K + LAB is the Digital Security and Privacy Laboratory of Karisma Foundation. It is our response to the digital security problems faced by civil society organizations, journalists, human rights defenders and activists in Colombia and our way of contributing to the principle of co-responsibility introduced by the Digital Security Conpes in 2016.
Here you will find the analysis we have done, Karisma stories associated with the laboratory’s work, our comments on public policies and the results of these two years of thinking that it is possible to build these initiatives, which strengthen the digital security and privacy of all.
What do we do and how do we do it?
KLAB has worked on three fronts so far:
- Analyze, in a non-intrusive way, the security and privacy of some governmental web pages.
After making a report of our findings, the most difficult task has been to find the appropriate channel for these reports to take effect and to achieve effective changes that result in better security and privacy for huge amounts of data. We have worked with the idea of joint responsibility in mind and built an incipient model of vulnerability reporting and to keep track of the improvement plan that has been supported by MinTIC.
This is our third exercise of this type and the results are impressive.
IMEI Colombia Analysis | The first website we analyzed was https://www.imeicolombia.com.co/, where you can check data on the 3.46 million cell phones that have been blocked due to theft or loss in the country. The result: implementation of a security certificate on the website and the publication of a clear description of the portal, the Legal Notice and the Data Protection Policies of the companies that report for the construction of this database.
Victims Unit | The second website we reviewed was https://www.unidadvictimas.gov.co, where information for the care, assistance and integral reparation of more than 8.5 million victims of the internal armed conflict in Colombia is handled. The result, the implementation of the secure https protocol, for some services, applications and the Unit’s website; In addition, the policies and privacy notice for the institution’s website were generated and access control was implemented to minimize the risk of information leakage from a report with sensitive information.
Our third report is in process and we hope to give more information about its effects once we have the improvement plan that the institution is currently developing.
2. The accompaniment of Colombian civil society organizations to raise awareness and improve their digital security.
To date we have worked with organizations in areas as diverse as consumer defense, LGBTI rights, environmentalists, women’s organizations, organizations of victims and displaced persons, groups of journalists and activists giving basic digital security workshops. Thanks to the support of Open Society we had the opportunity to develop security audits to seven organizations in the country. With the results of this process we hope to make appropriate recommendations and generate best practice guides in the near future. This year, thanks to a new project supported by Internews we can work with two other organizations and generate a module to train new auditors.
3. Provide evidence about Karisma Foundation’s impact on public policies.
A fundamental part of everyday life in Karisma is to comment and analyze State policies and projects and create networks with other organizations and communities, with which Karisma collaborates to make a more effective impact.
The laboratory has strengthen this technical analysis capacity to generate comments on several projects: the police code, the strategy against cell theft, the Digital Citizen Services decree, the security of the DANE e-census website, the governmental Digital security risk management model among others. Our most recent collaboration is an audit protocol proposal for the Colombian election scrutiny software in 2018, a project in collaboration with the MOE.
Who has supported us to achieve this?
All this work would not have been possible without the funds granted by the OTF to Karisma which covered the salary of an expert in digital security and privacy for one year and provided the K + LAB with equipment. Access Now has funded part of the coordination and time dedicated to this initiative of the foundation through another scholarship. Open Society gave us the scholarship to develop an awareness, training and support project for six civil society organizations that have trusted Karisma in this process. And, recently, the Electoral Observation Mission (MOE) with whom we signed a collaboration agreement to analyze the transparency mechanisms associated with the inclusion of Information and Communication Technologies (ICT) in the electoral process.
Part of the work we do from the laboratory is to share the topics we discuss, so we invite you to read the following articles prepared from our investigations.
“Insecure platforms, the case of imeicolombia.co.co”
“Analysis of imeicolombia.com.co, chronology of a dialogue with the government”