Hackpads are smart collaborative documents. .
181 days ago
Unfiled. Edited by nanyjharon@sinarproject.org 181 days ago
nanyjharon@sinarproject.org Day #1: #RightsCon; Funding for Digital Rights Organizations
Venue: Innovation Room, Floor 1st
Time: 14:30 - 15:45
Moderator: Dan Blah
Panels: Chris Riley, Cindy Cohn, Brett Solomon, Karl Kathuria, Roger Dingledine
 
Notes:
  • What is your North Star of sustainability?
  • Roger
  • Most government comes from US govt
  • 1st category - R&D
  • 2nd category - deployment or training
  • 3rd category
  • Added ex EFF ED - very good at layering things
  • Love to have continue govt funding
  • Individual donations like EFF style
  • Brett
  • Have funding policy - what you can take and what you can't
  • Criteria approach to fundraising
  • Don't accept funding that jeopardize relationship of partners and put staffers at risk
  • We do accept SIDA
  • Transparency approach fundraising
  • Publish funding and budgets online for public to see and critic
  • Would love to have membership model like EFF
  • Chris
  • Revenue comes from corporations site
  • Search engine partners such as Yahoo
  • Having mix of high level not for profit and for profit structure is intriguing one
  • Maintain the spirit of non profit
  • Mix of grants for grassroots community
  • Fellowship for community programmes
  • Roger
  • Transparency is also important to Tor too
  • Tor only build the things that the organisation want to build
  • Karl
  • Treat everything as business
  • Worked with a lot of broadcasters around the world
  • Sponsor content that we put online
  • Cindy
  • Fundamentally supported by individuals and communities
  • Does not receive money from government
  • Definitely focus on memberships
  • What's working and what's not?
  • Cindy
  • Why memberships model works?
  • Supporting memberships is a full time job, you can't treat it as secondary
  • Applied this concept since EFF was small
  • Include human element by meeting supporters
  • Brett
  • Proposed EU parliament for 100 million euros fund digital rights initiatives
  • Putting conference as added value to discussions for donors - much easier to connect with donors from here
  • Karl
  • Challenges - success of softwares, more people using softwares
  • How much risks when there is one narrow source of funding?
  • Chris
  • Diversification in both corporation and non profit side
  • Pick missions and principles first and don't let that interfere with the existing relationships
  • How to get human rights funders?
  • Chris
  • Know your audience, thinking about different range of actors
  • Being able to speak to them while maintaining your spirit for more universal values set
  • Brett
  • Understand human rights and digital rights framework - everything are online
  • Elaborate how-to pitch/approaches to individual donors and foundations.
  • Cindy
  • Focus on growing memberships, funders will follow
  • We're protecting the people that they are protecting
  • Roger
  • Look I'm important and I'm doing important vs milestones in treadmills approach
  • Karl
  • Whenever we get funded, turn it into make money itself - commercial tools
  • Roger - we do free approach
  • tools that everybody can use to make the world a better place
  • When funders demand more but does not give you enough to do it
  • Cindy
  • We make more than we spent
  • EFF works for tips
  • Making sure than people know EFF exist
  • EFF is on control, when stuff happens, pivot and go
  • Must have honest conversations with funders
  • What kind of reporting they want and how deep they want it
  • Brett
  • Give us the space to make decisions and make mistakes
  • The tension between urgency that drives funding and sustainability
  • Balance of needed reporting and overburdening partners - what's your ideal reporting would be?
  • Karl
  • Did a lot of reporting matrix and can take up a lot of time but it is still useful things to do
  • Add more funding requests in the reporting
  • Reporting burden remains the same
  • Roger
  • Teaching the funders what you did but also teaching the whole world what you did
  • Chris
  • Spent so much time on strategic action that Mozilla does on what Mozilla do
  • Brett
  • Responsibility to report back is understandable
  • The report should work for the grantee not the grantor
  • Grantee and grantor should work together
...
181 days ago
Unfiled. Edited by nanyjharon@sinarproject.org 181 days ago
nanyjharon@sinarproject.org Day #1: #RightsCon; Evolving Digital Threats and the Challenges to Current Response Mechanisms: Finding Common Ground Between Civil Society and Private Sector
 
Venue: Innovation Room, Floor 1st
Time: 12:00 - 13:15
Moderator:
Panels: Camille, Panel #2, Jennie, Panel #4, Panel #5
 
