RaazNet

RaazNetBeta

KNOWLEDGE BASE
On This Page

Security Strategy and Response Planning

A comprehensive guide to developing proactive security strategies and reactive emergency plans, tailored for the Iranian context.

Time15 minutes

Security Strategy and Response Planning

Security is not a product you buy, but a process you maintain. For activists and citizens in Iran, where the threat landscape includes state-sponsored surveillance, internet shutdowns, and arbitrary detention, relying on ad-hoc reactions is insufficient. This guide outlines how to build a comprehensive Security Strategy (prevention and capacity building) and a robust Response Plan (what to do when things go wrong).

Part 1: Developing a Security Strategy

A security strategy is your long-term approach to safety. It moves beyond simply reacting to fear and instead focuses on building the capacity to continue your work despite the threats.

Core Strategic Approaches

In the context of high-risk environments like Iran, strategies typically fall into three categories:

  1. Protection Strategies (Primary Focus):

    • Goal: Reduce vulnerability and the likelihood of a successful attack.
    • Tactics: Using end-to-end encryption (Signal), minimizing data retention, using VPNs/Tor for anonymity, and hardening devices against physical seizure.
    • Iran Context: This is your first line of defense against mass surveillance and "dragnet" data collection by agencies like FATA (Cyber Police).

  2. Acceptance Strategies:

    • Goal: Build support and reduce hostility within your immediate environment.
    • Tactics: Building strong community ties, being transparent with trusted neighbors, and fostering a "security culture" where peers look out for one another.
    • Iran Context: In neighborhoods where "Basij" members may be present, maintaining a low profile while building genuine trust with non-political neighbors can provide an early warning system.

  3. Deterrence Strategies:

    • Goal: Raise the cost of attacking you.
    • Tactics: Public visibility (sometimes), legal knowledge, or high-level encryption that makes data extraction too resource-intensive for the adversary.
    • Iran Context: Deterrence is difficult against a state actor with vast resources. However, making your data "too hard to crack" (e.g., strong full-disk encryption) can sometimes deter low-level interrogators from pursuing a full forensic analysis.

Capacity Building

To implement these strategies, you must assess and build your capacities.

  • Knowledge: Do you understand the specific threats in your city or sector? (e.g., Are raids happening at night? Are they targeting specific apps?)
  • Skills: Can you quickly wipe a device? Do you know how to use Tor bridges? Can you withstand psychological pressure during interrogation?
  • Resources: Do you have a "clean" phone for sensitive work? Do you have legal representation contacts ready?

Part 2: Organizational and Group Security

If you work in a group (e.g., an editorial team, an activist collective, or an NGO), your strategy must account for group dynamics.

The "Do No Harm" Framework

Security measures should not create new risks.

  • Resource Allocation: Giving secure phones only to leadership can create resentment and leave junior members vulnerable. Security resources must be distributed based on risk, not just seniority.
  • Inclusivity: Ensure security protocols (like using Signal) are accessible to all members, regardless of their technical skill.

Managing Mistrust and Infiltration

Fear of infiltration is a potent weapon used by the state to paralyze groups.

  • Compartmentalization: Use a "need-to-know" basis for sensitive information. If one person is compromised, the damage is contained.
  • Behavioral Baselines: Infiltration often manifests as pressure to commit illegal or violent acts (provocation). Establish clear codes of conduct; members pushing for extreme actions should be viewed with caution.
  • Transparent Verification: Vetting new members should be a standard, transparent process, not a source of gossip.

Part 3: Emergency Response Planning (Crisis Protocols)

A strategy prevents threats; a Response Plan limits the damage when threats materialize. In Iran, the most critical scenarios are Arrest/Detention and Device Seizure.

1. Preparation (Before the Crisis)

  • The "Clean Device" Habit:
    • Never keep sensitive data on your device longer than necessary.
    • Use "Disappearing Messages" on Signal and Telegram.
    • Regularly clear browsing history, cache, and downloads.
  • The Emergency Contact (Trusted Person):
    • Designate a person who is not in immediate danger to be your emergency contact.
    • Role: If you do not check in by a certain time, they execute the plan (e.g., notifying family, locking down accounts, contacting a lawyer).
    • Access: They should not necessarily have access to your data (to protect them), but they should know where your digital backups are if you disappear.
  • The "Panic" Protocol:
    • If you hear a raid at the door, what do you do?
    • Action: Power down devices immediately. Modern smartphones enter "Before First Unlock" (BFU) mode when restarted, making forensic extraction significantly harder.

2. During a Raid or Arrest

  • Physical Security:
    • If possible, lock the door to buy time to power down devices.
    • Do not unlock your phone for officers. Biometric unlock (FaceID/Fingerprint) can be forced physically; a strong alphanumeric passcode is harder to force without cooperation.
  • Legal vs. Reality:
    • The Law: Article 60 of Iran’s Code of Criminal Procedure prohibits coercion and torture during interrogation.
    • The Reality: Interrogators (often intelligence agents acting as "judicial associates") frequently ignore this.
    • Strategy: Your primary goal is physical survival. If forced to give a password, having a "plausible deniability" setup (e.g., a secondary user profile that looks innocent, or a hidden volume) is safer than outright refusal, which may lead to physical harm.

3. Post-Incident Response

  • Account Lockdown:
    • Your emergency contact or teammates should immediately remove your accounts from group chats and revoke your access tokens to shared drives.
    • Assume any device seized by security forces is compromised forever. Do not use it again even if returned.
  • Psychological First Aid:
    • Detention and interrogation are traumatic. Post-release support should prioritize mental health over immediate return to work.

4. Internet Shutdown Protocol

  • Preparation:
    • Have offline versions of critical documentation (like this Wiki).
    • Set up "sneakernets" (sharing data via USB drives) for local communication.
    • Identify landlines or mesh network apps (e.g., Briar) that work via Bluetooth/Wi-Fi without internet.

Part 4: The Emergency Response Template

Use this checklist to create your own plan.

PhaseAction Items
pre-Crisis[ ] Enable Full Disk Encryption on all devices.
[ ] Set a strong, alphanumeric passcode (6+ digits).
[ ] Disable biometrics (Face/Touch ID).
[ ] Enable "Auto-Delete" on messaging apps.
[ ] Identify a lawyer and memorize their number.
[ ] Share emergency plan with a Trusted Person.
During Crisis[ ] POWER OFF phone and computer immediately.
[ ] Do not consent to searches (verbalize non-consent even if ignored).
[ ] If detained, state you wish to remain silent until a lawyer is present (Note: Evaluate physical risk).
Post-Crisis[ ] Revoke all active sessions (Google, Telegram, Twitter).
[ ] Change all passwords from a secure device.
[ ] Warn contacts that old channels may be compromised.
[ ] Seek psychosocial support.

Conclusion

A security plan is not a sign of paranoia; it is a sign of professionalism. By preparing for the worst-case scenarios—specifically arrest and device seizure—you protect not only yourself but your entire network.

Remember: Security is a team sport. Share this knowledge, drill your emergency response plans, and keep your software updated.

Source:
Edit

Was this article helpful?

Your feedback helps us improve our wiki content.