As it happens, the main country case studies for my dissertation are Egypt and the Sudan. I’ll have to write a whole lot more given the unprecedented events that have taken place in both countries since January 25th. As many iRevolution readers know, my dissertation analyzes how access to new information and communication technologies changes the balance of power between repressive regimes and popular resistance movements. This means I’m paying close attention to how these regimes leverage tools like Facebook.
The purpose of this blog post is not to help repressive regimes use Facebook better, but rather to warn activists about the risks they face when using Facebook. Granted, many activists already know about these risks, but those I’ve been in touch with over the past few weeks simply had no idea. So what follows is a brief account of how repressive regimes in North Africa have recently used Facebook to further their own ends. I also include some specific steps that activists might take to be safer—that said, I’m no expert and would very much welcome feedback so I can pass this on to colleagues.
We’ve seen how Facebook was used in Tunisia, Egypt and the Sudan to schedule and organize the recent protests. What we’ve also seen, however, is sophistication and learning on the part of repressive regimes—this is nothing new and perfectly expected with plenty of precedents. The government in Tunis was able to hack into every single Facebook account before the company intervened. In Egypt, the police used Facebook to track down protesters’ names before rounding them up. Again, this is nothing new and certainly not unprecedented. What is new, however, is how Sudan’s President Bashir leveraged Facebook to crack down on recent protests.
The Sudanese government reportedly set up a Facebook group calling for protests on a given date at a specific place. Thousands of activists promptly subscribed to this group. The government then deliberately changed the time of the protests on the day of to create confusion and stationed police at the rendez-vous point where they promptly arrested several dozen protestors in one swoop. There are also credible reports that many of those arrested were then tortured to reveal their Facebook (and email) passwords.
And that’s not all. Earlier this week, Bashir called on his supporters to use Facebook to push back against his opposition. According to this article from the Sudan Tribune, the state’s official news agency also “cited Bashir as instructing authorities to pay more attention towards extending electricity to the countryside so that the younger citizens can use computers and internet to combat opposition through social networking sites such as Facebook.”
So what are activists to do? If they use false names, they run the risk of getting their accounts shut down without warning. Using a false identity won’t prevent you from falling for the kind of mouse trap that the Bashir government set with their fabricated Facebook page. Using https won’t help either with this kind of trap and I understand that some regimes can block https access anyway. So what to do if you are in a precarious situation with a sophisticated repressive regime on your back and if, like 99% of the world’s population, you are not an expert in computer security?
1. Back-up your Facebook account: Account –> Account Settings –> Download your information –> Learn more. Click on the Download button.
2. Remove all sensitive content from your Facebook page including links to activist friends, but keep your real name and profile picture. Why? So if you do get arrested and are forced to give up your password, you actually have something to give to your aggressors and remain credible during the interrogation.
3. Create a new Facebook account with a false name, email address and no picture and minimize incriminating content. Yes, I realize this may get you shut down by Facebook but is that as bad as getting tortured?
4. Create an account on Crabgrass. This social networking platform is reportedly more secure and can be used anonymously. A number of activists have apparently switched from Facebook to Crabgrass.
6. If you can do all of the above while using Tor, more power to you. Tor allows you to browse the web anonymously, and this is really important when doing the above. So I highly recommend taking the time to download and install Tor before you do any of the other steps above.
5. Try to validate the authenticity of a Facebook group that calls for a protest (or any in-person event for that matter) before going to said protest. As the Sudan case shows, governments may increasingly use this tactic to arrest activists and thwart demonstrations.
6. Remember that your activist friends may have had their Facebook accounts compromised. So when you receive a Facebook message or a note on your wall from a friend about meeting up in person, try to validate the account user’s identity before meeting in person.
If you have additional recommendations on how to use Facebook safely, or other examples of how repressive regimes have leveraged Facebook, please do add them in the comments section below for others to read and learn. Thank you.