Notes
  • Panel #2
  • I work for a very small start so we don't have to obey rules on what to share and what not to share
  • Wouldn't reveal on things that you shouldn't ever reveal
  • Panel #5
  • Civil societies don't care to dig in depth behind malware
  • Semantics was involved in realizing this malware
  • Google will show warning when civil societies received cyber attacks
  • privacy and security challenges?
  • complaints about the firewall between private companies and activists
  • trying to get technical language out of the people with private companies
  • it took time to teach civil societies about phishing etc
  • strategies to get the right information out from civil societies
  • focus on creating social groups by media and civil societies
  • allows them knowing that you exist
  • build communications with them through these social groups
  • choosing point of contact from the circles
  • pick someone (champion) who speaks a little bit of security would be helpful between private sectors and social groups
  •  Camille
  • People who uses Gmail, we try to understand what kind of digital securities are there using etc
  • Shield is a good example
  • Research and documentation should be done with civil societies and at risk communities on the ground
  • Panel #5
  • A lot of threats from hacked email accounts such as Mac/Apple
  • Panel #2
  • There should be more resources from private sectors
  • Moderator
  • For 2 factor authentication - more companies must move towards to ubikey and less on authentication via sms
 
 
 
182 days ago
Unfiled. Edited by nanyjharon@sinarproject.org 182 days ago
nanyjharon@sinarproject.org Day #1: #RightsCon; Best Practices for Building and Maintaining Threat and Information Sharing Communities
 
Venue: Clarity Room, Floor 8th
Time: 10:30 - 11:45
Moderator: Shamus
Panels: Haley, Panel #2, Daniel, Nighat
 
Notes
  • Nighat - Digital Rights Foundation recently started cyber harassment helpline
  • Shamus - Challenges of information sharing?
  • Haley
  • looking at internet response
  • what is the process in place at the moment
  • what is the drawback
  • looking at a ad-hoc approach
  • 99% of the time, the information staged between organisation and service providers
  • Benefits - great trust between organisations and service providers, service providers knew who to approach when trust were gained
  • small number of service providers rely on over and over again
  • inefficient - different people coming from service providers with different attacks
  • Panel #2
  • Belgium & EU example
  • few teams finding similar malware
  • after few weeks and it turns out everyone have the same stuff
  • need - automated alert and response i.e get one platform to make it easier to strategize effectively
  • share information more broadly with trusted partners
  • technical indicators make easier to share
  • Daniel
  • Problem - formalize the process inside each organisations
  • have commitment and capacity with the need to share information
  • each organisations have different workgroups - utilize these groups to fill each other gaps and collaborate together
  • Shamus - Are there tools that help information sharing in all aspects i.e political corruption
  • Nighat
  • Pakistan - muslim laptop ban
  • Daniel
  • Have at least a monthly check in to share information
  • Shamus - how do you see the trust & mistrust by partners and the role that you work
  • Haley
  • 1st talk of conversation - trust
  • there's trust issue between CSOs themselves
  • there's trust issue between service providers
  • there's trust issue between CSOs and service providers
  • some organisation don't know how others are operating - awareness of their existence in the community puts others at risk
  • trust of the intention behind information sharing is real value for the rest of the community and yourself
  • do you have trust over the weakest link of X community?
  • when the information sharing starts, you are just at risk as they are
  • Panel #2
  • when you receive emails (information sharing starts), that's when you refer to the technical indicators as a measurement of trust and mistrust
  • phishing applies to this approach
  • document always what kind of attacks X or Y receives, and different indicators used to see the different trends for different situations
  • Daniel
  • not about trust but about resources
  • when you receive malware, we share with different researchers that we have, let them build information
  • have to access on case by case basis
  • understand benefit for the community from information sharing
  • Nighat
  • not about trust but repercussions
  • once the report (information sharing) is out, what kind of risks that civil societies have to face?
  • have to consider what kind of repercussions that civil societies have to face by the state
  • being here at the public conference can be alarming for panelists too
 
