Introduction

In this post, we will cover the following: documentarians' and human rights archivists' emergent contexts and needs when capturing and archiving evidentiary media, threats the media, documenters, and archivists face, and emerging tactics and tools to help protect them from these threats. This blog is part of a series that explores how and whether decentralized storage technologies are suitable for our human rights archivist communities. In the first blog, we mapped out the technical functionalities of the current state of Decentralized Web (DWeb) storage and future publications will build on this one to extrapolate the risks and benefits these technologies pose/offer to our communities. The ultimate goal of our research is to learn how human rights defenders, often at risk, can benefit from the verification, privacy, and long-term preservation features of DWeb storage and to identify which privacy and usability updates are needed in order to safeguard it for them, thus protecting the broader public downstream.

Chrystalleni’s First Responder Experience

In April 2017, I visited Istanbul and was invited to a small protest about Turkey’s denial of the Armenian genocide. I was shocked by the extreme militant response to a protest of only around 30 people. The road closures and absurdly high number of police and military vehicles seemed excessive. Sensing the tension, I pulled my phone out to record footage of the protest. Suddenly I was overtaken by a police officer who demanded that I delete the footage and leave the scene. So I did.

Later, from the presumed safety of a Starbucks, I replayed the scene again in my mind, trying to imagine what I might have done differently to protect myself and my footage of the injustices. I was disappointed in my naivete about the dangers of capturing such footage and attending this protest, especially for someone of my ethnic make-up.

I wanted to let people back home know where I was and what I had seen, but I had no cell reception in Turkey. The only way to connect to the internet involved signing in to the Starbucks WiFi network via Facebook. I then considered the dangers of sharing such information via an internet connection controlled by Facebook, a corporate entity with no qualms about handing over my personal information to potential bad actors. The level of control that corporate, government, and bad actors had over me, my media, and my access to the internet threatened my privacy and freedom of movement, two core human rights principles.

I learned three key lessons from this incident:

1. We are compromised when faced with oppressive authority figures who use force to shut down protests and censor media, as it puts the historical record and those who capture it at risk of physical and digital threats;

2. Documenting and exposing abuses has the potential to help marginalized groups achieve accountability and justice;

3. I needed to know more about better protecting myself, others protesting, and my evidentiary media

Working with History’s First Responders - OpenArchive’s Approach

We now have better ways to handle situations where both those documenting injustice and the documentation itself are put at risk. Founded in 2015, OpenArchive is one of a handful of organizations working to support those who collect, share, verify, preserve, and use evidentiary media for justice and accountability. Our ultimate goal is to further human rights protections worldwide by protecting history’s first responders - those on the frontlines risking their lives to capture evidence of injustice. We do this by:

• Partnering with Decentralized Archivist Communities (DACs) to jointly support their decentralized archiving and preservation efforts to ensure their human rights documentation is safe and accessible in the long term.
• Conducting co-research with DACs to threat model and create personas/journey maps in order to help them safely document their movements around the world.
• Building responsive tools like our Save app, which helps eyewitnesses share, archive, verify, and encrypt their crucial historical records. We are now working with the DACs to improve decentralized storage technologies to better meet their needs.
• Developing best practice guides on how to safely capture, verify, and preserve evidence and combat disinformation.

Mapping the Decentralized Archivist Communities’ Contexts, Threats, and Needs

DAC’s Contexts

Decentralized Archivist Communities (DACs) are organizations or collectives who collaborate to collect, preserve, and create mobile media archives. These communities often emerge in response to threats from bad actors who target them with: censorship, surveillance, data manipulation/interception, or physical threats. We partner with DACs to jointly support, steward, and promote decentralized archiving and preservation efforts to ensure their documentation is safe and accessible for the long term. Through our co-research with the DACs, we map the contexts they work in, how they currently collect, manage, and preserve their evidentiary media, as well as their threats and pain points.

After we complete the co-research, we create abstracted personas and journey maps to help extrapolate how to best serve them.

