OPSEC for Activists: Securing the Resistance under Trump-Musk Oligarchy
Imagine if you will: You're a high-ranking government official, entrusted with top-secret war plans. What do you do? Share them in a group chat, of course! Wait, what?
Believe it or not, that's exactly what happened recently when U.S. Defense Secretary Pete Hegseth, Director of National Intelligence Tulsi Gabbard, CIA Director John Ratcliffe, and other high-ranking officials leaked classified Yemen strike plans in a Signal group chat that included a journalist. This jaw-dropping breach of national security isn't just a political scandal--or the plot to the dumbest spy thriller ever—it's also a stark reminder of why operational security (OPSEC) matters for everyone, especially pro-democracy activists.
OPSEC isn't just for military brass or spy novels. It's a critical skill for anyone working to make a difference in today's digital world. Whether you're organizing protests, sharing sensitive information, or simply trying to protect your personal privacy, understanding OPSEC can be the difference between success and compromise.
In this post, we'll dive into the basics of OPSEC, exploring how these principles can keep you and your cause safe from prying eyes and potential adversaries. We'll show you how to develop habits that safeguard your important work.
What is OPSEC?
Operational Security (OPSEC) is a method of denying critical information to an adversary. It uses a systematic process to protect sensitive information from adversaries by identifying critical data, assessing risks, and implementing countermeasures. OPSEC emphasizes viewing operations from an adversary's perspective to uncover hidden vulnerabilities. It applies to both physical operations (like protests) and digital security, aiming to prevent the inadvertent exposure of critical data. OPSEC also deals with safeguarding information related to organizing and day-to-day activities of groups and organizations.
(Feel free to share this image online or in print. It includes a QR code and short link pointing back to this post.)
What are the 5 steps for OPSEC?
Most standard guides to OPSEC, whether focused on military, intelligence, or activist organizations, identify 5 steps to improving operational security. Those steps are
Identify Critical Information: Determine what data is sensitive and needs protection.
Making this determination means asking what kinds of information, if known by regime forces or their supporters, could compromise your safety or the effectiveness of your organizing. This could include information that describes or identifies your intentions, capabilities or weaknesses, meeting locations, identities of members, communication methods, or plans for protests and direct action. Of course, in some cases, publicizing some of the above types of information is necessary for successful action. The point is not to maintain secrecy above all else, but rather, to think carefully about what information it is necessary to disclose versus keeping secret.
Analyze Threats: Understand potential adversaries and their associated capabilities and intentions to collect, analyze, and exploit critical information about you or your group.
A threat is an adversary that has a combination of capability and intent to take actions detrimental to the success of the pro-democracy movement’s activities. Threats could include government surveillance, infiltrators into the movement, online monitoring, and potential legal actions the regime may use to deter dissent. Determining threat information is necessary to develop appropriate and realistic countermeasures.Assess Vulnerabilities: Identify weaknesses that could expose sensitive information.
An OPSEC vulnerability exists when the adversary can collect critical information to exploit the movement’s unaddressed weaknesses. Such information can often be derived from open-source information that can be collected and pieced together to reach conclusions about the movement, its members, strengths and weaknesses. For example, public membership lists or discussion boards can reveal how many people are in a movement and their identities. Public discussions can reveal intern conflicts among members that infiltrators can exploit to create division. Unsecured communications platforms or devices could be hacked.Evaluate Risks: Measure the impact of vulnerabilities if they were to be exploited.
Determining the level of risk is a key element of OPSEC. Understanding the risk involves evaluating an adversary’s ability to exploit vulnerabilities that would lead to exposure of critical information and what potential impact that could have on the movement’s mission and planning activities. Assessing the risks also provides activists justification for the use of countermeasures, or not, based on an analysis of costs and benefits to mitigating particular risks. Again, the goal is not secrecy for its own sake. Ideally, in fact, pro-democracy movements should seek to be as transparent as possible. Rather, the goal is to determine when the risks of transparency outweigh the benefits, and vice versa.Implement Countermeasures: Develop strategies to mitigate risks or determine acceptable levels of risk if unavoidable.
Countermeasures are designed to prevent an adversary from detecting or acquiring critical information, provide an alternative interpretation through deliberate use of deception, or deny an adversary’s collection capability entirely. Some examples could include:Using encrypted communication tools, such as Signal;
Avoiding public discussions of sensitive topics;
Planning activities only in person or using voice communication; or,
Compartmentalizing information so that adversaries have difficulty recognizing your group’s participants and plans.
Conclusion
Maintaining operational security is vital for a pro-democracy movement to protect its participants, resources, and strategies from the adversary's surveillance, repression, and infiltration. By implementing measures such as secure communication and contingency plans, the movement can preserve its ability to organize, resist, and sustain its efforts to dismantle tyranny despite the risks of detection and retaliation.
At the same time, movements must balance the need for security with a level of transparency regarding movement's intentions and actions. Such openness is vital for building trust and encouraging participation by demonstrating the movement's strength and commitment to its goals. This balance can be achieved by being broadly transparent about the movement's goals and nonviolent methods, while maintaining confidentiality regarding specific tactics, organizational details, and the identities of participants who may be at high risk of retaliation.