For those just beginning their efforts to foment political change, Ahmed Mansoor has a crucial piece of advice: To be both safe and effective, thinking deeply about one’s own cybersecurity practices is essential.
Mansoor has been a prominent figure fighting for human rights in the United Arab Emirates for over a decade, starting when an online discussion forum he frequented was shut down by government officials and its owner was arrested.
“I started defending freedom of expression because I believe that basic right … (is what) all other rights are really built on,” he said in an interview over Skype.
Mansoor has spent years protesting his government’s systematic silencing of journalists and pro-democracy activists. He helped create a discussion board on which Emiratis could freely and anonymously discuss controversial opinions, a rarity in the conservative UAE.
“Nobody else was allowing that level of freedom of people to talk,” Mansoor boasted. “They were deleting them. They were suppressing them. They were blocking users who talked about these red lines,” which ran the gamut from the political to the religious.
In response to the 2011 Arab Spring uprisings across the Middle East, the UAE enacted a spate of political reforms, which Mansoor said didn’t go nearly far enough. He helped circulate a petition calling for universal suffrage for UAE citizens. The petition attracted a massive level of attention and resulted in Mansoor’s arrest on the charge of insulting government officials.
While he ultimatelywas pardoned after spending eight months in prison, Mansoor never stopped being the subject of government scrutiny. In the years since, he’s been under constant surveillance.
A telecommunications engineer by training, Mansoor has been dubbed the “Million Dollar Dissent" because of the great lengths to which authorities in the UAE have gone to monitor his electronic communications.
A single piece of spyware sent to Mansoor, which he identified and then rerouted to researchers at the University of Toronto for analysis, was packed with features taking advantage of three previously undiscovered flaws in the security of Apple’s iPhone. Based on the private sale of information about a similar vulnerabiltity made public last year, the spyware used against Mansoor may have cost $1 million to construct.
Why is Mansoor such a target?
“It’s obvious that my activities are annoying the authorities here, as they don’t want human rights violations to be revealed. I’m probably the most active and outspoken human rights defender in UAE, with good reach to the international human rights organizations, international media, U.N. and so on,” he said, noting he’s won international awards for his activism.
Despite his vigilance, Mansoor has had his electronic devices compromised and his online accounts hacked. He’s been physically assaulted and once saw the $140,000 end-of-service benefit he received from his telecom company job after his arrest and subsequent termination mysteriously disappear from his bank account. It’s enough to make someone legitimately paranoid.
Unsurprisingly, Mansoor is incredibly careful about how he manages his digital privacy, which he sees as a cornerstone of his activism.
“This is extremely important because … it could jeopardize your ability help people. It would hinder your efforts to communicate with victims,” he said. “Not only that, it might also identify them as targets and subject them to reprisal from the authorities.”
“It may also cause you to be convicted using one of those open-ended terminologies or clauses in laws,” he added, recalling his own experiences in the UAE, “due to any type of peaceful communication with human rights organizations or media to raise (awareness of) these kinds of human rights violations. They would consider them either acts that are harming the national security or destroying the image of the country.”
What follows is a cybersecurity guide for activists. Compiled with advice from technologists who build these tools to activists such as Mansoor who use them, these strategies can be used by people on either side of the political aisle, by organizers and journalists alike.
Most of the tips are straightforward and require little specialized technical knowledge. Complexity can trip up people and delay important communications. Journalist Glenn Greenwald’s initial inability to set up email encryption, which can be tricky for technical neophytes, nearly derailed former National Security Agency contractor Edward Snowden’s attempts to leak him stolen documents exposing the U.S. government’s omnipresent electronic surveillance dragnet.
For the tools in this guide, if you can use Gmail or Facebook, none of these suggestions should be especially taxing. Nor are any of these individual suggestions, or even all of them taken together, a panacea. Using any electronic device will always come with some risks, no matter how careful you are about cybersecurity.