THE DEFENDER'S protocol
The Holistic Security Protocol for Human Rights Defenders (the Defender’s Protocol) helps us advance our physical safety, digital security, and wellbeing and resilience. By following the Protocol, we enhance our individual and collective security, and can reduce the burden of attacks, harassment, and censorship on us and our communities.
The Defender’s Protocol is based on Open Briefing’s experiences working with at-risk defenders all over the world; however, there will be important local differences that cannot be reflected in universal guidance, and you should adapt the Protocol to suit your situation, work, and profile.
SAFETY AND SECURITY
Seek to better understand and manage the risks that you face:
Consider who your allies and adversaries are. Understand the resources and networks that your allies might leverage in your defence. Understand the capabilities and intentions of your adversaries so that you can better judge the threat that they pose.
Consider how your work, identity, tactics, and other factors and characteristics increase or decrease your vulnerability or exposure to the threats.
Assess the likelihood of an attack or other incident occurring and the impact should it occur, in order to understand the level of risk to you.
Take concrete steps to reduce the likelihood and/or impact of each of your risks.
Maintain awareness of what is going on around you and be alert to any changes to the people and things in your environments.
At high-risk times or locations, travel with friends, family members or co-workers or request international protective accompaniment.
Ask a trusted and capable friend, co-worker or family member to be your safety contact. At times of heightened risk, tell them in advance where you are going, what you are doing, and when you will return. Check in with your safety contact at pre-agreed regular times throughout the day. Agree with them what they will do and who they will contact should they not hear from you.
Prepare your family and co-workers so that they are better able to cope should the worst happen:
Make a will and ensure that your family knows where your important financial and legal documents are stored.
Develop a continuity plan with co-workers so that they can continue working in your absence.
Help your family and co-workers draw up plans for them to relocate, seek sanctuary or asylum, or otherwise keep themselves safe from any further reprisals.
If possible, complete holistic security training designed for human rights defenders. Also consider completing advanced first aid training and purchase individual trauma kits for your home, vehicle, and office.
Understand the level of risk to you and your family that you are prepared to accept. Do not be afraid to ask for help or pause your work if the situation becomes riskier than you are comfortable with.
Consider the different types of information that you hold and seek to better understand both their value to your work and the harms to you and others that could result from an attacker accessing them. Put in place additional measures to protect those assets representing the greatest value or potential harms.
If it has to be shared, communicate sensitive information with co-workers face-to-face or using communication tools that allow end-to-end encryption and disappearing messages.
Ensure that any computer or mobile device that you use:
Cannot be physically accessed by unauthorised persons.
Requires a password or passcode to unlock.
Is running the latest available versions of the operating system and all installed apps/software.
Has full-disk encryption enabled, if legal in your country.
Has anti-virus software and a firewall installed, updated and configured correctly.
Is not rooted or jailbroken and does not have any pirated software installed on it.
Is shut down and powered off as frequently as possible, rather than just put into sleep or hibernate state.
Ensure that any online service that you use:
Requires a complex, unique password to access.
Has two-factor authentication (2FA/2SV) enabled, if available.
Use an encrypted password manager to keep track of all your online passwords and store your 2FA backup codes.
Use a privacy-focussed VPN if accessing the internet through a public or untrusted network.
Securely delete sensitive information in all its forms and variations as soon as it is no longer needed, and ensure that it is not recoverable.
Securely store any sensitive written notes, hard copies and other printed material and shred or burn them as soon as they are no longer needed.
WELLBEING AND RESILIENCE
Maintain good sleep hygiene, including establishing a regular nightly routine and a pleasant sleep environment, if possible.
Eat regular meals and maintain a healthy diet.
Regularly walk, exercise or play sport.
Address physical illness or injury, and give yourself time to heal.
Engage daily in self-reflection and contemplative practices.
Do not use drugs or alcohol as a way of coping with stress or trauma.
Maintain relationships with friends, family, co-workers and community members who can support you.
Seek appropriate help if your health or wellbeing is deteriorating.