Now, more than ever, citizens must be able to hold those in power accountable and inspire others through the act of protest.
Protecting your electronic devices and digital assets before, during, and after a protest is vital to keeping yourself and your information safe, as well as getting your message out. Theft, damage, confiscation, or forced deletion of media can disrupt your ability to publish your experiences. At the same time, those engaging in peaceful protest may be subject to search or arrest, or have their movements and associations mapped. They could become targets of surveillance and repression.
There are risks associated with attending a protest, and taking steps to mitigate them can go a long way in ensuring you—and the data you value—are kept safe. This guide outlines steps you can take before, during, and after a protest that will help maximize your effectiveness and keep yourself and your data more secure.
Remember that these tips are general suggestions for better data security and do not constitute legal advice or counseling. If you have specific legal concerns, seek the advice of a licensed attorney.
Before the Protest
Enable full-disk encryption on your device
Full-disk encryption ensures that the files across your entire device are encrypted. This is a form of encryption that protects data at rest—not to be confused with “in-transit encryption,” which protects data that is transferred over the Internet. Full-disk encryption can help protect everything from your local database of text messages to the passwords stored in your browser. If your device is confiscated by police, or if it is lost or stolen, full-disk encryption can help protect the data stored on your device. Protest situations are often unpredictable, so losing your phone is a distinct possibility.
Android and iOS have long required full-disk encryption capabilities to be built into devices. These should be protected by a strong password: 8-12 random characters that are easy to remember and type in when you unlock your device. If devices are not protected by a strong password, the encryption may be easier to break using a brute force attack. The iPhone 5s and later have specialized hardware to protect against this type of attack, but a complex, strong password is still the best practice.
It is important to note that encrypting your device will likely not encrypt external storage media such as SD or flash memory cards. You have to encrypt these separately, and may not be able to encrypt them at all. You might want to investigate where files are stored on your device using a file browsing app, or remove external storage media from your device altogether.
In addition, many digital cameras lack the ability to encrypt. It is safe to assume that photos and videos taken with digital cameras will be stored unencrypted, unless explicitly stated otherwise.
Remove fingerprint unlock and FaceID
Today, both iOS and Android allow users to unlock (and decrypt) their devices with their fingerprint, and the iPhone X’s FaceID allows users to do the same with facial recognition. While these settings may seem appealing as convenient ways to enjoy the benefits of full-disk encryption, enabling them means an officer could physically force you to unlock your device with your fingerprint or face. In protest situations in particular—or in any other situation in which you may be more likely to encounter a government demand to search your phone (such as at a border crossing)—we suggest you turn this functionality off.
In the U.S., using a biometric—like your face scan or fingerprint—to unlock your phone compromises protections for the contents of your phone afforded to you under the Fifth Amendment privilege against compelled incrimination. A police officer may try to intimidate you into “consenting” to unlock your phone, whether you use a biometric or a memorized passcode. But if you exercise your right to refuse and biometric unlocking functionality is turned on, an officer may physically force you to biometrically unlock your device. Under current U.S. law—which is still in flux—using a memorized passcode generally provides a stronger legal footing to push back in court against compelled device unlocking/decryption. While EFF continues to fight against attempts by law enforcement to compel people to decrypt their devices, there is currently less protection against compelled face and fingerprint unlocking than there is against compelled password disclosure.
- In iOS, you can disable this by going into Settings -> Touch ID & Passcode (or Settings -> Face ID & Passcode, depending on your iPhone version) and removing each of the fingerprints, or tapping Reset Face ID in this menu.
- In Android, disabling this feature may depend on your device manufacturer. For Pixel devices, go into Settings -> Security -> Pixel Imprint and delete the fingerprints from this menu.
Signal is an app available on both iOS and Android that offers strong encryption to protect both text messages and voice calls. This type of protection is called end-to-end encryption, which secures your communications in transit.
In addition to encrypting one-to-one communication, Signal enables encrypted group chats. The app also recently added the functionality of having messages disappear anywhere from 10 seconds to a week after they are first read. In contrast to some other services like SnapChat, these ephemeral messages will never be stored on any server, and are removed from your device after disappearing.
In 2016, a grand jury in the Eastern District of Virginia issued a subpoena to Open Whisper Systems, the developers of Signal. Because of the architecture of Signal, which limits the user metadata stored on the company’s servers, the only data they were able to provide was "the date and time a user registered with Signal and the last date of a user's connectivity to the Signal service."
In the context of a protest, you might send relevant photos and videos to friends who are remote using Signal, so that if your phone is confiscated you have a way to retrieve the media later.
Back up your data
Take precautions to limit the potential costs of losing access to your device, whether it’s lost, stolen or confiscated by law enforcement. Back up your data regularly and store that backup in a safe place to save you a headache later on.
Buy a prepaid, disposable phone
In the United States, at the time this guide was written, current federal regulation does not require you to show your ID to purchase a prepaid SIM card (but your state might). Most countries require you to provide a form of ID to purchase a prepaid SIM card, thus linking the card to your identity and removing the possibility of anonymity.
