Human rights defenders at risk

Human Rights are guaranteed under international law but working to ensure that they are realised and taking up the cases of those who have had their rights violated can be a dangerous business in countries all around the world. Human Rights Defenders are often the only force standing between ordinary people and the unbridled power of the state. They are vital to the development of democratic processes and institutions, ending impunity and the promotion and protection of human rights.

Human Rights Defenders often face harassment, detention, torture, defamation, suspension from their employment, denial of freedom of movement and difficulty in obtaining legal recognition for their associations. In some countries they are killed or “disappeared.”

Over the last few years, general awareness has increased of the enormous risk human rights defenders face in their work. The risk is easy to identify when defenders work in hostile situations, for instance, if a country’s laws penalise people who do certain types of human rights work. Defenders are also at risk when the law fully sanctions human rights work on the one hand, but fails to punish those who threaten or attack defenders on the other. In armed conflict situations, the risk becomes even higher.

Apart from a few chaotic situations during which a defender’s life may be in the hands of soldiers at a checkpoint, the violence committed against defenders can’t be called indiscriminate. In most cases, violent attacks are a deliberate and well-planned response to defenders’ work, and linked to a clear political or military agenda.

These challenges require human rights defenders to implement comprehensive and dynamic security strategies in their day to day work. Giving defenders well-meant advice or recommending that they “take care” is not enough. Better security management is key. This manual does not offer tailor-made solutions ready to be applied to any scenario. However, it does try to provide a set of strategies aimed at improving defenders’ security management.

The most effective security lessons come from defenders themselves - from their daily experiences and the tactics and strategies they develop over time in order to protect others and their own working environments. This manual must therefore be understood as a work in progress which will need to be updated and adapted as we gather more input from human rights defenders working on the front line.

There are also lessons to be learned from international humanitarian NGOs, who have recently started to develop their own rules and procedures to maintain staff security.

It is important to be aware that the main risk for defenders is that threats often materialise into actual attacks. Aggressors have the will, the means and the impunity to put threats into action. The best tool for protecting defenders is therefore political action to address the one, big, remaining issue: The need for governments and civil society to put pressure on and act against those who day after day threaten, harass and kill defenders. The advice given in this manual is in no way intended to replace the due responsibility of each and all governments to protect human rights defenders.

That said, defenders can significantly improve their security by following a few tried and tested rules and procedures.

This manual is a humble contribution to an aim shared by many different organisations: To preserve the invaluable work that human rights defenders do. They are the ones on the front line, and they are also the main characters of this manual.

The manual

The purpose of this manual is to provide human rights defenders with additional knowledge and some tools that may be useful for improving their understanding of security and protection. It is hoped that the manual will support training on security and protection and will help defenders to undertake their own risk assessments and define security rules and procedures which suit their particular situation.

This manual is the result of a long term project by PBI on field protection for defenders. We have had the opportunity to learn from and share experiences and knowledge with hundreds of defenders in the field, as well as in workshops, meetings and discussions about security. Most of the manual’s contents have already been applied in practice, either in protection work or in training workshops with defenders. This manual is the fruit of all these exchanges, and we owe the defenders involved a huge thanks for their input.

Security and protection are difficult areas. They are based around structured knowledge, but also influenced by individual attitudes and organisational behaviour. One of the key messages in this manual is to give the issue of security the time, space and energy it deserves, despite overloaded work agendas and the severe stress and fear all defenders and their organisations are under. This means going beyond people’s individual knowledge about security and moving towards an organisational culture in which security is inherent.

Knowing enough about a conflict scenario and understanding the local political logic are also key to proper management of defenders’ security. This manual contains an overall framework as well as a step by step approach for managing security. It also includes some reflections on basic concepts like risk, vulnerability and threat, and a few suggestions for how to improve and develop security for defenders in their day to day work. We hope that the topics covered will allow NGOs and defenders to plan for and cope with the increasing security challenges involved in human rights work. This said, the first thing we wish to remind all of us is that defenders risk their well-being and their lives, and this is serious stuff. Sometimes the only way to save a life is just going into hiding and then fleeing. We want to leave it very clear that all the techniques and suggestions in this manual are not, by any means, the only way to think about security issues for defenders. The manual has been written in good faith but sadly offers no guarantee of success.

