Hackpads are smart collaborative documents. .


235 days ago
Unfiled. Edited by nanyjharon@sinarproject.org 235 days ago
nanyjharon@sinarproject.org Day #1: #RightsCon; Funding for Digital Rights Organizations
Venue: Innovation Room, Floor 1st
Time: 14:30 - 15:45
Moderator: Dan Blah
Panels: Chris Riley, Cindy Cohn, Brett Solomon, Karl Kathuria, Roger Dingledine
  • What is your North Star of sustainability?
  • Roger
  • Most government comes from US govt
  • 1st category - R&D
  • 2nd category - deployment or training
  • 3rd category
  • Added ex EFF ED - very good at layering things
  • Love to have continue govt funding
  • Individual donations like EFF style
  • Brett
  • Have funding policy - what you can take and what you can't
  • Criteria approach to fundraising
  • Don't accept funding that jeopardize relationship of partners and put staffers at risk
  • We do accept SIDA
  • Transparency approach fundraising
  • Publish funding and budgets online for public to see and critic
  • Would love to have membership model like EFF
  • Chris
  • Revenue comes from corporations site
  • Search engine partners such as Yahoo
  • Having mix of high level not for profit and for profit structure is intriguing one
  • Maintain the spirit of non profit
  • Mix of grants for grassroots community
  • Fellowship for community programmes
  • Roger
  • Transparency is also important to Tor too
  • Tor only build the things that the organisation want to build
  • Karl
  • Treat everything as business
  • Worked with a lot of broadcasters around the world
  • Sponsor content that we put online
  • Cindy
  • Fundamentally supported by individuals and communities
  • Does not receive money from government
  • Definitely focus on memberships
  • What's working and what's not?
  • Cindy
  • Why memberships model works?
  • Supporting memberships is a full time job, you can't treat it as secondary
  • Applied this concept since EFF was small
  • Include human element by meeting supporters
  • Brett
  • Proposed EU parliament for 100 million euros fund digital rights initiatives
  • Putting conference as added value to discussions for donors - much easier to connect with donors from here
  • Karl
  • Challenges - success of softwares, more people using softwares
  • How much risks when there is one narrow source of funding?
  • Chris
  • Diversification in both corporation and non profit side
  • Pick missions and principles first and don't let that interfere with the existing relationships
  • How to get human rights funders?
  • Chris
  • Know your audience, thinking about different range of actors
  • Being able to speak to them while maintaining your spirit for more universal values set
  • Brett
  • Understand human rights and digital rights framework - everything are online
  • Elaborate how-to pitch/approaches to individual donors and foundations.
  • Cindy
  • Focus on growing memberships, funders will follow
  • We're protecting the people that they are protecting
  • Roger
  • Look I'm important and I'm doing important vs milestones in treadmills approach
  • Karl
  • Whenever we get funded, turn it into make money itself - commercial tools
  • Roger - we do free approach
  • tools that everybody can use to make the world a better place
  • When funders demand more but does not give you enough to do it
  • Cindy
  • We make more than we spent
  • EFF works for tips
  • Making sure than people know EFF exist
  • EFF is on control, when stuff happens, pivot and go
  • Must have honest conversations with funders
  • What kind of reporting they want and how deep they want it
  • Brett
  • Give us the space to make decisions and make mistakes
  • The tension between urgency that drives funding and sustainability
  • Balance of needed reporting and overburdening partners - what's your ideal reporting would be?
  • Karl
  • Did a lot of reporting matrix and can take up a lot of time but it is still useful things to do
  • Add more funding requests in the reporting
  • Reporting burden remains the same
  • Roger
  • Teaching the funders what you did but also teaching the whole world what you did
  • Chris
  • Spent so much time on strategic action that Mozilla does on what Mozilla do
  • Brett
  • Responsibility to report back is understandable
  • The report should work for the grantee not the grantor
  • Grantee and grantor should work together
235 days ago
Unfiled. Edited by nanyjharon@sinarproject.org 235 days ago
nanyjharon@sinarproject.org Day #1: #RightsCon; Evolving Digital Threats and the Challenges to Current Response Mechanisms: Finding Common Ground Between Civil Society and Private Sector
Venue: Innovation Room, Floor 1st
Time: 12:00 - 13:15
Panels: Camille, Panel #2, Jennie, Panel #4, Panel #5
  • Panel #2
  • I work for a very small start so we don't have to obey rules on what to share and what not to share
  • Wouldn't reveal on things that you shouldn't ever reveal
  • Panel #5
  • Civil societies don't care to dig in depth behind malware
  • Semantics was involved in realizing this malware
  • Google will show warning when civil societies received cyber attacks
  • privacy and security challenges?