With over 54% of the global population owning smartphones, an increasing majority has the power to document human rights abuses. In many regions, this can be a dangerous task. Despite the risks, this work is incredibly important as it has the potential to improve human rights protections more broadly by ensuring mobile evidence is securely preserved, verifiable, and accessible to legal advocates and organizations representing those harmed.

Here are some examples of how the DACs use evidentiary media to strengthen their advocacy efforts:

The DAC in Mexico uses data and technology to strengthen journalism and civil society while fighting electoral and gender-based violence. They document their searches for missing people and clandestine graves and leverage the evidence to improve their search strategies, with the goal of increasing awareness, transparency, and accountability around the injustices.

The DAC in Ukraine works to center eyewitness accounts, reflections, and testimonies on the war. They use this compelling evidence to shed light on the true toll of Russia’s violence against them. By amplifying these narratives, they provide a comprehensive understanding of the conflict’s ramifications, informing more effective strategies for peacebuilding and rebuilding.

The DAC in Ecuador creates inclusive strategies to advance human rights, gender equity, and interculturality by documenting human rights abuses in the region. Much of this work is done through documentation and analysis of evidence of human rights abuses. They use this evidence to support Indigenous land rights against extraction corporations, advocate for the inclusion of forest people in global negotiations on forests and climate change, map femicide, monitor gender-based violence, and hold authoritarians in power accountable.

DAC’s Threats

Before reviewing the threats the DACs face, we will briefly outline our threat-modeling method to help you understand how we assess and respond to the threats.

Threat Modeling with and for DACs

Part of our co-research with the DACs involves threat modeling to help us get a deeper understanding of the physical or digital threats they are facing and behavioral and technical mitigation tactics that we can teach them to mitigate these threats. Threat modeling also allows us to use these learnings to update and refine our tools to best protect them from these threats.

According to the Level Up Network, threat modeling is “a way of narrowly thinking about the sorts of protection you want for [you and] your data. It's impossible to protect against every kind of trick or attacker, so you should concentrate on which people might want your data, what they might want from it, and how they might get it.”

For a detailed threat modeling scenario, please see Appendix A at the end of the blog.

Threat modeling, while helpful for groups on the ground to determine their risk level and what mitigation steps to take, also helps designers and tool developers know what things to consider when creating tools and how they might create additional problems in the future, according to the Human Rights-centered Design Methodology, co-created by Natalie Cadranel. Once the tools are made, those working with at-risk groups must carefully consider whether or not they will unintentionally harm the communities more than they help.

OpenArchive is fortunate to collaborate with these inspiring DACs who are actively defending human rights across the world. By equipping them with tools and tactics to navigate the challenges of the digital era, we are doing our small part in advancing justice and accountability around the world. Now, let’s take a closer look at the DAC’s contexts, threats, and needs so that we can then assess what mitigation strategies may work for them in our forthcoming publication.

Threats the DACs Face

The DACs we work with are often operating in conflict zones or areas with repressive regimes, facing digital and physical threats that are aimed at silencing them. Physical threats like device seizures, arrests, and forced data deletion are common. Additionally, digital threats such as surveillance, censorship, data breaches, in transit interception, and other online security and privacy challenges compromise their ability to safely upload and share data. Concurrently, there are challenges with maintaining long-term evidentiary digital archives, balancing the trade-offs between security and usability, how to overcome data format obsolescence, hardware failures, and ensuring consistent accessibility across evolving technological landscapes.

Mapping Threats from the Ukrainian DAC, KHPG

Each community is unique, and OpenArchive is committed to tailoring our support to meet these needs as best we can. In 2023, we organized the first cohort of our DAC program and published research memos and user personas summarizing the findings of our co-research.

Havana, Cuba, where human rights defenders like Maribel deal with privacy concerns, surveillance, and threats to their contacts and family in Cuba.

Khartoum, Sudan, where project managers like Nasser, struggle with unreliable internet and increased risk of hacking and malware on his computer.