Let's improve this manual

Let’s improve this Manual…

The manual is a work in progress, and will need to be developed, improved and refined over time. Your feedback as a defender on any aspect of this manual will be invaluable: Please send any comments and opinions - particularly in terms of your experiences of using the manual in your work. With your help, we can make this manual an increasingly useful tool for defenders all over the world.

Email to any of us:

• protectionmanual@frontlinedefenders.org
• pbibeo@biz.tiscali.be
• pbibeo@protectionline.org

Or by post to Front Line or PBI

• PBI- European Office

38, Rue Saint-Christophe, 1000 Bruxelles (Belgium) Tel/fax + 32 (0)2 511 14 98

• Front Line

81 Main Street, Blackrock, County Dublin, Ireland tel: +353 1212 3750 fax: +353 1212 1001

A short introduction to human rights defenders

“Human rights defender” is a term used to describe people who, individually or with others, take action to promote or protect human rights. Human rights defenders are identified above all by what they do, and the term can therefore best be explained by describing their actions and some of the contexts they work in. In 1998 the United National General Assembly approved the “Declaration on the Right and Responsibility of Individuals, Groups and Organs of Society to Promote and Protect Universally Recognized Human Rights and Fundamental Freedoms” (Hereafter the “UN Declaration on Human Rights Defenders”). In other words, fifty years after the Universal Declaration of Human Rights, and after twenty years of negotiations on a draft declaration on human rights defenders, the United Nations finally recognized what is a reality: that thousands of people were promoting and contributing to the protection of human rights throughout the world. This is an inclusive Declaration that honours the amount and variety of people engaged in the promotion and protection of human rights. The Special Representative of the UN Secretary General on Human Rights Defenders is mandated "to seek, receive examine and respond to information on the situation and the rights of anyone, acting individually or in association with others, to promote and protect human rights and fundamental freedoms." Front Line defines a human rights defender as "a person who works, non-violently, for any or all of the rights enshrined in the Universal Declaration of Human Rights." Front Line seeks to promote the UN Declaration on Human Rights Defenders.

Who is responsible for protecting human rights defenders?

The Declaration on Human Rights Defenders stresses that the state is primarily responsible for protecting human rights defenders. It also acknowledges “the valuable work of individuals, groups and associations in contributing to the effective elimination of all violations of human rights and fundamental freedoms” and “the relationship between international peace and security and the enjoyment of human rights and fundamental freedoms”.

But according to Hina Jilani, Special Representative of the UN General Secretary on Human Rights Defenders, “exposing human rights violations and seeking redress for them is largely dependent on the degree of security enjoyed by human rights defenders” . A look at any report on human rights defenders throughout the world reveals stories of torture, disappearances, killings, threats, robbery, break-ins to offices, harassment, illegal detentions, being subjected to intelligence and surveillance activities, etc. Unfortunately, this is the rule and not the exception for defenders.

Suggested further reading

To find out more about human rights defenders, visit:

• www.unhchr.ch/defender/about1.htm (The UN High Commissioner on Human Rights).
• www.frontlinedefenders.org (Front Line, The International Foundation for Human Rights Defenders)
• www.peacebrigades.org/beo.html (The European Office of Peace Brigades International in Brussels)
• The Observatory for the Protection of Human Rights Defenders, created by the International Federation on Human Rights (FIDH; www.fidh.org) and the World Organisation Against Torture (OMCT; www.omct.org).
• Amnesty International: www.amnesty.org and http://web.amnesty.org/pages/hrd-index-eng
• www.ishr.ch, see under “HRDO” (The HRD Office of the International Service for Human Rights in Geneva)

 To learn more about existing international legal instruments and the UN Declaration on Human Rights Defenders, visit :

• www.unhchr.ch : This is the web site of the UN High Commissioner for Human Rights.
• www.frontlinedefenders.org/manual/en/index.htm (Front Line, Ireland), for a manual on international instruments for human rights defenders. Their links page is very useful also: http://www.frontlinedefenders.org/links/
• www.ishr.ch/index.htm (International Service for Human Rights, Geneva), for a compilation of international and regional instruments for the protection of human rights defenders.

Human rights defenders' working environments

Human rights defenders usually work in complex environments, where there are many different actors, and which are influenced by deeply political decision-making processes. Many things will be happening almost simultaneously, with each event impacting on another. The dynamics of each actor, or stakeholder, in this scenario will play a significant role in that actor’s relationships with others. Human rights defenders therefore need information not only about issues directly related to their work, but also about the positions of key actors and stakeholders.