  • complaints about the firewall between private companies and activists
  • trying to get technical language out of the people with private companies
  • it took time to teach civil societies about phishing etc
  • strategies to get the right information out from civil societies
  • focus on creating social groups by media and civil societies
  • allows them knowing that you exist
  • build communications with them through these social groups
  • choosing point of contact from the circles
  • pick someone (champion) who speaks a little bit of security would be helpful between private sectors and social groups
  •  Camille
  • People who uses Gmail, we try to understand what kind of digital securities are there using etc
  • Shield is a good example
  • Research and documentation should be done with civil societies and at risk communities on the ground
  • Panel #5
  • A lot of threats from hacked email accounts such as Mac/Apple
  • Panel #2
  • There should be more resources from private sectors
  • Moderator
  • For 2 factor authentication - more companies must move towards to ubikey and less on authentication via sms
235 days ago
Unfiled. Edited by nanyjharon@sinarproject.org 235 days ago
nanyjharon@sinarproject.org Day #1: #RightsCon; Best Practices for Building and Maintaining Threat and Information Sharing Communities
Venue: Clarity Room, Floor 8th
Time: 10:30 - 11:45
Moderator: Shamus
Panels: Haley, Panel #2, Daniel, Nighat
  • Nighat - Digital Rights Foundation recently started cyber harassment helpline
  • Shamus - Challenges of information sharing?
  • Haley
  • looking at internet response
  • what is the process in place at the moment
  • what is the drawback
  • looking at a ad-hoc approach
  • 99% of the time, the information staged between organisation and service providers
  • Benefits - great trust between organisations and service providers, service providers knew who to approach when trust were gained
  • small number of service providers rely on over and over again
  • inefficient - different people coming from service providers with different attacks
  • Panel #2
  • Belgium & EU example
  • few teams finding similar malware
  • after few weeks and it turns out everyone have the same stuff
  • need - automated alert and response i.e get one platform to make it easier to strategize effectively
  • share information more broadly with trusted partners
  • technical indicators make easier to share
  • Daniel
  • Problem - formalize the process inside each organisations
  • have commitment and capacity with the need to share information
  • each organisations have different workgroups - utilize these groups to fill each other gaps and collaborate together
  • Shamus - Are there tools that help information sharing in all aspects i.e political corruption
  • Nighat
  • Pakistan - muslim laptop ban
  • Daniel
  • Have at least a monthly check in to share information
  • Shamus - how do you see the trust & mistrust by partners and the role that you work
  • Haley
  • 1st talk of conversation - trust
  • there's trust issue between CSOs themselves
  • there's trust issue between service providers
  • there's trust issue between CSOs and service providers
  • some organisation don't know how others are operating - awareness of their existence in the community puts others at risk
  • trust of the intention behind information sharing is real value for the rest of the community and yourself
  • do you have trust over the weakest link of X community?
  • when the information sharing starts, you are just at risk as they are
  • Panel #2
  • when you receive emails (information sharing starts), that's when you refer to the technical indicators as a measurement of trust and mistrust
  • phishing applies to this approach
  • document always what kind of attacks X or Y receives, and different indicators used to see the different trends for different situations
  • Daniel
  • not about trust but about resources
  • when you receive malware, we share with different researchers that we have, let them build information
  • have to access on case by case basis
  • understand benefit for the community from information sharing
  • Nighat
  • not about trust but repercussions
  • once the report (information sharing) is out, what kind of risks that civil societies have to face?
  • have to consider what kind of repercussions that civil societies have to face by the state
  • being here at the public conference can be alarming for panelists too
  1. Have your organisations tried CVE (https://cve.mitre.org/)?
  1. Panel #2 - it make sense for bigger organisations but not for small organisations, it's good to keep an eye on it if you have a tech team
  1. Why information sharing is good for documenting harms for advocacy, defense and research?
  1. Shamus - understand the threats communities facing
  1. Daniel - try to get information and adopt solutions with communities in different situations is complicated but it worked
  1. easier to know who to reach out
  1. can provide details with 1 to 1 communications
  1. Panel #2 - find common trends might see similar kinds of attacks across sectors
  1. Nighat - DGF started cyber harassment helpline platform as one of the solutions
  1. Will be sharing law enforcement in Pakistan
  1. No in depth research and report because there is no capacity to do so
  1. People who attended the workshops are the one who are helping managing the helpline
  1. Haley - find our remit, there's research and defense element in the process but less on documenting harms faced by the communities
  1. if you really want to document, have to bring the element of attributions
  1. another level of work that needed to do that requires a lot of capacity
  1. objective is defense
  1. helped us extricate a lot from messy arguments between service providers about closure, ownership etc
  1. Do the same approaches applied in computer literacy when sharing threat information?
  1. Shamus - couple of challenges to integrate different datasets
  1. collection of indicators
  1. it's hard to build analysis from incomplete data until you have a complete narrative - intensive process
  1. goals of human rights documentation vs goals of threats documentation
  1. have common agreement on terminology first - i.e malware campaign vs physical violence campaign
  1. secondary component - there is a really good data about police misconduct, when people use data for their work so the terminology applies to their work
  1. Daniel
  1. descriptive sharing - platform to bring awareness about issues but not sure how platform would suit this need?
