Security Culture and Security Measure
Summary:
All of what YARR does at this point (1/15/2025) is absolutely legal. However, considering that civil disobedience against immoral and Constitutionally proscribed Federal policies and actions will probably become necessary, that many actions that are legal now will be criminalized by the Republican Administration, and that private groups (militia) and individuals (“stochastic terrorists”) could also target YARR, it is recommend that YARR embrace the strongest possible security culture that doesn’t conflict with our role as a public institution to advocate for and defend our undocumented neighbors.
This report DOES NOT cover what to do when confronted by police or counter-protesters. Know your legal rights to not speak to anyone you don’t want to, to not let people into your house and car without a warrant, and so on.
The Security issues this report addresses can be subdivided into digital and nondigital.
Primary Threats
Digital
Group Public: Hacking to post DeepFakes, malware.
Group Private (server, email lists): Malware, surveillance, Distributed Denial of Service (DDoS) attacks.
Individual Private: Surveillance, malware, digital harassment, phishing, social engineering, data breaches,targeted attacks (e.g., women, PoC, LGBTQIA), warrantless surveillance.
Individual Public: Doxing, threats, hacking to post DeepFakes, malware.
Face-to-Face
Surveillance
SLAPPs (Strategic Lawsuits Against Public Participation)
Agents Provocateur
Disruption of meetings and gatherings
Persecution and Prosecution
Security Measures Recommendations:
Every activist should consider taking Legal Rights trainings and a Nonviolent Direct Action Preparation to help prepare for dealing with legal and physical threats. Every activist should be part of an affinity group or other active network that can support them if threatened, attacked, or arrested.
If enough resources are deployed, and legal restrictions are ignored, the U.S. government is capable of cracking any digital system. Networks of trusted friends are less brittle, but under the pressures of total surveillance and/or legal and physical intimidation, they also can be breached.
Digital
NonDigital
verbal threats
physical attacks
infiltration
provocation
arrest
Basic Issues
There is a clear tension between being a public group doing public outreach and needing popular support (even including local elected officials), and being a group where some are expecting to have to break the law, and where the group as a whole has a policy that the Trump Administration considers treasonous. The Republicans are planning legislation to make supporting undocumented people and opposing various roll backs of our freedoms illegal.” Thus making YARR illegal and those of us who persist lawbreakers.
Security isn’t just to prevent government persecution or attacks by non state actors. The kind of “hybrid” war the rightwing in America feels it is waging involves doxing, deepfakes, white, grey and black propaganda and all sorts of disruptions of communications, meetings, and demonstrations.
4 main threats, in decreasing order of power, but not necessarily danger.
1. Illegal Government actions
2. Legal Government actions
3. Skilled non-state actors — Corporations, some Militias, hackers
4. Unskilled non-state actors — most individuals, most local right-wingers.
These four different (but often overlapping) threat profiles need to be reevaluated periodically, as we move through the next four years, or longer.
Security Culture
The issue of security culture is explained in many of the Security Resources below. Basically, it means incorporating the reality of dangers political resistance into our daily lives. We need to always be aware of the physical and legal dangers we face, that we might be surveilled electronically and physically, and that the people we meet, even know well, might not be totally trustworthy. That said, probably as many activist groups have self-destructed through paranoia and mistrust than have been destroyed by outside persecution.
Security Resources
Activist Handbook
“Digital security for activists”
“Security culture in activism”
Amnesty International Security Lab
“Digital Security Resource Hub for Civil Society”
Crimethinc
“What Is Security Culture”
Digital First Aid Kit
Detailed and reliable information for when there are digital security threats. Produced by a coalition of international activist groups.
Electronic Freedom Foundation
“Surveillance Self-Defense”
Immigrant Defense Project: ICE Raid Tool-Kit
Rukus Society
“Security Culture for Activists”
Front Line Defenders have an extensive list of “Digital Security Resources”
**
A key aspect of confronting security threat is understanding them concretely. Some resources:
Government Plans and Policies
ICE Official Statistics
Possible mass deportations and undocumented rights (at this point).
Unicorn Riot Homeland Security documents including the manual for training civilians (Citizen Academy)
Various ICE manuals from the a few years ago…including Interrogation and Arrest, Visa Investigation, Undercover Operations, Planning and Executing Armed Raids, Asset Forfeiture, Fugitive and Compliance Enforcement and Stripping Citizenship manuals.
Nongovernment Potential Threats Assessment Resources
Southern Poverty Law Center, especially their Hatewatch reports and Hatewatch map that tracked “Hate and Antigovernment Groups Across the US” in 2023.
ISD Global report on Militias in the US.
Good overview article on recent digital coordination of militias.
Summary:
All of what YARR does at this point (1/15/2025) is absolutely legal. However, considering that civil disobedience against immoral and Constitutionally proscribed Federal policies and actions will probably become necessary, that many actions that are legal now will be criminalized by the Republican Administration, and that private groups (militia) and individuals (“stochastic terrorists”) could also target YARR, it is recommend that YARR embrace the strongest possible security culture that doesn’t conflict with our role as a public institution to advocate for and defend our undocumented neighbors.