If you're concerned about protecting the data stored on your device, don't bring it to the protest. Instead, purchase a prepaid mobile phone. These devices can be purchased along with a SIM card at most large retail stores. Let your friends know your temporary number, and use this to coordinate activities. Remember that the location of mobile devices can be determined by the cell towers they connect to, so if you don't want your identity and location known, turn off your prepaid device before going home or anywhere that might reveal your identity. Using GPS should be safe, since GPS is a receiver and does not transmit any information. However, keep in mind that your device may store your coordinates. For this reason, we suggest you turn off location services.
When you're done with the phone, it can be safely recycled or discarded from a location that is not linked to you. Keep in mind that if you carry both your regular device and a prepaid one with you, the location of these devices can be correlated and compromise your anonymity.
During the Protest
Take photos and videos without unlocking your device
Catching that perfect image is something you want to be ready for, and powerful images can help support your cause. If you've chosen a strong password, entering it into the device takes precious time, and you risk the moment passing before you're able to take the picture. Luckily, iOS and Android allow you to take photos and videos without unlocking your device.
- With Android Pixel devices, double-press the power button.
- At the iOS lock screen, you can firmly press on the camera icon. Older iOS devices require you to swipe.
Consider biking or walking to the protest
Automated License Plate Reader Systems (ALPRs) automatically record the license plates of cars driving through an area, along with the exact time, date, and location they were encountered. This technology is often used by law enforcement in the United States and many other countries, or employed by private companies such as Vigilant and MVTrac who then share license plate data with law enforcement and other entities. Amassed in huge databases, this data is retained for an unknown period of time. These companies have lobbied and litigated vigorously against statutes that would ban the private collection of license plate data or otherwise regulate ALPRs. Essentially, your location can be tracked over time based on the driving history of any car registered to you, with very few legal limits in place as to how this data can be collected, accessed, shared, and retained.
Consider using alternative means of public transportation if you would prefer that your movements and associations remain private.
Read more in our Street Level Surveillance guide on ALPRs.
Enable airplane mode
Airplane mode ensures that your device will not be transmitting for the duration of your time at the protest, and prevents your location from being tracked. Unfortunately, this also means that you won't be able to message or call your friends, so plan accordingly. Before going to the protest, agree on a spot where you and your friends can meet if you get separated. You may also want to turn off location services.
Some apps allow you to navigate without having network access. Since GPS is a receive-only system, you can selectively turn GPS on after enabling airplane mode. Be sure to download a map of the area of the protest beforehand.
If you are arrested in the United States
If you are detained and questioned by police, you have a right to request to speak with an attorney before and during any questioning. It is best to say “I want my attorney and I choose to remain silent” and then refuse questioning until you have a chance to talk to a lawyer.
However, if you do decide to waive your right to the assistance of counsel and answer questions without an attorney present, be sure to tell the truth. It is a crime to lie to a police officer and you may find yourself in more trouble for lying to law enforcement than for whatever it was they wanted to talk to you about in the first place.
If the police ask to see your phone, you can tell them that you do not consent to a search of your device. They might still be able to seize your phone and search it later, with a warrant, but at least it will be clear that you did not give them permission to do so.
If the police ask for the password to unlock your electronic device (or ask you to unlock it directly), you can refuse and ask to speak to your lawyer. Whether and how law enforcement may compel you to unlock your device(s) is still an unsettled legal issue; ask your attorney about how to best assert your Fifth Amendment rights, which protect you from being forced to give the government self-incriminating testimony. You may suffer adverse consequences at the hands of law enforcement—from having your phone seized to being booked into custody—for refusing to provide your password or biometric key. Every arrest situation is different, however, and you will need to consult with an attorney to help you sort through your particular circumstances.
After the Protest
Once you are ready to post your photos, it’s a good idea to scrub the metadata contained in the image files if you don't want to leak personally identifying information. Metadata on photos can include information such as the model of camera the photo was taken on, the exact time and location where the photo was taken, and even your name. The easiest way to remove any original photo metadata is to transfer the photo onto a desktop computer and then take a screenshot of the image. You can then post that screenshot instead of the original image.
What to do if your device is confiscated
If your device has been confiscated, you may have legal recourse to get it back. In the U.S., your attorney can file a motion for the return of your property if it is not being held as evidence in a pending case. If the police believe that evidence of a crime was found on your electronic device, including in your photos or videos, the police can keep it as evidence. They may also attempt to make you forfeit your electronic device, but you can challenge such asset forfeiture in court.
You can also revoke access for some services that are logged in on your device. For instance, on Twitter if you go to Settings and privacy -> Apps and devices, you can revoke access for devices that have permission to connect to your Twitter account. For other services, simply changing your password or passphrase will prompt the app to log out. But beware that revoking law enforcement access or remotely deleting data may expose you to the risk of being charged with obstruction of justice or the destruction of evidence. You should always speak to your attorney first before deciding how to proceed.
Online services may provide logs of recent log-ins for your account. If you are worried your device is being used to access accounts without your consent, it might be useful for you to see if such logs are available and monitor them.