Developing technical collaborations within the Network

Sharing our technical projects and reflections on our first in-person tech retreat.

On October 2nd, 2024, sixteen tech staff members working across the Digital Resilience Network (DRN) were deeply engaged in a conversation with the aim to answer: “how can the Network practically collaborate in mobile forensics?” 

It was day two of a three-day tech retreat in Lisbon. The night before, everyone had spent hours playing around with setting up network traffic analysis and mobile forensics tools in a private space, using the shared network infrastructure offered as a playground by one of the DRN members. While we all enjoyed experimenting with tools, we acknowledged that morning that tech staff contributions to mobile forensic collaborations – and all other collaborations – will be as diverse as the capacities of our organizations: some of us will provide the infrastructure, some will share information, and others will set up the protocols for communication.

Since the launch of this Network in October 2023, we have been engaged in a reiterative process where we share experiences, identify common needs, and map our capacities to plan practical collaborations under “Tech Lab for Global South”- a lab dedicated for knowledge building on the issues of digital resilience. Whether through in-person, or online meetings during 2024, our process of shaping collaborations was guided by these two questions: 

1. How could our Network projects embrace the diversity of the capacities and specialized areas of work across its ten member organizations?
2. How could these collaborations engage, build, and connect to the work of the wider digital resilience ecosystem?

Our moment of clarity on what this collaboration looks like in practice while answering these questions came when tech staff from our organizations met at this first tech retreat in Lisbon, Portugal. In this blog post, we want to build on the momentum created by the DRN tech retreat in October, and share our plans under the “Tech Lab for Global South” in three areas: threat intelligence, mobile forensics, and risk assessment frameworks.

Within the few experienced technologists in the Global South, there is a huge strategic opportunity for collectively studying and identifying threats, especially in the light of the growing diversity and complexities in the spyware industry. The collaboration on threat intelligence in the Network will start with the identification, and the secure documentation of digital threats in different geographical territories, the analysis of patterns and behaviors of certain threat types, and the production and communication of findings on these patterns with expert communities, and groups from the ecosystem that are working on policy, advocacy and litigation. 

Our members that are working on the threat intelligence workstream recognize the importance of vertical and horizontal information sharing in the field of threat intelligence, especially in the light of emerging regional groups that are working on the analysis of digital threats. We will start developing an internal process to secure knowledge sharing on threats from all regions in the Global South. In parallel, we will reach out to build on the experiences and expertise of the regional threat intelligence Networks to explore ways where this documented knowledge can collectively advance this field. 

Our members who run forensic labs identified the need to build the literature in setting up proper methodologies for triaging, securing data collection and clear processes of the data chain of custody. This collective development and documentation of forensic processes aims to achieve higher protection of the data they collect against digital threats, and provide more efficient support for their targeted communities. It also aims to provide guiding resources for organizations in the Global South that wish to launch their own forensic labs or help desks, and secure their operations to collaborate and share information about threats with organizations that perform complex threat intelligence and analysis. 

While the Network will start building this documentation internally, we will be reaching out to external expertise on specialized areas in forensics to learn together. We will develop processes to securely share and engage the global community who are working with digital forensics.  

Understanding the different organizational and territorial contexts in which we work allows us to correctly evaluate the tools and frameworks we use to mitigate and prevent security risks. 

Taking into consideration feedback from using available auditing and risk assessment tools, we will further develop an encompassing framework to prioritize digital threats according to our likelihood and impact that can adapt to different contexts. This tool was incepted in Latin America, and the goal is to adapt it so that it is inclusive of the diverse Global South contexts through learning about common regional threats. 

As much as the Tech Retreat was a pivotal moment to shape these areas of collaborations, it was a time for learning and reflection on the process of designing technical collaborations in this network, some of which we would like to share:

Diversity is our strength, and our positive challenge: This Network connects a diverse group of talented technologists on several continents across different specialties: senior system administrations, devops engineers, security experts and forensic specialists. While the diversity of areas of expertise in the Network has instigated peer-learning opportunities on digital resilience, it posed a positive challenge as we designed technical collaboration projects under the Tech Lab. For example, all DRN members saw the value of collaboration on threat intelligence and mobile forensics, however, not all had the resources or the mandate to equally technically contribute to these areas. This challenge raised the fundamental requirement to center the communities fighting digital threats through research, advocacy and policy work in the design of any technical project. 

Technical collaborations require more time: In addition to the Tech Lab in this Network, there are other working groups focusing on topics ranging from information disorder, the integration of social justice values in our environment, and forecasting strategic challenges in the ecosystem.  In comparison to these working groups, planning collective collaborations under the Tech Lab required more reflections, discussions, in-person meetings. Building trust was foundational from the beginning. While it involved building trust among people – not only organizations – through in-person meetings, open discussions, knowledge sharing and unilateral projects, building the trust to share information on threats requires building secure common infrastructures and governing protocols.

There remain structural challenges to achieving inclusivity within the tech community:  We are experimenting on how to build new centers of expertise rooted in the experiences of the Global South while embracing our social justice values. In planning for our first in-person tech retreat, we realized that of the 20 tech staff across 10 member organizations, there are only four female tech staff. In one of our working groups, which we will address in future blog posts, we aim to document best practices, address these challenges and be mindful of cultivating learning spaces that are more representative and inclusive. 

Coming together to Lisbon was a very eye opening experience. After a first night in which we got carried away in a tech playground, we came back to a session in which we had to begin imagining real ways of making all this work happen in a meaningful way. It was a rainy morning and our venue was a little too open, a little too cozy. Drizzles of rain were coming in, and we had a long day ahead. But rain did not stop us: we knew then, as we know now, there is a good contribution that our group can make to the extended digital rights ecosystem. Resilience and diversity are our biggest strengths, and being used to working in conditions that are often far from ideal, we have developed a lot of capacities that will keep coming together in the quest for proposals and solutions for the challenges ahead of us. 

This is the first of a series of blog posts we will be publishing on this website, to share with the larger digital rights and social justice ecosystem what we have been up to, our learnings and our plans in different areas of digital resilience. We are extending an invitation to collaborate, and co-learn with interested expert communities. If you are interested in following our news, you can always email us at hello@digitalresilience.network or sign up to receive our email updates.