This is a cross-posted blog from Internews' USABLE.tools project which is advancing usable organizational security tools, including SAFETAG. Read more about this effort on the Global Technology Blog
Equipping at-risk organizations with localized expertise, resources, and tools to mitigate digital attacks
Human rights organizations around the globe continue to face ongoing and increasing digital security threats from state and non-state actors. ADOPTABLE (Adaptable Digital and Organizational Protections by Transforming and Building Long-term Ecosystems) is an Internews project designed to help these at-risk organizations access relevant resources (human, financial, and technical tools) that will allow them to continue to operate safely. Without access to local organizational security experts, usable security and privacy tools, buy-in from decision-makers, and support from funders to adopt stronger safety practices, the organizations and their beneficiaries remain at risk, as does their crucial work.
The project consists of four core components:
Expanding the capacity of regional and local partners to address organizational security risks
Internews will support experienced partners in Latin America, Sub-Saharan Africa, and Eastern Europe to become regionally recognized centers of expertise on organizational security and build out local and regional ecosystems of organizational security auditors. Partners will conduct Trainings of Auditors (ToA’s) to train and/or upskill local security auditors in their regions on the SAFETAG framework. These newly trained auditors will work with experienced auditors to gain first-hand experience in conducting audits, while also collecting feedback on organizational security tools being used by at-risk organizations. To improve the scalability of this localization of expertise, Internews is also working to improve the SAFETAG onboarding and training process and make the framework more accessible by developing a new interface. More on that process here.
Improving the adoption of organizational security practices within at-risk organizations
Internews will fund at least 5 audits or engagements in each of the three target regions. At-risk organizations will undergo a full security audit and receive a detailed Risk Reduction Plan (RRP), which outlines tangible steps they can take to mitigate their risks. Even after a security audit, Internews has found that many organizations lack the resources needed to implement the recommendations provided by an expert. Without the ability to implement these changes, organizations are no more secure than they were before an audit. Internews will ensure that these organizations are able to implement the recommended changes by providing direct financial support after the audits. A variety of mitigation efforts may be eligible for support, including trainings for organization staff, facilitation of a security service by a third party, or the purchase of software and hardware.
Developing and enhancing feedback collection mechanisms to ensure at-risk users have a voice in the design and development of open source privacy and security tools
As part of the USABLE approach, Internews created feedback loops between at-risk users, digital security trainers, and open source tool developers. Internews will continue to collect feedback from at-risk individual users, while also expanding to capture organization-wide feedback on security and privacy tools. Most notably, the USABLE approach will be integrated into the SAFETAG framework, allowing SAFETAG auditors to identify gaps and usability issues with privacy tools being used at the organizational level. Through virtual Cross-Regional Convenings, Internews will work with partners to update the activities in the UX Feedback Collection Guidebook, develop organizational archetypes to further build out our library of user personas, and map the current landscape of open source tools being used by at-risk communities around the globe. Following the virtual convenings, Internews will launch a pool of funding for trainers and auditors to integrate feedback collection activities into their digital security trainings or organizational audits. The high-quality feedback collected during these engagements will be shared with developers through their preferred channels. Key communities will convene once more at the end of the project for the third UXForum to continue devising ways to scale and sustain feedback loops.
Enhancing the usability and accessibility of open source privacy and security tools
Internews will launch the third round of the UX Fund. This funding pool will provide support to privacy and security tool teams, enabling them to work with UX and accessibility experts to implement human-centered, usability-focused tool improvements. These changes will ultimately strengthen the tools, making them more secure for the at-risk individuals and organizations who need them the most.
Ultimately, we believe that with more localized tools and stronger local support, at-risk organizations will be better equipped to withstand the digital attacks and surveillance they currently face.