Questions
  1. Have your organisations tried CVE (https://cve.mitre.org/)?
  1. Panel #2 - it make sense for bigger organisations but not for small organisations, it's good to keep an eye on it if you have a tech team
  1. Why information sharing is good for documenting harms for advocacy, defense and research?
  1. Shamus - understand the threats communities facing
  1. Daniel - try to get information and adopt solutions with communities in different situations is complicated but it worked
  1. easier to know who to reach out
  1. can provide details with 1 to 1 communications
  1. Panel #2 - find common trends might see similar kinds of attacks across sectors
  1. Nighat - DGF started cyber harassment helpline platform as one of the solutions
  1. Will be sharing law enforcement in Pakistan
  1. No in depth research and report because there is no capacity to do so
  1. People who attended the workshops are the one who are helping managing the helpline
  1. Haley - find our remit, there's research and defense element in the process but less on documenting harms faced by the communities
  1. if you really want to document, have to bring the element of attributions
  1. another level of work that needed to do that requires a lot of capacity
  1. objective is defense
  1. helped us extricate a lot from messy arguments between service providers about closure, ownership etc
  1. Do the same approaches applied in computer literacy when sharing threat information?
  1. Shamus - couple of challenges to integrate different datasets
  1. collection of indicators
  1. it's hard to build analysis from incomplete data until you have a complete narrative - intensive process
  1. goals of human rights documentation vs goals of threats documentation
  1. have common agreement on terminology first - i.e malware campaign vs physical violence campaign
  1. secondary component - there is a really good data about police misconduct, when people use data for their work so the terminology applies to their work
  1. Daniel
  1. descriptive sharing - platform to bring awareness about issues but not sure how platform would suit this need?
  1. Haley
  1. physical security incidents almost certainly have digital security consequences
  1. information have been shared from some people in the community that have been arrested
  1. less about platform, more about role of the community
  1. How to structure organisation positioning for sustainable growth?
  1. Haley
  1. no answers yet but it is something that we are looking at down the line, the funding model should be by contributions from partnered organisations
  1. Daniel
  1. the helpline have officers and partners we worked with on the ground, try to share effectively as possible, increase information sharing
  1. better to work with people on the ground to be able to have sustainable growth
  1. Nighat
  1. at risk communities takes time to trust you i.e LGBT communities
...
291 days ago
Unfiled. Edited by sweemeng ng 291 days ago
sweemeng n Round table of parliamentary openness 
 
Italy have open data since 2012. Have everything, Mp need education despite that. 
 
Data pushed are mostly documents, because that's what gov 
 
It is mostly driven by pmo. 
 
Ukraine pmo involve in deciding the data. Few. Who will use it, who will maintain, how to sustain. 
 
So who owns the data 
In Canada data is there, but nobody knows. They use ogp process. 
 
Parliament is by the people. Thus belongs to the people. 
 
Transparency movement seems as antagonistic against authority. Congress in US for example distrust public  too
 
Should national action plan for legislative openness  rely with government. 
 
Hackerlab Brazil, doesn't work, have lot of data, but not many people use it. 
 
Fairly normal for people not using legislative  data. And business exist to produce service for politicians. Thus have to do it anyway even if no user. 
 
It is about effective use. 
 
Nobody care about open data and parliamentary. It is about the issues 
And no connection between public conversation and parliament
 
It should be issue focus. 
 
 
 
 
292 days ago
Unfiled. Edited by sweemeng ng 292 days ago
sweemeng n Panama papers 
 
Email hard to search therefore cross check with name db in batch 
 
Hard to find useful information many are meaningful 
 
Platform used is for secure access. 
Security is mostly on relationships. 
 
Indonesia have access to tax office cooperation. There is open data for court cases and crime. 
 
The team check with official source for validation for example company registry 
 
 
 
 
Members (56)
arfie dani Audrey Tang Haris Subandie Md. Suhaimin Jack Khor Lim 'asamlaksa' Huiying Keen Ngin Loo Donaldson Tan Aisyah Mohamed Jun Wen sam Shawn Tan Choon-Siang Lai (Jeffrey04) Lian Jim Keu Ng Foong Wai Salocin Dot TEN mohamad hafiz yusof Asmadi Md Saleh Mohd Hanis Hanisab mi kasa Rebecca Loh

Create a New Collection

Cancel

Move XXX to XXX


XXX will be invited to the XXX on XXX.

Cancel

Contact Support



Please check out our How-to Guide and FAQ first to see if your question is already answered! :)

If you have a feature request, please add it to this pad. Thanks!


Log in