A simple exercise would be to organize a group brainstorming to try to identify and list all the social, political and economic actors that may have an influence on your current security situation.

Analysing your working environment

It is very important to know and understand as much as possible about the context you are working in. A good analysis of that context enables informed decisions about which security rules and procedures to apply. It is also important to think about possible future scenarios, in order, where possible, to take preventive action.

However, simply analysing your working environment isn’t enough. You also need to look at how each intervention could affect the situation and how other actors might react to each one. It is also important to take into account the dimensions of a work scenario. You can undertake an analysis at macro level by studying a country or a region, but you also have to find out how those macro dynamics function in the particular area where you are working, i.e. the micro dynamics. For instance, paramilitaries in one local area may act differently to how you might expect following a regional or national analysis. You need to be aware of such local characteristics. It is also crucial to avoid having a fixed view of a work scenario, because situations evolve and change. They should therefore be reviewed regularly.

Asking Questions, the Force Field Analysis and the Stakeholder Analysis are three useful methods for analysing your working environment:

Risk analysis and protection needs

Human rights defenders’ work can have a negative impact on specific actors’ interests, and this can in turn put defenders at risk. It is therefore important to stress that risk is an inherent part of defenders’ lives in certain countries.

The issue of risk can be broken down in the following way:

Analyse main stakeholders´ interests and strategies -> Assess impact of defenders´ work :on those interests and strategies -> Assess threat against defenders -> Assess :vulnerabilities and capacities of defenders -> Establish Risk

In other words, the work you do as a defender may increase the risk you face.

• What you do can lead to threats
• How, where, and when you work raises issues about your vulnerabilities and capacities.

There is no widely accepted definition of risk, but we can say that risk refers to possible events, however uncertain, that result in harm.

In any given situation, everyone working on human rights may face a common level of danger, but not everyone is equally vulnerable to that general risk just by being in the same place. Vulnerability - the possibility that a defender or a group will suffer an attack or harm - varies according to several factors, as we will see now.

An example:

There may be a country where the Government poses a general threat against all kinds of ::human rights work. This means that all defenders could be at risk. But we also know ::that some defenders are more at risk than others; for instance, a large, well ::established NGO based in the capital will probably not be as vulnerable as a small, ::local NGO. We might say that this is common sense, but it can be interesting to analyse ::why this happens in order to better understand and address the security problems of ::defenders.

The level of risk facing a group of defenders increases in accordance with threats that have been received and their vulnerability to those threats, as presented in this equation :

RISK = THREATS x VULNERABILITIES

Threats represent the possibility that someone will harm somebody else‘s physical or moral integrity or property through purposeful and often violent action . Making a threat assessment means analysing the likelihood of a threat being put into action.

Defenders can face many different threats in a conflict scenario, including targeting, common crime and indirect threats.

The most common type of threat – targeting - aims to hinder or change a group's work, or to influence the behaviour of the people involved. Targeting is usually closely related to the work done by the defenders in question, as well as to the interests and needs of the people who are opposed to the defenders´ work.

Defenders may face the threat of common criminal attacks, especially if their work brings them to risky areas. Many cases of targeting are carried out under the guise of being ‘ordinary’ criminal incidents.

Indirect threats arise from the potential harm caused by fighting in armed conflicts, such as ‘being in the wrong place at the wrong time’. This applies specially to defenders working in areas with armed conflict.

Targeting (targeted threats) can also be seen in a complementary way: Human rights defenders may come across declared threats, for example by receiving a death threat (see Chapter 3, for how to assess declared threats). There are also cases of possible threats, when a defender close to your work is threatened and there are reasons to believe that you might be threatened next.

A summary of kinds of threats:

-Targeting (declared threats, possible threats): threats due to your work -Threats of common criminal attacks -Indirect threats: Threats due to fighting in armed conflicts.

Vulnerabilities

Vulnerability means the degree to which people are susceptible to loss, damage, suffering and death in the event of an attack. This varies for each defender or group, and changes with time. Vulnerability is always relative, because all people and groups are vulnerable to some extent. However, everyone has their own level and type of vulnerability, depending on their circumstances. Let’s see some examples:

• Vulnerability can be about location. For example, a defender is usually more vulnerable when s/he is out on the road during a field visit than when s/he is at a well known office where any attack is likely to be witnessed.

