tech & security de-coded
Sign up to hear about securing your organization, creating safe spaces online, and what the latest hacking news means for you!
our mission, vision + values
To empower vulnerable communities through secure technologies and practices.
A world where people can speak without fear of repercussion, ending the silence of censorship.
To engender security-positive cultures around the world, cultivate a new generation of experts, and shape domestic policies that are globally applicable, all to protect the lives and livelihoods of disenfranchised peoples around the world.
We believe that privacy is a basic human right.
These values are how we carry out that belief:
Battle Testing Privacy Tools:
hitting refresh on training culture
We realized that we didn’t know what was - and wasn’t - working in our digital security trainings.
refresh. refresh. refresh.
In fact, little conclusive research has been conducted on what causes security-positive behavior change. Our study of uptake helps trainers, developers, and funders understand what causes at-risk users to adopt security tools and secure communication habits. It consists of an assessment on the current digital security training landscape and a corresponding study comparing 3-4 training methodologies with two groups of activists in Eastern Europe in 2016.
The assessment will illustrate which methods have been tried, which are currently in use, any efficacy data that may be available, and other lessons learned. The landscape analysis will inform which variables we will modify among the examinations in the second study. Participants will be monitored over 12 months to understand which behaviors were adopted and why.
finally, some answers
We expect to create a baseline of data and guidelines that allows the Internet freedom community to make evidence-based and cost-effective decisions about how we put tools and knowledge into the hands of people living under censorship and surveillance around the world. Further, the project will cultivate a cadre of expert users of privacy and circumvention tools in Eastern Europe. We hope to connect our test communities with open-source tool developers for much-needed user testing, and to create a positive feedback loop for tool use and usability.
The results of the landscape assessment will be compiled, published, and otherwise distributed.
Minimum Security Standards:
returning agency to human networks
We want to revolutionize the way human rights networks incorporate security into their lives.
security is a network issue
We apply the findings from our secure tool adoption research and experiences with our human-centered auditing program to empower networks of activists to explore and define security strategies that work best for them. In January 2015, we piloted a community-driven effort to develop and adopt minimum security standards across a network of Central Asian human rights defenders.
We work with individuals and organizations to gain the skills and confidence to assess their own risks and evolve with the threats they face, ultimately eliminating the need for outside support. We focus heavily on follow-up frameworks - both technical and non-technical - as part of affecting behavior change. Our approach mitigates the effects of stress on learning by incorporating trauma-sensitive techniques, self-care practices, and psychological support.
expand + empower
From fall 2015 until summer 2017, we’ll scale the model to another network in Eurasia. We will iterate with other coalitions and groups in Central Asia and scale to Southeast Asia, gathering data on what works and doesn’t and then modify our process accordingly. We will share our findings with the public in raw format, periodic updates, and formal reports.
Human-Centered Security Audits:
There’s no app that can counter surveillance. Only people can.
Surveillance has become a mix of technical infiltration and socially-engineered attacks that aim to exploit human errors.
Until now, we’ve countered the threats posed by digital surveillance only with technical solutions. Increasingly elaborate security tools become increasingly enigmatic for everyday users, and organizational security is siloed off to understaffed or outsourced IT departments.
At CommunityRED, we’ve begun to explore human-centered solutions. Instead of fighting cyber security threats with increasingly complicated technology, our focus is to turn entire teams or networks into security superheroes. Since people create security threats, people can best prevent them. We challenge the tech arms race status quo and invest instead in helping people work together to protect each other.
meeting teams where they are
To do this, we’ve developed and iterated a security auditing program that shifts team cultures to embed security as a shared responsibility. We borrow from multiple fields and diverse backgrounds to create a model that depends on full team engagement, understanding specific team dynamics, and how teams can protect each other (and therefore, their organization) best.
We’ve begun to explore how best to share our framework and the knowledge we’re gathering around human-centered security practices and surveillance policies, at scheduled lectures, published "dispatches from the field," and formal meetings and reports. Want more information? Need help? Get in touch.
ADAPT: self-threat modeling
The game helps players understand their own behaviors and develop personal security strategies.
scalable alternative to training
This open-source mobile game application teaches journalists how to assess digital threats, risks, and vulnerabilities for themselves and their sources.
Journalists and citizen journalists increasingly report from contentious settings, facing a myriad of security issues and increasing digital risks. Often, training resources are too few and far between to reach those in crisis. This tool teaches critical thinking skills to mitigate those risks ahead of time, with less cost and risk of traditional training methods.
next steps + getting involved
With a Prototype Fund grant from the Knight Foundation, CommunityRED teamed up with Games for Change to draw out the concept and learning objectives of the game. We held a stakeholder meeting, conducted interviews, and tested concepts with journalists, citizen reporters, and journalism students in the US. We hope to expand the game to Iran and Vietnam in 2016.
