Cybersecurity in Paraguay: A fight for human rights in times of surveillance and threats

TEDIC
Blog Democracy Derechos Digitales
Placa sobre investigación de ciberseguridad a personas defensoras de derechos humanos en Paraguay

Digitalization is changing the way we live, work, and engage in activism to defend human rights. In Paraguay, this process exposes human rights defenders to new threats in cyberspace, creating significant risks to their digital safety. To understand the magnitude of these risks and strengthen the protection of those fighting for human rights in our country, we conducted a new research, in collaboration with CODEHUPY and the Fundación Karisma of Colombia, titled Cybersecurity for Human Rights Defenders in Paraguay. The study aimed to map the current state of cybersecurity among human rights defenders in the country. In this blog post, we present the details of the research, including its methodology, findings, and recommendations.

It is worth mentioning that most participants in the interviews and surveys for this research agree that, in recent years, there have been setbacks in both digital and physical areas in Paraguay. Moreover, there has been an increase in groups that attack fundamental rights, particularly those of women and LGTBIQ+ people. We believe that this context highlights the need to improve cybersecurity to protect human rights defenders in Paraguay and mitigate the risks they face in their daily work.

How was the research conducted?

The research was led by TEDIC in collaboration with the Coordinadora de Derechos Humanos en Paraguay (CODEHUPY) and the Fundación Karisma of Colombia. The main goal was to establish a baseline for understanding the state of cybersecurity among human rights defenders in Paraguay and to explore the risks, threats, and strengths in terms of digital security.

To achieve this, the research used a mixed quantitative-qualitative methodology, incorporating various data collection tools:

  • Surveys: 130 surveys were applied to defenders from different areas in Paraguay, covering various regions and human rights issues, such as environment, indigenous rights, freedom of expression, gender, among others.
  • Focus groups: Two focus groups were conducted, each consisting of eight participants who discussed their experiences and challenges related to cybersecurity.
  • In-depth interviews: Three in-depth interviews were conducted with key informants recognized for their experience in the fields of cybersecurity and human rights to obtain a more detailed and nuanced understanding of the situation.
  • Review of secondary sources: Previous studies and relevant documents were included, especially those linked to the United Nations and other international organizations working on cybersecurity and human rights issues.

Why are human rights defenders the focus of this research?

In Paraguay, human rights defenders are key actors in guaranteeing the promotion and protection of fundamental rights and, therefore, in combating injustices and arbitrary actions in various areas. They play a crucial role in safeguarding the democratic quality of the country, which exposes them to situations of risk and vulnerability, particularly regarding their cybersecurity.

In this context, cybersecurity refers to the protection of personal and institutional data in cyberspace, preventing them from being subject to online threats. This entails the confidentiality, authenticity and integrity of the information of individuals, organizations and state entities. The interdependence between digital security and human rights is clear, as fundamental aspects such as the right to privacy, freedom of expression and free association are directly linked to the way in which cybersecurity policies are implemented.

The research also highlights that cybersecurity can be compromised not only by malicious attackers or cybercriminals, but also by state surveillance. In Paraguay, data extraction from mobile devices, hacking of systems, the use of facial recognition technologies in public spaces, and the monitoring of activists’ social media are some of the ways in which digital security is breached. These acts represent a direct risk to fundamental rights, affecting both the online and offline environment.

This approach to cybersecurity for human rights defenders is crucial for developing strategies that protect them physically, legally, and digitally, thereby mitigating the threats and intimidation they may face in their daily work.

Key findings of the research

The research revealed several areas of concern in relation to the cybersecurity of human rights defenders in Paraguay. The notion of digital security wellbeing, as it is currently understood, is heavily influenced by concepts that individualize the responsibility for security, rather than addressing the structural inequalities that perpetuate these vulnerabilities. In this context, digital security is perceived as an unattainable privilege for many defenders, which generates frustration and feelings of guilt for not being able to meet individual expectations of digital self-care. This study highlights that the solution is not merely individual, but must be part of a collaborative and shared strategy, allowing all people to protect themselves and thrive in a fairer digital environment.

The main findings of the research are detailed below:

  1. Low levels of training in cybersecurity: 76.2% of respondents indicated that they had not received any specific training in digital security, highlighting a significant gap in knowledge and protection practices.
  2. Lack of knowledge and fragmentation on the topic of digital security: Both defenders and their organizations show little awareness of digital risks or threats, making it difficult for them to comprehend the dangers and take effective action.This is combined with a growing reliance on digital technologies, which reinforces the perception that cybersecurity is unattainable for those without technical expertise.
  3. Limited confidence in the use of technology: On a scale of 1 to 5 on confidence in the use of digital technologies, most were in the intermediate range (33.8%), while only 21.5% felt completely comfortable (range 5). Additionally, 6.9% indicated that they felt “overwhelmed” by technology.
  4. Absence of digital security protocols in organizations: 94.6% of the organizations where the surveyed people work do not have any security protocol to address risk situations or digital threats. Of the 5.4% that do have protocols, actions include communicating incidents to the technology area, not opening suspicious links, activating VPNs in organizational applications, and defining secure password criteria.
  5. Lack of security incident records: Like the protocols, 94.6% of the organizations do not have formal records of digital security incidents, which hinders risk assessment and response to attacks.
  6. Urgent need for training in digital security: When asked if they would like to learn more about digital security and technological infrastructure issues, the defenders emphasized the need for workshops or courses to improve personal, professional and organizational security. Prevention is a priority to avoid incidents before they occur.
  7. Specific threats to certain groups: Defenders working on gender rights issues reported higher incidents of digital harassment and surveillance.
  8. Gender gap in access to and use of technologies: Women human rights defenders face additional barriers, such as technology-facilitated gender-based violence, including online threats and harassment.

Recommendations to improve cybersecurity.

Based on the findings, a series of recommendations were made to strengthen the cybersecurity of human rights defenders in Paraguay:

  • Ongoing digital security training: It is crucial to offer accessible and regular training on cybersecurity, including topics such as password management, use of encryption tools and phishing detection. These trainings should focus on preventing threats and improving confidence in the use of technology.
  • Development and implementation of digital security protocols: Human rights organizations should create and follow specific protocols to prevent, detect and respond to cybersecurity incidents. These protocols will not only safeguard sensitive information, but will also provide a basis for immediate action in the event of attacks.
  • Gender perspective in cybersecurity policies: Security measures must consider the particular threats faced by women and LGTBIQ+ human rights defenders. This involves designing strategies that respond to their specific needs, such as the prevention of digital harassment and violence.
  • Promotion of participatory governance in cybersecurity issues: It is essential that cybersecurity policies include the participation of actors from the State, the private sector and civil society, fostering inclusive and equitable governance that responds to cybersecurity challenges in the country.
  • Creation of a comprehensive personal data protection law: Cybersecurity in Paraguay requires strong legislation that prioritizes the protection of personal data and guarantees the digital security of all people. This legal framework will strengthen the foundations for accessible and reliable cybersecurity.

Addressing security concerns, particularly for human rights defenders in Paraguay, requires a collective perspective. Only through a deep cultural and relational transformation can we create a more equitable environment where comprehensive well-being, including digital well-being, is accessible to all. While self-care remains important, this research emphasizes that the solution is not merely individual; it must be part of a collaborative and shared strategy that allows everyone to protect themselves and thrive in a fairer digital environment.

Download here the research.