• Vulnerabilities can include lack of access to a phone or to safe ground transportation or to proper locks in the doors of a house. But vulnerabilities are also related to the lack of networks and shared responses among defenders.

• Vulnerabilities may also have to do with team work and fear: A defender that receives a threat may feel fear, and his/her work will be affected by fear. If s/he has no a proper way to deal with fear (somebody to talk to, a good team of colleagues, etc) chances are that s/he could makes mistakes or take poor decisions that may lead him/her to more security problems.

There is a combined check-list of possible vulnerabilities and capacities at the end of this chapter.

Capacities

Capacities are the strengths and resources a group or defender can access to achieve a reasonable degree of security. Examples of capacities could be training in security or legal issues, a group working together as a team, access to a phone and safe transportation, to good networks of defenders, to a proper way of dealing with fear, etc.

In most cases,

vulnerabilities and

capacities are two sides of

the same coin.

For example:

Not knowing enough about your work environment work is a vulnerability, while having this knowledge is a capacity. The same can be said about having or not access to safe transportation or to good networks of defenders.

(There is a combined check-list of possible vulnerabilities and capacities at the end of this chapter).

The risk created by threats and vulnerabilities can be reduced if defenders have enough capacities (the more capacities, the lesser the risk).

Risk = threats x vulnerability / capacities

In summary

Summary:

In order to reduce risk to acceptable levels - namely, to protect - you must:

• Reduce threats;
• Reduce vulnerability factors;
• Increase protection capacities.

Risk is a dynamic concept that changes with time and with variations in the nature of threats, vulnerabilities and capacities. This means risk must be assessed periodically, especially if your working environment, threats or vulnerabilities change. For instance, Vulnerabilities can also increase if a change of leadership leaves a group of defenders in a weaker position than before. Risk increases dramatically with a clear and present threat. In such cases, it is not safe to try to reduce risk by increasing capacities, because that takes time.

Security measures, such as legal training or protective barriers, could reduce risk by reducing vulnerability factors. However, such measures do not confront the main source of risk, i.e. the threats, nor the will to carry them out, especially in situations where perpetrators know they are likely to go unpunished. All major interventions in protection should therefore aim to reduce threats, in addition to reducing vulnerability and enhancing capacity.

An example:

A small group of defenders are working on land property issues in a town. When their :work starts affecting the local landowner’s interests they receive a clear death :threat. If you apply the risk equation to their security situation, you’ll see that :the risk these defenders face is very high, above all due to the death threat. If you :want to reduce that risk it is probably not the moment to start changing the locks on :the door of their office (because the risk is not related to a break-in at the :office), nor the moment to buy a cell phone for each defender (even if communication :might be important to security it is unlikely to be enough if there is someone coming :to kill you). In this case, a more relevant strategy would be to work on networking :and generating political responses to directly confront the threat (and if that is :unlikely to be effective quickly the only way to reduce the risk significantly might :be to reduce the defenders exposure, perhaps by moving away for a while – being able :''to relocate to a safe place is also a capacity).

Vulnerabilities and capacities, as well as some threats, may vary according to gender and age. You therefore need to break down your findings accordingly.

Vulnerabilities and capacities assessment

Designing a vulnerability and capacities assessment for a given group (or person) involves defining the group itself (a community, collective, NGO, individuals, etc), the physical area where it is located and the time line (your vulnerability profile will change and evolve over time). Then you can proceed to assess vulnerabilities and capacities, using Chart 3 at the end of this chapter as a guidance.

Please note: The vulnerabilities and capacities assessment must be seen as an open-ended activity aimed at building on existing information to maintain an accurate picture of a constantly evolving situation. When assessing capacities, it is important to establish what the actual current capacities are instead of listing potential, desirable ones.

Coping and response strategies

Defenders and groups under threat use different coping strategies to deal with the risks they perceive that they face. These strategies will vary a lot depending on their environment (rural, urban), the type of threat, the social, financial and legal resources available, etc.

Most coping strategies can be implemented immediately and in response to short term objectives. They will therefore function more like tactics than as detailed response strategies. Most strategies also respond to individual people’s subjective perceptions of risk, and could at times cause the group some level of harm, especially if the strategies used cannot be reversed.

