When it comes to digital security, Robert Gamboa tries to watch his back, but it’s tough. It’s not just that he’s a public health officer who deals with highly sensitive data at work. He’s also a social activist, perennially under siege.
A few months ago, he was the target of avowed white nationalists bent on disrupting a high-profile anti-Trump rally he staged in West Hollywood.
They waged a Twitter attack, directing sympathizers to his Facebook page and posting cartoon gifs of Pepe the Frog in Nazi drag, which he tried to ignore. Robert felt safe enough. The WeHo Sheriff would be at the rally and his online accounts were, to his way of thinking, inviolable, secured by a maze of letters, numbers, special characters and case combinations.
Yet there he was the day of the rally, logged out of Facebook involuntarily, just as he was poised to live-post and liaise with print, online and TV reporters.
His password was refused, as were his attempts to set a new one. Uninstalling the Facebook app then reinstalling it – three times – did nothing.
How had it happened? A key logger? Unlikely. Robert doesn’t send attachments, let alone click them, preferring protected links with end-to-end encryption.
He’s a touch paranoid about hackers, having witnessed the destruction identity theft brought down on an ex-boyfriend. He probably gives too much credence to news reports. There was a story about thermal apps that discern your 4-digit credit card pin from the residual warmth of your fingers. Ever since, he fondles the keypad after entering his selection to disguise it. “I actually rub my fingers on all the buttons. I guess it could work.”
Tech consultant and media maven Alan Klein winces. “Even the tech-literate tend to panic when their devices and services are compromised. For activists, the stakes rise exponentially, but you have to take a step back and breathe.”
Alan – a founding member of both ACT UP and Queer Nation – has designed an educational program geared to the digital security needs of the social justice movement. Digital Safe Space, created in collaboration with the tech company Macktez, is offered free of charge to social justice activists.
He asked whether Robert’s Facebook account had been set up for unauthorized login alerts and 2-step verification. It had not.
You must dive into the menu “Setting up extra security” to find those options, which might have alerted him to Trump supporters’ random login attempts – so many attempts that they tripped Facebook security, forcing a security lockdown of the account.
Alan, who’s normal in every other respect, loves 2-step verification!
“You turn it on and you never have to worry that someone in Russia is secretly reading your email. And 2-step verification is not a modern invention, by the way,” he notes.
“In ACT UP, we used the old school version. Marshals or peacekeepers at protests were identified by the armbands they wore, however the only person who knew what color they would be was the person assigned to buy them, a person we already trusted. It prevented infiltrators from masquerading as ACT UP marshals.”
There are similar analog analogies for other Digital Best Practices, many of them enabled by the same skills we use in the physical world.
“Our instincts are sharp when it comes to safety and security,” says Alan. “We know someone is standing uncomfortably close. Digital threats aren’t always as visible, but you don’t have to see them to sense them.”
“Lock your devices, as you would the door to your house. Disable auto logons and require passwords when they wake up from sleep. If an email doesn’t look right, pick up the phone. And be realistic.
“Some password you’ll never remember. Instead, ‘write out a full sentence,’ Alan suggests — for example, ‘i-resolve-to-use-STRONGer!-passwords-in-2017.’”
Simple, effective, free. No proprietary software, online subscriptions or technical consultants required.
“So many activists are under-resourced that a plan such as Alan’s is essential,” says Richard Burns, Interim Executive Director at the Johnson Family Foundation, a major backer of LGBT causes. “We must up our game. Not just to deal with surveillance by the American government, but by foreign entities and hackers.
“I’m not naturally tech-savvy. I like common sense systems. When I read the description of the workshop, I said this was designed with me in mind.”
It’s an accessible course – lively and devoid of jargon. An apt choice for the clients at the David Bohnett Foundation’s CyberCenters if there’s a way to deliver it to them free. Paul Moore, Program Officer for the Beverly Hills organization, dispenses millions to set up the labs at gay and
lesbian community centers nationwide, but the funding doesn’t cover internet service or operating costs, which are borne by sites that may lack resources for training. “Digital Safe Space presents information that’s critical to our well being at this time and it does so smartly,” said Paul.
According to Javelin Strategy & Research, 15.4 million consumers were victims of identity theft or fraud last year, up 16% from the year before, at a cost of $16 billion. Los Angeles isn’t the worst US city in terms of losses, but it’s bad enough to merit the biggest county-level Cyber Crime unit in the country.
Again, a warning from Alan: “Despite the endless attacks and endless security measures you could adapt to deal with them, you don’t want to be ruled by your paranoia. If you’re not Edward Snowden, you don’t need to pull a blanket over your head before entering a password.”
Or as Alex Garner, Senior Health Innovation Strategist at Hornet. puts it, “Under Trump we’re forced to be vigilant and take whatever precautions we can to protect our privacy.
“But we also have to decide which risks we’re willing to live with, which we aren’t and which we will resist, to foster a community where people can express themselves, free of stigma and fear.”