Mexico City, Mexico, where documenters like Gabriela are concerned with device confiscation, insecure internet connectivity, hacking and malware.

Kharkiv, Ukraine where human rights defenders like Ivan worry about losing critical media via hacking, interference, or interception by bad actors. (See Figure 1)

Quito, Ecuador where researchers like Juanita face low internet connectivity and a myriad of physical threats in retaliation for her work.

Baghdad, Iraq where the human rights defenders, like Mohamed, are in need of digital security training and secure internet access.

DAC’s Needs

DACs need secure tools and processes to archive their digital evidence, thus ensuring long-term accessibility and protection against the aforementioned threats. However, using more secure technologies comes with a learning curve, as there are always usability trade-offs when using security- and privacy-first tools and methods. Therefore, DACs need access to expert guidance and easy-to-digest training materials in order to learn how to use these novel archiving techniques and evolving digital security practices. They also require resources to build and maintain their archives, purchase reliable software and hardware, hire personnel, and cover operational costs.

Now that we have an understanding of the DAC’s contexts and needs, we can better explore how they can mitigate their contextualized threats.

DAC’s Threat Mitigation Tactics

Through our co-research with DACs, we learned that collaborative harm-reduction tactics and secure archival tools are essential to help mitigate physical and digital threats to keep them and their evidentiary media safe.

Collaborative Harm-Reduction Tactics

The DACs share best practice guides, lessons learned, proven solutions, and resources with their networks to adapt to evolving threats and reduce fallout from single-point-of-failure issues and data loss. Towards these ends, OpenArchive helps these groups protect themselves and their media by offering training workshops, sharing best practice guides for safely capturing and archiving evidence, and tools that ensure their mobile media is verifiable, safe in transit and in storage, and accessible for future use, ideally for accountability and justice.

In these trainings and guides, we share how important it is to create offline backups of evidence to mitigate the risk of data theft or manipulation online. We also promote physical security measures to protect them during actions such as staying in groups, wearing protective gear, and avoiding confrontations with law enforcement.

Key Guides:

• Our guide on how to ethically and safely store sensitive mobile media

• Our Protest Survival Guide

• The EFF’s Quick and Dirty Guide to Cell Phone Surveillance at Protests by Cooper Quintin (OpenArchive’s Advisory Board member)

• Berkeley Copwatch’s guide to Copwatching, and

• Witness’s How to Film a Protest guide

Privacy & Security Tools

End-to-End Encryption

Privacy is paramount to the DACs. It is essential that their data is encrypted both in transit and while being stored to protect themselves and their media from unauthorized access and manipulation. For secure data transit, our communities prefer end-to-end encrypted chat apps like Signal, which stores all messages locally on devices and not in a centralized database, retains virtually no user data, is open source (their code is public and can be audited regularly by the communities who use it), removes metadata from media files and also lets users blur faces in media before sharing it. These features reduce the likelihood of malware injections, vulnerabilities, surveillance, and subpoenas from malicious actors for personal user data. While many of the DACs have started using Signal in the last few years, most were using less secure communication channels such as SMS, Snapchat, Telegram, Facebook, and WhatsApp prior to the widespread popularity/network effect of the Signal App. While Signal helps keep these communities safe, it cannot help them verify or preserve their media for long-term access. Since completely end-to-end encrypted archiving solutions are not yet available, we are working to provide a suite of solutions to fill the gaps in the DAC’s archiving needs, such as our secure mobile archiving app Save + encrypted backends like Nextcloud.

Decentralization

In our efforts to explore whether and how human rights archivists can use the decentralized web to help verify and preserve their evidence, we will now look at the potential benefits of decentralized storage options. While privacy tools and Decentralized Web (DWeb) technologies are increasingly more available, they are still not as usable or used as most proprietary centralized technologies. Monoliths like Google and Facebook are still dominating the internet despite their, as Cory Doctorow would say “enshittification” (e.g. their increasing disregard for the users it courted with attractive features a decade ago, extractive practices, surveillance, etc.).

