With recent news around government repression of activists and security breaches in the United States, it’s a good time to talk about how activists can do their work more safely.
In our March 2025 SRTI Second Sunday Salon, we talked about operational security (OPSEC) and how to improve our security culture. The opening question “What is the biggest threat to our work?” sparked responses that converged on the theme of trust – in one another and in our institutional structures. Surveillance, including through infiltration of our groups by bad actors, is a major concern.
The mood in the US right now is that the government may well be collating intelligence on activists who have engaged with civil disobedience in the past, either directly or by association. Activists need to be particularly vigilant and careful with whom and how they are sharing information, even when that information sharing doesn’t explicitly describe direct action tactics. When we are discussing nonviolent direct action (NVDA), we need to be extra careful to use only secure communication channels and tools, and to eliminate the possibility of casual eavesdropping on those conversations.
Activists in the US are also concerned about Strategic Lawsuits Against Public Participation (SLAPP – civil lawsuits designed to interfere with critical commentary) and Racketeer Influenced Corrupt Organizations Act (RICO) investigations. These tactics have been used by fossil fuel entities and conservative governments to silence and/or punish activists in the recent past.
Against this background, the conversation turned to more practical concerns:
How can we protect ourselves? How do we organize without exposing ourselves unnecessarily? What tools are available to us?
Interpersonal Trust Grows Security
The first practice we need to engage in is to build trust for each other. These kinds of conversations (our Salons) are important for that, so we’re already on the right road! Getting more people involved in planning and organizing builds our community and makes us more resilient. Unfortunately, more people also brings more risk at the planning stage.
Security leaks happen when we haven’t gotten to know everyone in our group. We’ll never be 100% secure, but we can be careful and thoughtful about how we share information.
Digital Tools for Enhanced Security
The scandalous sharing of national security data on a Signal chat wasn’t because of the insecurity of the tool, it was because the people on the chat weren’t paying attention to who was on the chat. But even when you know and trust everyone you want to keep in the loop, using the wrong tools to communicate and share documents can make it way too easy for malicious actors to surveil and use your data against you. This is especially a concern for the most vulnerable people in a group, those who are not able to be visibly outspoken or risk arrest, but still want to help the movement.
We already use some of the tools available to us – we trust Signal for instant messaging and small working group or local hub meetings, CryptPad for document storage, Mega for media storage, Proton for email and calendars, and Jitsi for larger meetings. Many of these tools sacrifice some convenience and, at times, accessibility for security. It’s not always obvious where to draw the line, so we need to fall back on the previous practice of building trust through conversation and agreement, including sociocractic structures and decision-making. The conversations are key.
Operational Security Wishlist
Finally, we talked about our wishlists – what sorts of tools would most help us stay secure, without interfering with our agility? The most requested tool is a cheat sheet or checklist of steps we must all take and the things we could also do. This could also be organized into the “must do’s”, “should do’s” and “nice to do’s” in an effort to provide information for people at different levels of experience or action within our group. It would be helpful to have some instructional documents for people who aren’t familiar with the technology we’re using, and maybe to refresh the memories of those of us who sometimes forget!
We have a CryptPad document where we’re collecting info on recommended operational security practices. Can you help us organize this information into the more usable “cheat sheet” our activists want? Contact us to get more involved.
And of course, remember that you don’t have to talk to law enforcement beyond giving your name and address:
Finally finally, there is safety in numbers. Let’s build coalitions with huge numbers of people to overwhelm the malign actors in our governments and institutions!