Coping strategies are closely related to the type and severity of threat and to the group’s capacities and vulnerabilities.

When thinking about security and protection you must take into account both your own and other people’s coping strategies. Reinforce the effective ones, try to limit harmful ones and try to respect the remaining ones (especially coping strategies linked to cultural or religious beliefs). Some coping strategies:

• Reinforcing protective barriers, hiding valuables.
• Avoiding behaviour which could be questioned by another actor, especially if control of the territory where you are working is under military dispute.
• Going into hiding during high risk situations, including in places that are difficult to access, like mountains or jungle, changing houses, etc. Sometimes whole families go into hiding, and sometimes just defenders. Hiding could take place at night or go on for several weeks, and might involve no outside contact.
• Looking for armed or political protection from one of the armed actors.
• Suspending activities, closing down the office, evacuating. Forced migration (internal displacement or as refugees) or going into exile.
• Relying on “good luck” or resorting to “magic” beliefs.
• Becoming more secretive, including with colleagues; going into denial by refusing to discuss threats; excessive drinking, overwork, erratic behaviour.

Defenders also have access to response strategies. These can include issuing reports to publicise a specific issue, making allegations, staging demonstrations, etc. In many cases these strategies do not amount to a long term strategy, but respond to short term needs. In some cases the response strategies might even create more security problems than those they were intended to address.

When analysing coping and response strategies, take the following into account:

• Sensitivity: Can your strategies respond quickly to individual or group security needs?
• Adaptability: Can your strategies be quickly adapted to new circumstances, once the risk of attack is over? A defender may have several options available, for example to either hide or to live at other people’s houses for a while. Such strategies may seem weak or unstable, but often have great endurance.
• Sustainability: Can your strategies endure over time, despite threats or non-lethal attacks?
• Effectiveness: Can your strategies adequately protect the people or groups in question?
• Reversibility: If your strategies don’t work or the situation changes, can your strategies be reversed or changed?

Dealing with risk after doing a risk assessment

Once your risk assessment has been done, you need to look at the results. As it is impossible to measure the “amount” of risk you are facing, you need to establish an understanding of what the level of risk is.

Different defenders and organisations may estimate different levels of risk. What is unacceptable for some defenders can be acceptable for others, and the same can be said for people within the same organisation. Rather than discussing what “must” be done or whether you are prepared for going ahead with it, people’s different thresholds of risk must be addressed: You must find a commonly acceptable threshold for all members of the group.

That said, there are different ways of dealing with risk:

• You can accept the risk as it stands, because you feel able to live with it;
• You can reduce the risk, by working on threats, vulnerabilities and capacities;
• You can share the risk, by undertaking joint actions with other defenders to make potential threats to one defender or organisation less effective;
• You can choose to avoid the risk, by changing or stopping your activities or changing approach to reduce potential threats;
• You can ignore the risk, by looking the other way. Needless to say, this is not the best option.

Bear in mind that the levels of risk are usually different for each of the organizations and individuals involved in a human rights case, and that attackers usually tend to hit in the weakest parts, so that you have to pay attention to these different levels of risk and take specific measures. For example, let’s look at a case of a peasant killed by a landowner private army. There may be several organizations and individuals involved in it, such as a group of lawyers from the close-by capital city, a local peasant union and three witnesses (peasants who live in a nearby village). It is key to assess the different levels of risk of each of these stakeholders in order to plan properly for the security of each of them.

Chart 3: Information needed to assess a group's vulnerabilities and capacities

---

A risk scales: Another way to understand risk

A scales provides another way to understand this concept of risk: This is something we might call ... a “risk-meter”. If we put two boxes with our threats and vulnerabilities on one of the plates of the scales, and another box with our capacities on the other plate, we will see how our risk gets increased or reduced.

Threats assessment: Understanding threats in depth

The repression of human rights defenders is all about psychology. Threats are widely used to make defenders feel vulnerable, anxious, confused and helpless. Ultimately, repression also seeks to break organisations and make defenders lose trust in their leaders and colleagues. Defenders have to tread a fine line between careful and proper management of threats and maintaining a sense of safety in our work. This is also the main objective of this chapter.

