This article introduces a basic guide of generally accepted “security codes” for movements which can be applied in a variety of direct action, protest, and event situations.

More articles related to security can be accessed here. These include topics like physical security for events, operational security, geolocation and tracking and many more.


By Max Wilbert

Activists and revolutionaries will often find themselves in situations that are dangerous for a variety of reasons. Whether we are engaged in protest, events, or direct actions, we need to protect our community, our mission, and ourselves. That is why we endeavor to teach security training to everyone in our community.

Security falls into a number of domains. We must protect information using security culture, digital security, and other “infosec” techniques. We must protect relationships and organizations using vetting procedures, gradual building of trust, compartmentalization, and so on. And we must protect ourselves physically by learning self-defense techniques and being prepared for the situation we find ourselves in.

This article is proposing a set of generally accepted “security codes” for the movement that can be applied in a variety of situations. These protocols refer to the accepted or established code of procedure or behavior in any group, organization, or situation. By having a set of generally known and accepted protocols, we can:

  1. Minimize confusion;
  2. Build competency in security techniques; and
  3. Avoid wasting time and energy repeating information to large groups of people

Here we propose a basic 3-part code that varies between low-risk, medium-risk, and high-risk situations. These basic protocols should be considered a baseline and can be adapted to offensive and defensive situations.

Code Green (Low Risk)

This protocol should be applied in situations when no risks are expected. For example, private events held on friendly territory may be a “green” situation. However, in keeping with developing a general security culture, some precautions should still be taken.

  • Mission specific considerations and equipment
  • Maintain situational awareness
  • Maintain basic security culture precautions
  • Basic health and safety considerations: food, water, first aid kit
  • EDC (Everyday Carry)
  • Practical clothing
  • Communications: may be open, depending on the circumstances. Using secure communications is always recommended, but not crucial.

Code Yellow (Medium Risk)

This protocol should be applied in situations when there is an elevated potential for risk. For example, a public protest or event may be a code yellow situation. In a code yellow situation, information should be treated more carefully.

  • All of the above, plus:
  • Conduct a security analysis prior to the event/action, then brief your team on findings
  • Designate a security team and prepare for possible threats
  • Consider creating an Operations Order and formalizing roles
  • Use encrypted communications and minimize information leakage
  • For offensive operations, use TOR and secure research methods. Leave cell phones at home or place in a faraday bag.

Code Red (High Risk)

This protocol should be applied in situations when there is certainty of high risk. For example, a serious direct action or defensive action when you expect serious forms of repression would be a code red situation.

  • All of the above, plus:
  • Full Operations Order and briefing prior to action
  • Additional formal roles, such as leader or leadership group, medic, logistics, etc. (mission specific)
  • Consider additional protective clothing if there is a possibility of being hurt
  • Compartmentalize information on a need-to-know basis
  • All communications via secure channel or face-to-face

This is basic guide that can be adapted to a variety of situations. Feedback is welcome and this material will be updated over time.