  1. Haley
  1. physical security incidents almost certainly have digital security consequences
  1. information have been shared from some people in the community that have been arrested
  1. less about platform, more about role of the community
  1. How to structure organisation positioning for sustainable growth?
  1. Haley
  1. no answers yet but it is something that we are looking at down the line, the funding model should be by contributions from partnered organisations
  1. Daniel
  1. the helpline have officers and partners we worked with on the ground, try to share effectively as possible, increase information sharing
  1. better to work with people on the ground to be able to have sustainable growth
  1. Nighat
  1. at risk communities takes time to trust you i.e LGBT communities
479 days ago
Unfiled. Edited by Swee Meng , nanyjharon@sinarproject.org 479 days ago
Swee M APrIGF2016, Day 3: Cybersecurity Threats Possible Collaboration in South and South East Asia
Room 401
Expected speakers:
Full Name Organization Designation of Residence Stakeholder Group Status of Confirmation
Mr. Arun Sukumar Observer Research Foundation Head, Cyber Initiative India Civil Society Confirmed
Mr. Jahangir Hussain Open Communications Limited Chief Technical Officer Bangaladesh Technical Confirmed
Mr. Zakir Syed SAMENA Telecommunications Council Head of Market Research /(Manager Telecoms & ICT Research) Pakistan Private Sector Confirmed
Mr. Said Zazai Chief Information Officer Ministry of Finance Afganistan Government Confirmed
Mr. Mr. Subhash Dhakal IT Director Department of Information Technology, Ministry of Science and Technology Nepal Government Confirmed
Mr. Mr. Rohana Paliaguru Manager-Operations Sri Lanka CERT|CC Sri Lanka Government Confirmed
Swee M
  • Said zazai
  • afganistan have 5 most expensive broadband in APAC
  • internet connect through pakistan, iran uzbekistance 
  • internet shutdown by cutting cable
  • majorr incidence
  • hacker access shared, 1.2m usd employee disappeared
  • 4m+ usd transfered unauthorized accessed
  • gov.af email hacked. javascript attack(O.O)
  • challenges
  • software
  • cracked
  • outdated
  • antivirus
  • regin malware. tap gsm network
  • skillset
  • afcert exist
  • not active
  • growing threat
  • afgran cyberspace used as proxy
  • cross border threat
  • gov challenge
  • cybercrime law
  • e-transaction and e-signature
  • AfCIRT establiished 2009
  • zakir syed
  • pakistan have a wide variety of access internet
  • `jahagir hussain
  • cyber attack in bangladesh 82bil
  • pretty bad
  • gov try to bring the thing into law
  • bdcert is a private entity
  • subhash dhakal
  • rohana palliyaguru
  •  sri lanka cert
  • 2006
  • ict agency
  • non profit
  • doing incident handling
  • public, private sector 
  • full member oof APCERT and FIRST
  • most of sri lanka have mobile 
  • 2967 incident reported 2015
  • ransom ware, cryedit card fraud incident high
  • cromputer crime act
  • very broad 
  • IS Polcy
  • ISO27001
  • 19 domain
  • use by gov agency
  • CID have cyber crim div
  • trained by cert
  • persecute cate
  • collab with international
  • Threat is both outside/inside country
  • Arun Mohan Sukumar
  • india biggest content
  • design
  • density
  • information exporter
  • government demand backdoor
  • driven by american and china
  • reduce indian agency at cybercrime
  • integrated cyber command. Integration between civilian agency and military
479 days ago
Unfiled. Edited by nanyjharon@sinarproject.org 479 days ago
nanyjharon@sinarproject.org APrIGF2016, Day 3: Threats to Free Expression and Challenges for Reform in Southeast Asia
Room 401
Expected speakers:
Full Name Organization Designation of Residence Stakeholder Group Status of Confirmation
Mr. Arthit Suriyawongkul Foundation for Internet and Civic Culture Co-Founder Thailand Civil Society Confirmed
Mr. Swee Meng SINAR Project Systems Administrator Malaysia Civil Society Confirmed
Mr. Jamael Jacob Foundation for Media Alternatives Legal and Policy Advisor The Philippines Civil Society Confirmed
Mr. Kyung-Sin Park OpenNet Korea / Korea University Law School Founder / Professor South Korea Academia Confirmed
Ms. Jiwon Sohn Korea Internet Transparency Report Staff Attorney South Korea Civil Society Confirmed
Full Name Organization Designation of Residence Stakeholder Group Status of Confirmation
Mrs. Irene Poetranto The Citizen Lab, University of Toronto Researcher Canada Academia Confirmed
  • Art
  • In Thailand:
  • 20th May of 2014, the army announced the martial law. The next day, IP has been summoned to control the social media. On the 22nd May, there was a national coup.