In Assessing risks: threats, vulnerabilities and capacities, threats were defined as “the possibility that someone will harm somebody else’s physical or moral integrity or property, through purposeful, often violent action”. We also talked about possible threats (when a defender close to your work is threatened and there is reason to believe you might be threatened next), and declared threats (receiving a death threat, for example). We will now look at how to deal with declared threats.

A declared threat is a declaration or indication of an intention to inflict damage, punish or hurt, usually in order to achieve something. Human rights defenders receive threats because of the impact their work is having, and most threats have a clear objective to either stop what the defender is doing or to force him or her to do something.

A threat always has a source, i.e. the person or group who has been affected by the defender’s work and articulates the threat. A threat also has an objective which is linked to the impact of the defender’s work, and a means of expression, i.e. how it becomes known to the defender.

Threats are tricky. We might say with a certain amount of irony that threats are “ecological”, because they aim to achieve major results with a minimum investment of energy. A person making a threat has chosen to do that, rather than take action - a higher investment of energy. Why? There may be a number of reasons why, and it is worth mentioning them here:

• The person making the threat has the capacity to act but is to some extent concerned about the political cost of acting openly against a human rights defender. Anonymous threats can be issued for the same reason.
• The person making the threat has a limited capacity to act and intends to achieve the same aim by hiding his or her lack of capacity behind a threat. This limited capacity may only be temporary due to other priorities, or permanent, but in both cases things may change and lead to direct action against the defender later on.

A threat is a personal experience, and always has an effect. Or, in other words, threats always affect people in some way. One defender once said that: “Threats achieve some effect, even only due to the fact that we are talking about threats”. In fact, any threat can have a double impact: emotionally, and in terms of security. We will concentrate on security here, but we should not forget the emotional side of every threat.

We know that a threat is usually linked to the impact of our work. Receiving a threat therefore represents feedback on how your work is affecting someone else. If you look at it in this way, a threat is an invaluable source of information, and should be analysed carefully.

Making vs. posing a threat

People issue threats against human rights defenders for many reasons, and only some have the intention or capacity to commit a violent act. However, some individuals can represent a serious threat without ever articulating it. This distinction between making and posing a threat is important:

• Some people who make threats ultimately pose a threat.
• Many people who make threats do not pose a threat.
• Some people who never make threats do pose a threat.

A threat is only credible if it suggests that the person behind it has the capacity to act against you. It has to demonstrate a minimum level of force or have a menacing element designed to provoke fear.

The person behind the threat can demonstrate his or her capacity to act quite simply, for example by leaving a written threat inside a locked car, even when you have left it parked for just a few minutes, or by phoning just after you have arrived home, letting you know you are being watched.

People can try to instil fear in you by introducing symbolic elements into threats, for example by sending you an invitation to your own funeral or putting a dead animal on your doorstep or on your bed at home.

Many threats show a combination of the above characteristics. It is important to distinguish between them, because some people who send threats pretend to have the capacity to act by using symbolic and frightening elements.

Anyone can make a threat, but not everyone can pose a threat.

At the end of the day, you need to know whether the threat can be put into action. If you are reasonably sure that this is unlikely, your approach will be completely different than if you think a threat has some basis in reality.

The two main objectives when assessing a threat are:

• To get as much information as possible about the purpose and source of the threat (both will be linked to the impact of your work);
• To reach a reasonable conclusion about whether the threat will be acted on or not.

Five steps to assessing a threat

1. Establish the facts surrounding the threat(s). It’s important to know exactly what has happened. This can be done through interviews or by asking questions to key people, and occasionally through relevant reports.

2. Establish whether there is a pattern of threats over time. If several threats are made in a row (as often happens) it is important to look for patterns, such as the means used to threaten, the times when threats appear, symbols, information passed on in writing or verbally, etc. It is not always possible to establish such patterns, but they are important for making a proper threat assessment.

3. Establish the objective of the threat. As a threat usually has a clear objective linked to the impact of your work, following the thread of this impact may help you establish what the threat is intended to achieve.

4. Establish who is making the threat. (This can only be done by going through the first three steps first.) Try to be as specific as possible. For example, you could say that “the government” is threatening you. But since any government is a complex actor, it is more useful to find out which part of the government may be behind the threats. Actors such as “security forces” and “guerrilla groups” are also complex actors. Remember that even a signed threat could be false. This can be a useful way for the person making the threats to avoid political costs and still achieve the aim of provoking fear in a defender and trying to prevent him or her from working.

