archived Safe Mobile materials available on GitHub
- Chris Lasala’s chart, which list of attacks, countermeasures and alternatives
- Digital Archive Historical Archive of the National Police of Guatemala
- “Digital Security and Privacy for Human Rights Defenders” a report by Frontline Defenders
- Security Self Defense Project by Electronic Frontier Foundation
- How to Use the Online Proceedings of the Survey Research Methods Section by The American Statistical Association
- Responsible Data Forum facilitated by the engine room and Aspiration
- Tactical Tech's Security in Box section on mobile phones (but for smartphones only)
- Questions to ask Frequently (QAFS) When Working with Data and Marginalised Communities translated in Spanish here.
Other Documentation Tools:
- Consituent relationship management systems like CiviCRM and Salesforce
- Content management systems i.e. Drupal, Wordpress, etc
- Google docs
- Mobile applications like cameras, WhatsApp, TextSecure private messenger
- MySQL & eSQL
- SPPS software and The R Project for Statistical Computing
- Spreadsheets (Excel, Google Spreadsheets)
- Google Hangout: Why is security important to human rights documentation?
- Google Hangout: Where & when does documentation happen and how we can make it more secure?
- Google Hangout: How do we select the right approach to documentation?
- Google Hangout: Effective & safe collaborative documentation and information sharing
Image: Screenshot from an OnoRobot video clip titled ‘Playing hide and seek with encryption,’ produced by Tactical Technology Collective, used under Creative Commons license