Interview: The Sudanese Civil Society and its Digital Security Challenges
[Photo curtsey of Abdel-Rahman El-Mahdi]
Abdel-Rahman El-Mahdi, is a member of Sudanese civil society and the founder and executive manager of the Sudanese Development Initiative (SUDIA), a non-profit organization specializing in good governance, youth empowerment and the advancement of civil society and media. Abdel-Rahman talked to us about the challenges the Sudanese civil society faces when it comes to protecting its privacy and digital security while using the internet and other modes of communication information technologies (ICTs). This is especially relevant in the context of the current environment in Sudan where we have seen in the early months of 2015 yet another wave of attacks on the civil society that included the mass confiscation of newspapers, as well as closures of civil society and cultural organizations such as the Sudanese Writers Union and the Mahmoud Mohammed Taha Cultural Center.
Sawtna: What are the most felt challenges you believe the Sudanese independent civil society is facing when it comes to the lack of diligence with their digital security, whether online or offline?
Abdel-Rahman: Foremost is the lack and/or weakness of robust and well-developed systems within the institutions. Most civil society organizations are underdeveloped in terms of their internal governance and organizational systems and procedures. Digital security is but one of a myriad of internal measures that need to be developed and put in place, and if organizational health is the measure it is not necessarily the priority.
Sawtna: Regardless of the heavy price that the lack of digital security procedures is resulting in for the civil society, yet we are not seeing a visible change in behaviour. Why is that, and what do you think is needed to create this necessary shift?
Abdel-Rahman: I would tend to disagree that lack of digital security is exacting a heavy toll on civil society. The toll that might be exacted when organizations are closed and have their equipment confiscated is the loss of data or the organizational electronic records and files, and as far as I know, none of the organizations that have been closed down within the NGO sector have complained of that. The heavier toll, which these organizations suffer from, is the actual loss of their equipment and assets more so than the loss of their data. Data is oftentimes backed up and if not can be recovered from other sources.
So, in my opinion digital security is not seen as a priority and therefore one is less likely to see organizations changing their behaviour. It is more a fad and only in a select number of cases considered a priority and integrated into the organizational systems and the daily behaviour of organizational staff and their affiliates.
I believe that Sudanese institutions/organizations are more a reflection of the culture/tradition. Sudanese have an oral tradition of communication. Information is conveyed and communicated orally rather than in writing or digitally, even within the organizations. This has in general been a cause of the inability of our organizations to become sustainable and institutionalized. As such digital security becomes a concern only when the organization’s business (in all senses) is transacted digitally rather than verbally. Without a real effort of civil society organizations to institutionalize we are less likely to see an importance attached to digital security.
Sawtna: Are there any examples of protecting privacy that come to mind from Sudan that reflect good practice from within organized elements when using information communications technologies in general?
Abdel-Rahman: I can only speak from our experience at SUDIA. We have increasingly begun to value digital security and efficiency. This is reflected in the use of applications such as Google Drive and all the applications that come with it. Documents are shared and worked on by staff in the cloud, where document owners prescribe the level of sharing and the person/s with whom they would like to share documents. Collaboration on projects is also increasingly being shifted from the real world to the virtual where platforms such as Mavlink and Basecamp allow people to collaborate on projects virtually and without having to be in the same physical space. These platforms of collaboration not only contribute to greater digital security, but they also help build an institutional memory in relation to projects and offer a source of learning and reflection.
Sawtna: Any parting thoughts?
Abdel-Rahman: Firstly, digital security, like other internal organizational systems, will only take root in organizations when organizations have reached a certain level of maturity where they begin to recognize the need to develop their internal systems if they are to continue to flourish and grow. Secondly, the leadership or top management within organizations will need to have a genuine appreciation and recognition that digital security is needed and will contribute to the organization’s growth and sustainability. Finally yet importantly, digital security is oftentimes about changing digital behaviour and norms, i.e how we do things. That is the most difficult part. Making sure to log off your email account, frequently changing passwords, switching to using different programs and apps that one might not be used to, etc. Without perseverance and constant observation, even systems and policies that might be introduced might fail to bring about the required sustainable level of digital security within our civil society organizations.