 The Foundation for Media Alternatives, can you just tell me a little bit about how the organization is founded and what its mandate is? Oh yeah, okay. Foundation for Media Alternatives, or FMA, we call it FMA, is basically established in 1986 after the martial law regime. So during those times, during the Marcus regime, there was a media crackdown. So everything you said about the government should be pro. Everything is about good, nothing bad, okay? So basically FMA did a lot of things underground to be able to assert the communication rights. So during that time, a lot of people specifically the human rights advocates are not able to share their own views using the media. So FMA created a platform which is a TV program entitled Street Pulse. Street Pulse? Oh yeah, Street Pulse, okay. So where everyone can share a public views and opinions using the TV program. So one of the hosts was Risa Ondiveros. She is currently a senator, female senator, and one of the founders of that organization. So from there, we used the platform which is the information communication technology as a strategic platform or tools to reclaim the democratic space during that time. And then when the internet came in in 1994 in the Philippines, we also looked into that how we can maximize the internet to assert our communication rights where we can share our views online. And then, yeah, somehow from then on we had this kind of, there are three main programs right now. So we have Agenda and ICT. The other one is Privacy and Surveillance. And then the third one is the Internet Governance, which is the internet rights. And basically, all those things are being conducted, a kind of research in various programs. So, yeah, that's how it works. So you have a background in social work, though? Yes. So how did you end up doing training for digital security? For the digital security? Okay, so way back ten years ago, I was a social worker by profession. So I've been working with women, migrant workers, children and youth, and then coordinating with the government and other stakeholders. When I entered into FMA, I realized that information communication technology is not just a separate thing, but a lot of women are now working using that platform and then the internet. And then I also see the trends that a lot of women are experiencing violence and abuse online. So I tried to understand how social work, in particular to women, the impact of technology to them. So basically, yes, I documented some cases of how women being abused online. So that's the starting point. And then later on, I tried to review some laws, particularly women, and how the ICT impacts. Because there are no particular law that protects women in the digital space. So that's the good thing. And then, yeah, from then on, the digital security somehow, yeah, we've been receiving a lot of cases since I'm handling the program, the gender ICT program. So we receive a lot of cases asking for help, how to report if somebody stalk online or somebody harass online. So definitely, FMA is not a service provider. So there is no case management, but we do several referrals to certain organizations, for instance, to address the cyber crime or maybe somebody needs counseling because there is no remedy on how to mitigate those things. So we do a lot of referrals to a certain people or to certain organizations to be able to address that incident. Sounds like very, very important. So we do a documentation because there are no documents, I mean, there are no living documents of how many women are being abused online. So FMA is one, I mean, for the country, FMA is doing a case mapping of how many women and young girls are being harassed online, in particular the online gender-based crimes. So I am the one who's doing that, monitoring all those things and using that reporting platform, take back the tech, which was developed by the APC, Association for Progressive Communication. They created it globally, but there is a certain platform for Filipinos. All the reports are already uploaded and use it as an evidence-based. And we bring it up to the sendmate for policy-making, for drafting a statement, calling for action, and so on. There's so much going on and so much to cover. So just to, I guess, focus in on the type of training that at least you've been doing with us this week, with groups working on very challenging human rights issues in the Philippines. But I know you've also done training outside the Philippines as well. But just in general, what are some of the biggest mistakes that human rights groups make in their digital security practice that you see on a regular basis? On a regular basis, I think, since Philippines is one of the social media capital, for the longest time, I mean, for the three consecutive years, FMA, I mean, the Philippines was recognized as a social media user. There was already a study on that. And prior to that, Philippines has been the text capital in the world. And then another one is, we were also recognized as a selfie capita, not just only the text capital, but also just the selfie and then later on this social media user. So I think being open, they were able to, I mean, not just only the human rights defenders or as an activist, even the ordinary people, they don't value their privacy. When they posted it online, they don't care if anyone can see it or not. So they just posted it as the way it is. They don't care. They want to share a lot of stories happening around. So I think that's one, one of the, did I call this one? One of the bad practices. And second, they also try to document everything and then put it online. And also they use, and most of the instances, there are several human rights group or individuals where some of their accounts were hacked and compromised because they use one password in all accounts. I think that's the bad thing. Yeah. And yeah, I think that's the common digital issues that they encounter day to day. Do you have a sort of a specific example of a situation where a security vulnerability was exploited by someone from the outside to the detriment that caused harm to a human rights organization that was quite significant? Yeah. I mean, for instance, in my own experience, since I am very vocal in this current administration during the election campaign up to this present, when I shared a lot of things about my sentiments and this human rights violation, I mean, a kind of remarks coming from the president deterred during that election campaign, I was attacked by someone. I don't know who's this person but this guy, I know he is a guy. He created a specific account using my photo and other personal information like the school that I've attended, the place where I live. Is this on Facebook or something like that? Yes, it's on Facebook. And then he screenshotted my photo on my Facebook account and then he created a new one. But he never used my real name, only the photo and the locations that I've been studying. I mean, the school that I've attended and then the place where I live. And then later on, he used a screen name which is Marian Darna. Darna is a female iconic hero in the Philippines. So he used that name and then tagging me that I am harassing other people online. So the second thing after that, I also received a threat. Well, basically my understanding was this guy was just reporting an incident that someone is harassing him. But later on when I trying to dig down the information, this is unusual because that was the first time that I received. And directly to my personal account, not on our platform, I considered it already as a threat but that this guy is already threatening me and he wanted me to stop talking about the administration. The third incident was this