Security culture

Security culture

In an age of NSA nuisance, security and privacy in activism is a very real concern. As much as you want people to know what you’re doing and cause a rumble, you want it to happen on your rules - not when some two-bit hacker decides to poke around. That said, security culture can be a double-edged sword: in organizations based around community and trust, suspicion is no one’s friend. So here are some Yes Men tips and tools for staying safe - and, more importantly, sane.

What  Is Security Culture?

Security culture is the set of values and customs you establish in your organization around security. Security culture is developed to minimize the risk of your activities being sabotaged or infiltrated by outsiders which can undermine direct action.

Why Is Security Culture Important?

Activist organizations operate with a degree of covertness: this level of secrecy allows for direct action which relies on tactics of surprise and shock. Often, activist organizations operate in a grey area when it comes to legality: it can be crucial to maintain protection from official eyes. This is particularly important as activist organizations are often directly targeted by said official eyes. It is also important for the individual safety of your members: we operate around sensitive issues and maintaining anonymity for your members is vital.

How Is Security Culture Dangerous?

Security culture inherently relies on suspicion: an awareness of your vulnerability is what should motivate you to develop a strong security system. But if you think about activist culture more broadly, you’ll think of values of community, empowerment and trust at the heart of many movements - this can feel at odds with security culture which relies on suspicion, secrecy and covertness.

As activist and writer George Lakey points out, “To win, movements need to expand. To expand, activists need to trust—themselves, each other, and people they reach out to.” This is true both within the team and with outside allies who are necessary to get the ball rolling. Creating an environment based on suspicion and fear can break a team apart and be totally counterproductive to inspiring others to join your movement.

How Do You Solve This Dilemma?

So you need security culture but it can also be your achilles heel. How do you solve this? Following this handy Yes Men guide of course!

Assess your risk.

How dangerous and risky is your operation really? Are you trying to break into the Pentagon or stop the closure of your favorite ice cream store? Think about this in terms of how much of a target your activity really is and also how vulnerable you really are. At the end of the day, when you are just starting out, you won’t be trying to take on Monsanto all on your own: rather, your biggest threat will be leaks to the media. These can be inadvertent leaks or deliberate sabotage: either way, having a sensible approach to security culture will ensure that your operation makes headlines when it best suits you. But always maintain an awareness of what your risk factor really is - assessing this will allow you to avoid unnecessary paranoia and develop the most effective strategy.

Come Up With An Appropriate Strategy

  1. Once you have determined your risk factor, come up with a strategy that is appropriate to your organization. Set up a meeting with your key team members and come up with a plan that is effective for all of you. Security needs to start with an organization’s leadership - you need to set the right tone.
  2. Think about how you involve new members too: this process always brings a risk, so come up with ways to ensure security. Perhaps do an informal background check or make sure they have references from people within the organization. Once you feel comfortable involving someone new, share your security concerns with them so everyone on the team is on the same page.
  3. Create an information chain: there are certain pieces of information that can be far more crucial to your activities than others. Likewise, there are members of your team who have greater seniority: these are the people you can trust with the more sensitive information. Meanwhile, newer members can be privy to what is essential for their work. This way, if someone in your outer circle is compromised, the inner workings of your plan won’t be undermined.

Keep Your Paranoia In Check

Always check in with yourself to make sure you aren’t getting paranoid. Keep eyes and ears open, of course, but not at the expense of teamwork. Remember that your focus is on ACTION not on worrying if people are going to find out about it. It's not newsworthy that "some activists were planning to do this really funny thing"—it's only news if  you actually do it. So focus first on your action, then on your security plan. Maintain a cool head and ask yourself - is this healthy suspicion or all-out, Rear Window paranoia? 

One time the Yes Men ran a pretty successful stunt during the 2004 Bush campaign, specifically during a conference by this strange cultish group called the International Web Police. We had everyone fooled right up until the when someone cottoned on that we were actually imposters with a healthy dose of satire. All hell broke loose and we were driven out of the conference room pretty quickly. We panicked and got a bit paranoid that the police had been called: we ended up dumping all our props and equipment and making a real run for it. Of course, the police WEREN’T really after us and, had we kept a cool head, we probably could’ve held on to some useful pieces of equipment for future stunts. So again, always assess your risk factor and be prepared to act accordingly. A cool head, even when a room full of Republicans is yelling at you, is key.

Keep Talking

Maintaining communication is crucial. Here’s an example. In 2012, a woman infiltrated the 9/11 survivors movement: various people within the organization had suspicions, but didn't talk to each other about their suspicions. Eventually the deception came to light, but it seriously undermined the organization in the process. So, if you are worried about a potential infiltration - talk! Have a meeting with your key members, maintain trust and maintain openness with the people that are important to your work.

Use Your Common Sense!

Above all, stay logical. If something or someone doesn’t feel right, trust your gut and act. If someone is trying to get you to do something dangerous or foolish that could compromise you are your organization, don’t do it. Be open about your concerns or disagreements. As much as security is about protecting privacy, in this kind of work its also about talking and keeping communication wide open - this will be the true strength of your team.

Talk to Us!

Lastly, talk to us. We are your Action Switchboard, we are here to help. As much as this resource guide is your tool, we are living, breathing founts of information. If you have a truly specific concern, drop us a line. Chances are we already know what you’re dealing with. After all, just by being on this site you’ve given us access to tons of information: thanks to a handy loophole in legislation, we’ve gained access to your metadata, which is just oh so useful. Just kidding. Or are we? No, we are. But seriously. Watch your back.