  • NCPO (National Council Peace and Order)
  • coup announced that night. NCPO should stop any content.
  • asking ISP to monitor social media content.
  • media shouldn't interview academics, civil servants, people who work at courts and other independent body
  • media shouldn't put in public
  • academics, civil servants, people who work at courts and other independent body shouldn't give interview to media
  • if tv stations do not follow conditions provided by the coup, they will be shutdown
  • ministry of ICT regroup and placed under security branch NCPO - information war inside the country, example "this coup is necessary"
  • discussion of single gateway - control information to be passed in the country
  • [technological measure] ministry of ICT setting up working group to monitor social media and another one to setting up equipment but there are a lot of encryptions via HTPPS so it's hard to block websites unless they have to block the whole domain
  • cooperation with international gateway in thailand
  • All NCPO should be in effect even after the military gone
  • Very difficult to amend laws
  • Kyung Sin Park
  • Criminal threats against free speech in South Korea
  • Laws protecting right to personality - effect freedom of speech
  • Criminal code, Art 311 - insult
  • Criminal code, Art 307 (1) - truth defamation
  • Criminal code, Art 307 (2) - falsity defamation
  • PDPA
  • Portrait right cases
  • Criticism
  • insult law
  • all true evaluations risk insulting those being evaluated. Any evaluation lower than expected causes a sense of insult in the person being evaluated. But, entire civilisation is about evaluation, i.e, imputing values to things, people and places. How can the State ban people from insulting one another?
  • Only extremely offensive words? What is extreme?
  • truth defamation 
  • chilling effects on even publicly-interest statements
  • narrow scope of public interest
  • pluralistic ideal of FOS
  • why should we be restricted in speaking truths even if uncomfortable to others?
  • "public interest" exception? who decides on the public interest? if public interest is defined collectivistically, what happens to the pluralistic ideal of FOS
  • is freedom to speak truths about others essential to development of one's personality? - whether internal or external
  • falsity defamation
  • where is "my" personality? is it in me? is it what others think of me? So, if personality is subject to capricious thinking of Others, on what basis can the State put people in jail?
  • UNHR Committee
  • General Commitment 34 (2011)
  • Human Rights Committee, Concluding Observations on South Korea (2015)
  • Abolish truth defamation
  • UN Special Rapporteur on Free Speech La Rue
  • Jamael
  • Oldest democracy in Asia Pacific
  • Dark period in 1970's
  • In 25 years, massacred happened and most of them were journalists
  • Now, new president Duterte condemned for saying journalists should deserved to die
  • He made more outrageous statements as a mayor in the past
  • What's in store for freedom of expressions in Philippines?
  • Republic Act No 10175 (cybercrime prevention act 2012)
  • Republic Act No 9775 (anti-child pornography act 2009)
  • Republic Act No 10173 (data privacy act 2012)
  • Republic Act No 4200 (anti-wiretapping law)
  • Republic Act No 9372 (human security act 2007)
  • Govt agencies
  • department of justice
  • office of cybercrime
  • national bureau of investigation
  • philippines national police
  • armed forces of the philippines
  • national intelligence coordinating agency
  • content types subject to censorship, filtering or surveillance
  • cyber-libel and other cybercrimes - censorship + surveillance
  • child pornography
  • malicious disclosure of information
  • treason, espionage, provocking war and disloyalty in case of war, piracy, mutiny in the high seas, rebellion, sedition and kidnapping
  • terrorism
  • instances of censorship and surveillance
  • "offensive" social media posts/content
  • example: Facebook takedowns after anti-Duartete posts, Facebook bans TV5 journalists for anti-Marcos posts
  • surveillance of former presidents
  • pres gloria macapagal arroyor
  • surveillance re: corruption-related cases/transactions, e.g: NBN-ZTE scandal
  • emerging threats
  • proposed national id system
  • proposed mandatory SIM card registration system
  • proposed expansion of exemptions to anti wiretapping law
  • Swee Meng
  • Law
  • sedition act
  • people being charged
  • politician
  • activist
  • lawyer
  • cartoonist
  • multimedia and communication act
  • tight control of license and censor the internet
  • cause of concern

Contact Support

Please check out our How-to Guide and FAQ first to see if your question is already answered! :)

If you have a feature request, please add it to this pad. Thanks!

Log in