|
Current Issue | Past Issues | About
the Report
Notes From the Field: Data Protection for Human Rights Groups in Guatemala
Miguel Cruz
SHR Computer/Network Engineer
In 2002, there was a series of burglaries at human rights organization offices
in Guatemala City. The break-ins were suspicious because only files and computer
equipment were stolen, while other easier-to-carry valuables were left behind.
The timing of the thefts was also cause for suspicion as several high-profile
military figures were then facing trials for kidnapping and killings during
the country’s 35 year civil war. The loss of computers that contained years
of documentation of human rights abuses set the work of the organizations back
several months.
Over the past several years, SHR Deputy Director Patrick Ball worked extensively
with the Guatemalan human rights community performing statistical analysis of
data on violence and human rights abuses. This data made it possible to present
a scientific argument rather than a collection of anecdotes and conjecture about
what had actually taken place in Guatemala’s past. Patrick lives, eats,
and breathes data and the prospect of losing all that information the human
rights groups had painstakingly amassed horrified him. He sought a way to deal
with this serious problem.
When I was hired by AAAS last year, Patrick handed me the goal of ensuring
that no human rights organization in Guatemala would lose a single byte of crucial
data again. Ordinarily, I would tell someone, “get yourself a CD burner
and keep a copy of your files at home.” But in Guatemala, that doesn’t
work, because the same suspicious break-ins have taken place at private homes.
Keeping information about human rights abuses at someone’s home would make
the house a potential target. We determined that the only really safe place
to keep the data was out of the country, beyond the reach of those who are interested
in suppressing the research findings.
Another key decision was to use Free Software (with a capital F and a capital
S), such as Linux computer operating system, for the servers at each organization
to gather, encrypt, and transmit the information. Software piracy is rampant
in the developing world where groups can often not afford to purchase their
own legal copies of word processing and database software. As the United States
continues to pressure foreign governments to crack down on the use of illegal
software copies, there is a growing concern in the human rights community that
governments around the world may use a campaign against software piracy as a
convenient excuse to harass institutions that oppose the government’s policies
or expose their human rights violations. By using Linux and other Free Software,
we not only saved thousands of dollars in license fees per organization, but
introduced organizations to a technology that allows them to focus their resources
on developing local capacity by hiring Linux consultants locally rather than
just spending money on software.
The core of the project consists of encrypting the information generated by
these human rights groups to prevent it from being snooped on or altered in
transit. Every night, the information is automatically copied and sent out of
the country to securely managed servers in physically safe locations abroad.
Of course, in order for that to happen, there needs to be a way to move all
that information overseas electronically. Some of the organizations had internal
networks and some even had DSL, but at others, the only way people exchanged
files was with floppy disks, and the only way they connected to the Internet
was by waiting to use the single computer with a modem and an outside line.
Therefore, we had to do a lot of basic infrastructure work before we could even
begin to move any data to safety. In November 2002, I made my first trip to
Guatemala with a duffel bag stuffed with tools and computer networking equipment.
Things like cables, routers, and hubs are substantially more expensive in Guatemala.
When the human rights workers started to realize all the benefits that they
were going to get from this project-no more lost work, no more waiting in line
to use a printer or to connect to the Internet-they asked how they could help.
I initially trained about a half a dozen people in the basics of network wiring.
They all pitched in, putting their regular jobs on hold to work late into the
evening wielding crimpers, digital cable testers, screwdrivers, and hammers.
By the end of the two weeks, word had gotten out and people from organizations
in nearby towns showed up and traded their labor for networking lessons.
I was really struck by the enthusiasm and energy that people put into the work.
Imagine if some stranger showed up at an office in the US with a bag of tools
and cables. How many people would put in extra hours for weeks on end in order
to discover what that stranger was doing and learn how they could do it themselves?
I returned to Guatemala for three weeks this April and May to install data
protection facilities at other organizations that I didn’t have time to
reach on the last trip. I was particularly gratified to see that some of the
groups that had sent people to help out in November had already made changes
in their network configurations as a result of what they learned. These changes
result in concrete improvements in reliability for little or no cost to the
organizations.
But the most gratifying aspect of this project is that many gigabytes of data
are now being stored safely out of harm’s reach and the next time a computer
disappears in the middle of the night, the delay to the human rights organization’s
work will be measured in hours rather than months.
Miguel Cruz joined the SHR staff in September 2002 to work on the Human
Rights Data Analysis Group, which provides technical support to large-scale
human rights data projects and international assistance to human rights groups
with networking, backups, and security of databases. See http://shr.aaas.org/hrdag/
for more information about this project.
| 