This report DOES NOT cover what to do when confronted by police or counter-protesters. Know your legal rights to not speak to anyone you don’t want to, to not let people into your house and car without a warrant, and so on.
The Security issues this report addresses can be subdivided into digital and nondigital.
Primary Threats
Digital
Group Public: Hacking to post DeepFakes, malware.
Group Private (server, email lists): Malware, surveillance, Distributed Denial of Service (DDoS) attacks.
Individual Private: Surveillance, malware, digital harassment, phishing, social engineering, data breaches,targeted attacks (e.g., women, PoC, LGBTQIA), warrantless surveillance.
Individual Public: Doxing, threats, hacking to post DeepFakes, malware.
Face-to-Face
Surveillance
SLAPPs (Strategic Lawsuits Against Public Participation)
Agents Provocateur
Disruption of meetings and gatherings
Persecution and Prosecution
Security Measures Recommendations:
Every activist should consider taking Legal Rights trainings and a Nonviolent Direct Action Preparation to help prepare for dealing with legal and physical threats. Every activist should be part of an affinity group or other active network that can support them if threatened, attacked, or arrested.
If enough resources are deployed, and legal restrictions are ignored, the U.S. government is capable of cracking any digital system. Networks of trusted friends are less brittle, but under the pressures of total surveillance and/or legal and physical intimidation, they also can be breached.
Digital
- Communications:
- Webpage: Reasonable firewalls, only a few people with “write” access with dual factor authentication, group process to control pages. Strong passwords and perhaps use of passkeys.
- Email lists: Keep behind firewalls. Only authorized access to them, use BCC field and other formats for keeping email addresses private.
- Hosting: Some providers are more likely to protect YARR’s digital
- Deepfake threat: In-person code words against deepfake audio can be used to limit the impact of imposters.
- Doxing threat: For people concerned with doxing, no digital use of their true names.
- Use Protonmail, Tuta, or some other offshore encrypted email.
- VPNs (Virtual Private Networks) are complicated, but offer the highest levels of protection.
NonDigital
- Need to know.
- In-person meetings on sensitive subjects.
- Some system of rumor verification, especially of potential raids.
- Have policies in place for YARR members are under threat from:
verbal threats
physical attacks
infiltration
provocation
arrest
Basic Issues
There is a clear tension between being a public group doing public outreach and needing popular support (even including local elected officials), and being a group where some are expecting to have to break the law, and where the group as a whole has a policy that the Trump Administration considers treasonous. The Republicans are planning legislation to make supporting undocumented people and opposing various roll backs of our freedoms illegal.” Thus making YARR illegal and those of us who persist lawbreakers.
Security isn’t just to prevent government persecution or attacks by non state actors. The kind of “hybrid” war the rightwing in America feels it is waging involves doxing, deepfakes, white, grey and black propaganda and all sorts of disruptions of communications, meetings, and demonstrations.
4 main threats, in decreasing order of power, but not necessarily danger.
1. Illegal Government actions
2. Legal Government actions
3. Skilled non-state actors — Corporations, some Militias, hackers
4. Unskilled non-state actors — most individuals, most local right-wingers.
These four different (but often overlapping) threat profiles need to be reevaluated periodically, as we move through the next four years, or longer.
Security Culture
The issue of security culture is explained in many of the Security Resources below. Basically, it means incorporating the reality of dangers political resistance into our daily lives. We need to always be aware of the physical and legal dangers we face, that we might be surveilled electronically and physically, and that the people we meet, even know well, might not be totally trustworthy. That said, probably as many activist groups have self-destructed through paranoia and mistrust than have been destroyed by outside persecution.
Security Resources
Activist Handbook
“Digital security for activists”
“Security culture in activism”
Amnesty International Security Lab
“Digital Security Resource Hub for Civil Society”
Crimethinc
“What Is Security Culture”
Digital First Aid Kit
Detailed and reliable information for when there are digital security threats. Produced by a coalition of international activist groups.
Electronic Freedom Foundation
“Surveillance Self-Defense”
Immigrant Defense Project: ICE Raid Tool-Kit
Rukus Society
“Security Culture for Activists”
Front Line Defenders have an extensive list of “Digital Security Resources”
**
A key aspect of confronting security threat is understanding them concretely. Some resources:
Government Plans and Policies
ICE Official Statistics
Possible mass deportations and undocumented rights (at this point).
Unicorn Riot Homeland Security documents including the manual for training civilians (Citizen Academy)
Various ICE manuals from the a few years ago…including Interrogation and Arrest, Visa Investigation, Undercover Operations, Planning and Executing Armed Raids, Asset Forfeiture, Fugitive and Compliance Enforcement and Stripping Citizenship manuals.
Nongovernment Potential Threats Assessment Resources
Southern Poverty Law Center, especially their Hatewatch reports and Hatewatch map that tracked “Hate and Antigovernment Groups Across the US” in 2023.
ISD Global report on Militias in the US.
Good overview article on recent digital coordination of militias.