guy emailed our company telling that they already reported me at the law enforcement and being monitored. So those three things was really creepy. And I think that's the basic experience that I've encountered and already received an identity theft and a kind of harassment. And then of course the impact on my day-to-day activities was really difficult for me to go outside. Because from the time I go home to my office or to my school, I don't know if someone is trying to stalk me or someone is following me. So I have to spend a lot of money just to change my daily route and then have to ask somebody to accompany me wherever I go. And I cannot go out my house without informing other people. So once somebody is trying to pass by, I always lock the door and the window. Those are the things that happened to me last year. Actually it was happened last year. So since then, I have to do something for my own security. So I went to the law enforcement and reported all those incidents. Luckily, all those allegations was not true. I have no records, any records from the law enforcement both in NBI and BNB. So when I tried to do a digital security thing to identify this guy, I found out that it was my childhood friend. He is my classmate since kinder and we grew up together. And then I found out that he is a prominent supporter of this current administration, particularly the President Duterte. So I tried to contact him but he declined and reject all the kind of allegations that I found. So I threatened him personally and told him that if he would don't stop doing this things to me, I can file any charges from you, from administrative to civil case. And then he stopped after words. I think those are the things. Some of the human rights defenders are now being targeted by the law enforcement by snooping their Facebook account. So those are already, I think, five of them are being surveilled by the law enforcement. So now's the time to really work on securing all of their presence. It's not something you've taken for granted. I think one of the bad practices also, they use a lot of time using Facebook to organize the social action, I mean the mobilization action. And then whenever I call their attention, oh, do not choose Facebook as your platform to organize people. But for convenience wise, this is the only way to reach people using Facebook Messenger. So I think since you are being targeted by the law enforcement or other predators, it's easy for them to track the movement, the plans or the strategies that you wanted to do. So yeah, it's really hard for them to convince to use the security, the secure online communication signal or encrypted email. Because it's not the way they used it before. So it takes a lot of time actually. So convenience is the enemy of good digital security hygiene, I guess. So on that note, what would be your top three things that a human rights defender should be doing today to improve their digital security hygiene? So you really isn't taking care of things as they should be? What would be the first three things you would tell them to do? I think the first thing that they should do is first, they have to conduct a digital audit. All kinds of accounts that are associated to their personal and organizational. They have to identify which account is more secure or safe. And then second, try to create a separate account for your personal matters to your organizational or maybe they can create another persona which is not affiliated to their own personality or to their own organization. That's definitely. And then third, do not use password over time. Okay, so there are a lot, I mean, I know a lot of people who are using one password in all accounts. Surprisingly common, I think. Yeah, it's a common thing. Another one, they also associate it with their own personalities like for instance, the anniversary of their parents or, I mean, the special events. And then, yeah, I think having a strong password is always your first line of defense for online safety. Those are the three things. And then the rest will follow. So one of the things that people often say when they are told, you need better passwords, you need different passwords of different accounts, the first response is, well, how do I remember them all? And we don't want to be writing them down, making them on paper. What is the best solution for storing and keeping track of multiple passwords? Yeah, like earlier, I discussed about there is a software tool where you can store all your different passwords or email accounts and put it in one platform. We used a password manager so where you have to remember at least one master key password and you put all together all your accounts there. So once you created that account, all you have to do is to remember the awad master key and then the rest you can also you can put everything there and then copy and paste it to your specific account. Using password manager somehow is really useful. And then the other one, of course, if you're not really I mean, if you're not really familiar with that, I think you have to enable your multi-factor authentication. There are several ways to activate it using your mobile phone, your email addresses, your one-time password just to get all those things before you will get access it. I think those are the few things that maybe somehow you can use it. It gets you much further along the road to being secure, doesn't it? I think other layer of security is more important than nothing. Yeah, definitely. So if someone is, if an individual or an organization is learning more about improving their digital security whether that be here, the Philippines or in different countries, wherever they are, what are some of the steps they can take? Where can they go for advice and support? What would you recommend for people who want to learn more? Okay, there are several platforms where they can look for that information. For instance, tactical tech. It is a large group based in Germany and it is a collective group actually organized by civil society and human rights defenders. There are a group of female LGBT techie people who can assist you for that. So they already came up with a digital security module where they can apply. For instance, if I'm not available, other people can do a digital security using that platform. There is another group which is AccessNow. They have a helpline hotline. So they are 24-7 and it's a regional base. So if you're a base in the Philippines and you need a 24-7 hotline, you can get in touch with them. And somebody from the Philippines can look into that. But if you're a base in Cambodia, they will find a Cambodian people to assist you. So I had an experience earlier this year of receiving a SPF-hishing email. What are some of the things that... If you receive an email, you don't know who it's from and the content seems a little suspicious to you. What should you do? At the beginning, you already recognized that the email address is not really familiar first. Second, you have to look into the subject title. If it's not related to your work or to anything about you, open it. If you accidentally open it, it's okay to read. But if there's a link, portion, never click it. So those are the things that you may consider. If the content is quite malicious and there's a link to direct to another platform, never click it because they might steal some information from your account. So better not to read it maybe you can delete it or just block it or report it as a spam message. Those are the things that you may consider. Okay. That's all the questions I have for you today. Thank you so much for sitting down and having a chat. We really appreciate bringing your expertise and insight. Thank you very much.