Download and play the pilot game. Get involved!
2013: engaging pre-launch sequence
FreedomHack, Washington, D.C., August 2013
We brought US developers and programmers and Mexican journalists and activists together to design and re-engineer secure communication technologies.
uVirtus Launch Party, Washington, D.C., October 2013
Help Desk Happy Hour, Mexico City, November 2013
Building on our work at FreedomHack, we brought together journalists, activists and technologists from US and Mexico to continue working to tailor secure tools for Mexico and Central America, in partnership with The ISC Project.
2014: firing rocket boosters
RightsCon Panel, San Francisco, March
Shauna spoke about digital security issues in the international development context at RightsCon, Losing a Battle We Didn’t Know We Were Fighting: Surveillance and the Developing World, in our first collaboration with Sarah and the Arzuw Foundation.
Training + Tool Testing, Eastern Europe and Central Asia, March
We traveled to six countries where Arzuw’s Turkmen students were studying to beta-test Briar with them and researched the use of commercial surveillance software in the area.
Strategies for Digital Security in Development Projects, Washington, D.C., May
The symposium, held in partnership with AppropriateIT, The ISC Project, and IREX, convened 70 human rights activists, technologist, and international development experts to discuss digital security issues in international development and how to address them.
Weird Science House Party Fundraiser, Washington, D.C., July
With 100 of our closest friends, we toasted CommunityRED with sangria and jello shots, painted our faces to thwart facial recognition software, and auctioned off a 3-D printer.
ADAPT Kick-off, Washington, D.C., August
With a Knight Foundation Prototype Fund grant, we began to build an open-source, mobile game application, ADAPT, that teaches self-threat assessment skills as a scalable, lower-cost alternative to traditional digital security trainings.
Mexican Journalists Training, US/Mexico Border, Fall
We traveled to the US/Mexican border to engage journalists in discussions of physical, psycho-social and digital security. In this holistic style of training, we added trauma resilience and self-care to our curriculum.
International Press Freedom Awards, New York City, November
We attend the awards as a guest of the Ford Motor Company, hung with our friends at the Committee to Protect Journalists, and even made some new ones.
501c3 Exemption Status, Washington, D.C., December
At long last, the IRS grants us the coveted status! Now our work can be transparent.
2015: taking off!
Minimum Security Standards Pilot, Warsaw, January
With a coalition of Central Asian human rights defenders, we piloted a community-driven effort to develop and adopt minimum security standards across an entire network of individuals and devices.
Auditing Program, Washington, D.C., January
We began the auditing program in earnest, piloting the program with Global Zero, a DC-based disarmament organization.
TechHUG Incorporation, Washington, D.C., April
Amid increasing requests for security support from activists, disarmament groups, and human rights organizations based in North America, we spun off TechHUG , a U.S. LLC, that performs our holistic security audits.
Battle Testing Privacy Tools Launch, Washington, D.C., June
After several years of performing digital security trainings, we are hitting refresh. With the support of the Open Tech Fund, we are studying what causes the adoption of security tools with Belarusians and Central Asians in 2015 and 2016.
International Workshop on Misogyny on the Internet, Boston, June
Shauna attended this workshop at Harvard’s Berkman Center, building on CommunityRED’s work of securing women and their organizations online.
Holly is passionate about facilitating opportunities for people to make the world around them a better place, and specializes in managing the people, projects and processes needed for organizations to be successful. She particularly enjoys developing and conducting trainings with international audiences, and is skilled at understanding organizations and human behavior then designing and implementing systems to meet a need. Holly was previously the Managing Director at Global Zero working internationally to eliminate nuclear weapons, and has also worked at All Out promoting equality worldwide, as well as advancing democracy and civic participation at AmericaSpeaks and the Minnesota State University Student Association. She earned a Master of Public Administration from American University in Washington, D.C. and a B.A. in sociology and child development and care systems from Cornell College in Mt. Vernon, Iowa.
Director of Research and Global Programs
Sarah has been working in the former Soviet Union since 2006. She was an Anne E. Borghesani Scholar and Fulbright Scholar in Kazakhstan and a National Geographic Young Explorer in Central Asia. Sarah received a BA from Tufts University and an MA from the Fletcher School of Law & Diplomacy. She served as Executive Director of the Arzuw Foundation for four years, working to provide educational opportunities to Turkmen youth and supporting young Turkmen activists and bloggers. Her publications include “The End of Social Media Revolutions” and "International Education in the 21st Century." Her academic research focuses on the impact of mass surveillance on democracy and human rights around the world. Sarah’s background includes emergency response training and experience working in disaster zones with traumatized people. She speaks Russian.