Given the potential for decentralized storage technologies to solve key challenges archivists face, such as chain of custody, verification, redundancy, and long-term preservation, we are eager to utilize this technology to help better preserve the historical record. We will first look at the benefits and address the drawbacks in our forthcoming publication after we assess the privacy, usability, and other challenges these nascent technologies will have once implemented.

Potential Dweb Benefits

While these benefits are appealing, before we can deploy DWeb storage technologies with many of our communities, we must discern what trade-offs and harms this could pose to them in their given contexts. Towards this end, we will be threat modeling, building personas, and then actually deploying the technologies with key DAC members in controlled environments to assess what parts of the workflows could put them or their media at risk. In light of the many benefits the DWeb can offer our communities, we are hopeful that, through this research, we can work to improve the security and usability of these nascent tools so that they are useful and safe for our communities to use in their workflows.

Reflections and Next Steps

The urgent need for effective human rights archiving practices and tools cannot be overstated. Documenting history, especially when it involves human rights abuses, can be a dangerous endeavor. We learned from the brave DACs we work with that understanding their threats and implementing strategies to mitigate those threats is essential for them to be able to protect themselves and their documentation. Choosing the right tools and strategies for each context is key. This brings us to exploring how decentralized tech can work within these contexts.

In our next publication, we will map the potential benefits and drawbacks of DWeb storage onto the DAC’s unique threat models in order to understand how they may be affected by using the nascent decentralized storage technologies. Through this process, we will identify the affordances of the technologies as well as the tensions and trade-offs between the inherent transparency of the DWeb technologies with our need for privacy-first usable, secure tools that provide verification, preservation, and accessibility. Our hope is that, through this ongoing research, we can propose technical, usability, and privacy best practices recommendations to utilize the benefits of the DWeb while mitigating its potential threats.

Appendix A: Threat Modeling + Mitigation, In Action

Harkening back to Chrystalleni’s initial motivation for getting involved in this work, let’s apply threat modeling to her experience with censorship/forced deletion of the media she captured.

Scenario

A group is preparing to attend a demonstration and anticipate the outsized and illegal use of anti-riot equipment by the authorities. They are prepared to document the police’s human rights abuses in order to advocate for policies that better protect peaceful protesters.

Immediate Threats

The group has two goals: to stay safe during the non-violent protest and document unnecessary human rights abuses by the authorities. Before they join the action, they map out their threats:

• Physical Harm: a high pressure water cannon caused both bodily harm and ruined their recording devices,

• Device and Data confiscation: cameras and mobile devices were confiscated and protesters were forced to delete data on the spot,

• Arrests: protesters were taken to jail and charged.

Mitigation Tactics

The group decides to take the following measures:

• Strategic positioning: Ensure people are documenting from both the frontlines and the sidelines;

• Safe Documenting Tactics: Share materials educating participants on how to film a protest & how to film police abuse.

• Know Your Rights: Educate people on their rights to refuse access or confiscation of their devices and insist on legal representation if such demands are made of them;

• Protect Data: Institute measures to protect crucial data, such as, when using cameras, be ready to swap out a used data card with a blank card, hiding the used one or giving it to a friend to store safely.

• Mobile-Specific measures:

• Consider leaving primary/personal phones at home and getting a phone just for documentation;

• Enable airplane mode and disable GPS;

• Study the protest route/location beforehand and locate access points should they need to make a quick escape;

• Create a Signal group to coordinate with trusted participants only, turning on disappearing messages that are set to < 4 hours;

• Turn off biometrics (fingerprint and face unlock) on their phones & set up a 6-digit or longer passcode;

• Disable message previews on lock screen, delete history from web browsing apps, set a pin-control to access SIM data;

• Delete apps with personal info (e.g., Facebook, Twitter, LinkedIn);

• Have an app like Save pre-installed and ready to use to immediately upload media to secure backends after the action through an encrypted connection over mobile data for long-term preservation.