by Max Wilbert / Deep Green Resistance

Those in power do not hesitate to assault, imprison, torture, and sometimes murder those who fight capitalism, patriarchy, racism, the murder of the planet, and other elements of global empire.

In order to do this, they need information. State agencies, private military corporations, investigators, and far-right reactionaries want to gather as much information on revolutionaries as possible. The information they want includes where you live, who you associate with, where you go, where you work, and more.

Protection of information is therefore critical to survival and effectiveness of resistance movements. This becomes even more important when you’re engaged in high-risk revolutionary work and direct action.

Militaries around the world use a procedure called operational security (OPSEC) to protect important information. While I am opposed to all imperialist militaries, we can and should learn from our adversaries. Therefore, I am writing this article to help keep you safe and make you more effective.

What is OPSEC?

OPSEC is defined as “the protection of information that, if available to an adversary, would be detrimental to you/your mission.” Implementing OPSEC is essential for revolutionaries and activists, and can also be valuable for many other people, including:

• Women facing stalking, sexual violence, or abuse
• Immigrants seeking to avoid persecution, detention, and deportation
• People of color threatened by racist persecution and violence
• Prominent individuals facing doxing and harassment

The 5-step OPSEC process

In Army Regulation 530-1, the US military defines a 5-step process for operational security. This procedure should be studied and implemented by all activists and revolutionaries. In fact, we should practice OPSEC at all times, in all situations. Rather than fostering paranoia, this allows us to ensure maximum safety based on a realistic assessment of threats and vulnerabilities.

Step 1: Identify the information you want to protect

The first step in the OPSEC procedure is the simplest. Determine which information you want to protect. This may include:

• Plans
• Procedures
• Relationships
• Locations
• Timing
• Communications
• Purchases

Step 2: Analysis of threats

The second step is to develop a “threat model.” In other words, determine who you need to protect this information from, and what their capabilities are. Then assess how these capabilities may impact you in the particular situation at hand.

In this stage, you should also ask yourself “what information does the adversary already know? Is it too late to protect sensitive information?” If so, determine what course of action you need to take to mitigate the issue, plan for ramifications, and prevent it from happening again.

You can learn about the capabilities of state agencies and private intelligence companies from the following sources:

• Wikipedia page on the global surveillance disclosures
• EFF overview of NSA spying
• Introduction to PRISM (US mass surveillance program)
• Introduction to Tempora (UK mass surveillance program)
• Report on infiltration at Standing Rock
• Counterinsurgency techniques used by private military corporations
• STRATFOR leaks

Step 3: Analysis of vulnerabilities

Now that you know what you need to protect, and what the threats are, you can identify specific vulnerabilities.

For example, if you are trying to protect location information from state agencies and corporations, carrying a cell phone with you is a specific vulnerability, because a cell phone triangulates your location and logs this information with the service provider each time it connects to cell towers. If this phone is linked to you, your location will be regularly recorded anytime your cell phone is connected to cell towers. This process can be repeated to identify multiple vulnerabilities.

Once you have determined these vulnerabilities, you can begin to draft OPSEC measures to mitigate or eliminate the vulnerability. There are three types of measures you can take.

1. Action controls eliminate the potential vulnerability itself. EXAMPLE: get rid of your cell phone completely.

2. Countermeasures attack the enemy data collection using camouflage, concealment, jamming, or physical destruction. EXAMPLE: use a faraday bag to store your phone, and only remove it from the bag in specific non-vulnerable locations that you are not concerned about having recorded. NB: This method may not eliminate all dangerous data tracking, as smartphones are capable of tracking and recording location and movement data using their built-in compass and accelerometer, even when they have no access to GPS, cellular networks, or other radio frequencies.

3. Counter analysis confuses the enemy via deception and cover. EXAMPLE: give your phone to a trusted friend who is moving to a different location so that your tracked location appears different than your real location during a given period.

Step 4: Assessment of risk and countermeasures

Step four is to conduct an in-depth analysis of which OPSEC countermeasures are appropriate to protect which pieces of information. Decide on the cost-benefit ratio of each countermeasure. You want to ensure that your security measures are strong and adequate, but ideally, they should not hamper the mission itself. Determine which factors are most important and make a judgement call about your course of action.

Step 5: Apply your OPSEC countermeasures

The final step is to put the plan into action. Implement your chosen action controls, countermeasures, or counter analysis methods.

Once the operation is complete, or on an ongoing basis, you should also reassess effectiveness. Conduct research, analyze any mistakes you have made, and plan for the ramifications of these mistakes. Then improve your techniques and repeat the process.

Creating a “security culture”

Operational security does not make sense for everyone. It is designed to protect groups of people engaged in high-risk activities. Therefore, OPSEC is not a hobby or something to be practiced occasionally. The OPSEC procedure should be habitual and regular, because it only takes a short period of inattention to accidentally disclose information that can have dangerous consequences.

The lessons in this article need to be combined with general activist “security culture.” and basic forensic countermeasures (a topic I will cover in another article) to protect us from threats.

It is important that we begin to shift our culture of activism towards revolutionary confrontation. This requires a serious shift in attitude. We need to look at ourselves as warriors in a life-and-death war for the future of the planet. OPSEC provides us with a procedure for increasing our safety and reminds us to treat this struggle as seriously as it really is.

—

Max Wilbert is a third-generation organizer who grew up in Seattle’s post-WTO anti-globalization and undoing racism movement, and works with Deep Green Resistance. He is the author of two books.