Lead organizers for various protests being held in the wake of President Donald Trump’s inauguration have been fending off phishing attempts and have moved to private encrypted communication channels to protect the thousands of people expected to take part in Saturday’s events.
Karen Waltuch, the lead organizer for the New York chapter of the Women’s March on Washington, told fellow organizers that she’s dealt with spearphishing and malware in the lead up to the protest, according to Mary Emily O’Hara, the communications coordinator for the chapter. For San Francisco organizers, the local organizing website was subject to repeated but light attacks, organizers Martha Shaughnessy and Adam Napolitan told CyberScoop. To segment and protect the organizing work, activists have set up separate chat rooms, emails and domains.
Just a couple of weeks after Trump’s election victory, more than 100,000 people had already committed to joining the Washington march. Over the past few weeks, event organizers have turned to issues of permits, logistics and speakers on what’s expected to be a chilly and crowded day in D.C. However, in the leadup to the event, digital security has been at the forefront of organizers’ concerns.
The marches in D.C. and elsewhere punctuate an election cycle with seemingly endless stories of internet security catastrophes marked by prominent spearphishing attacks and tidal waves of disinformation. If cybersecurity once seemed like a foreign concept, it became dinner table conversation in America in 2016.
In the days after the election, the New York City chapter of the Washington march recommended all organizers use Signal, the encrypted messaging app whose download numbers jumped 400 percent following Trump’s election. Following years of growing popular concern over mass surveillance, Friday’s inauguration ushers in renewed uncertainty in the United States about who will be watched and why. The explosion in popularity of apps like Signal can be traced back to the presidencies of George W. Bush and Barack Obama, under whom debates over government surveillance reached new levels of intensity.
The marches’ many websites contain links to online guides and tweets from cybersecurity experts but, just like the organizing itself, much of the security chatter is taking place privately. Two days before the rally, marchers received instructional emails saying that the messaging app WhatsApp is no longer safe, citing a highly controversial article in the Guardian claiming the app has a security flaw. That article has been dismissed as inaccurate, with dozens of prominent security experts penning an open letter against it.
The entire event began online, grew through public and private messages over the internet and became a headline-making phenomenon as word spread via SMS, direct messages, chat rooms and forums to join in. Organizers worked together online to build what’s become a focal point of opposition against an incoming administration and Congress that’s advocated expanded surveillance and offensive hacking.
Organizers have received basic security training and were encouraged to take “specific precautions,” said Napolitan, who is the communications lead for the Bay Area marches. Napolitan didn’t elaborate further.
Signal, lauded by many experts as a top choice in the growing field of secure chat apps, is an increasingly common sight at protests in the U.S. and around the world. The app was in expanding use on the ground during the Dakota Access Pipeline protests in 2016 as a direct response to multiple reports of police surveillance and hacking against protesters.
“Since [Occupy Wall Street] and before, activists have learned the hard way that simply to organize peaceful demonstrations, safe communications are a must,” said activist Jon Ziegler, who protested at Standing Rock. Ziegler was wounded days ago by a rubber bullet hitting his hand. He believes police were aiming for his phone, which was livestreaming at the time.
A nonprofit, corporation or political party of similar size and resources of the Women’s March would have a massively staffed and expensive security team protecting organizers and marchers. But grassroots movements can be ephemeral and disorganized — and security often takes a backseat to other aspects of organizing. That leaves a vacuum sometimes filed by information that’s patchwork, decentralized and sometimes outright wrong.
Ziegler, with others, has worked to spread security awareness. “I talked security culture with them and discussed how documentation makes you a target. So sending things like exact location over SMS is not good practice. I’ve seen that play out where cops are waiting at a protest location and it was just one activist who slipped and texted, rather than encrypt.”
Protest surveillance has long been a fact of life, so much so that cybersecurity is creeping ever closer to top of mind for those who organize such events on a regular basis. Discussions about how to stay digitally safe, secure and private are had right alongside conversations about physical safety.
Out of a cacophonous and years-long security debate, Signal (along with apps that rely on Signal’s protocol like WhatsApp) emerged as the go-to, easy-to-understand protection against many forms of eavesdropping. Well over 1 billion people currently use Signal’s protocol for secure communications.