5. Make a reasonable conclusion about whether or not the threat can be put into action. Violence is conditional. You can never be completely sure that a threat will – or will never - be carried out. Making predictions about violence is about stating that, given certain circumstances, a specific risk exists that a particular person or group will act violently against a particular target.

Defenders are not fortune tellers and cannot pretend to know what is going to happen. However, you can come to a reasonable conclusion about whether or not a given threat is likely to be put into action. You may not have gained enough information about the threat through the previous four steps and may therefore not reach a conclusion. You may also have different opinions about how “real” the threat is. In any case, you have to proceed on the basis of the worst case scenario.

For example:

Death threats have been made against a human rights worker. The group analyses the threats and reach two opposing conclusions, both based on good reasoning. Some say the threat is a total fake, while others people see worrying signals about its feasibility. At the end of the meeting, the group decides to assume the worst case scenario, i.e. that the threat is feasible, and take security measures accordingly.

This threat assessment progresses from solid facts (step 1) to increasingly speculative reasoning. Step 2 involves some interpretation of the facts, and this increases further through steps 3 to 5. There are good reasons for following the order of the steps. Going directly to step 2 or 4, for example, will miss out the more solid information arising from the previous steps.

Maintaining and closing a threat case

A threat or security incident can alarm a group of defenders, but it is usually difficult to maintain this feeling of alarm until the threat has passed. Because of the constant outside pressure on defenders in their work, ringing organisational alarm bells too often could lead the group to lose interest and come off their guard.

Raising a group alarm should only happen based on reliable evidence and should be focused on a specific anticipated event. It must be designed to motivate group members to act, and call for a specific set of actions to be taken. To be most effective, an alarm should only stimulate a moderate level of motivation: Too low doesn’t get people to act, but too high creates emotional overload. If the threat is likely to persist over time, it is essential to debrief people and do follow-up after the initial alarm was raised to correct misinformation, change misguided recommendations, and reinforce the group’s trust in their joint efforts.

Finally, if the threat does not materialise, some explanation of why must be provided, and the group should be informed that the threat is lower or has disappeared altogether.

You can consider closing a threat case when the potential attacker is deemed to no longer pose a threat. Ideally, to be sure that you are right to close a case, you should be able to explain why first. Questions should also be asked about changed circumstances which could trigger the person behind the threats to move towards violent action.

Reacting to threats in security terms

• A threat can be considered a security incident. To find out more about responding to security incidents, continue on to the following section.

• An assessment of declared threats can lead you to think that you could be attacked. Please see the section entitled preventing and reacting to attacks.

What is a security incident?

Put simply, a security incident can be defined as any fact or event which you think could affect your personal or organizational security.

Examples of security incidents could include seeing the same, suspicious vehicle parked outside your office or home over a number of days; the telephone ringing at night with nobody at the other end; somebody asking questions about you in a nearby town or village, a break-in to your house, etc.

But not everything you notice will constitute a security incident. You should therefore register it, by writing it down, and then analyse it, ideally with colleagues, to establish if it really could affect your security. At this point you can react to the incident. The sequence of events is as follows:

You notice something -> you realise it might be a security incident -> you register it / share it -> you analyse it -> you establish that it is a security incident -> you react appropriately.

If the matter is pressing, this sequence should still take place, just much more quickly than usual to avoid delay (see below).

How to distinguish between security incidents and threats:

If you are waiting for a bus and somebody standing next to you threatens you because of your work, this - apart from being a threat - constitutes a security incident. But if you discover that your office is being watched from a police car at the opposite side of the street, or your mobile phone is stolen, these are security incidents, but not necessarily threats. Remember: threats have an objective (see Chapter 2), and incidents just happen.

All threats are security incidents,

but not all security incidents are threats.

Why are security incidents so important?

Security incidents are crucial to handling your security because they provide vital information about the impact your work is having, and about possible action which may be planned or carried out against you. Likewise, such incidents allow you to change your behaviour or activities and avoid places which could be dangerous, or more dangerous than normal. Security incidents can therefore be seen as indicators of the local security situation. If you couldn’t detect such changes it would be difficult to take appropriate and timely action to stay safe.

For instance, you may realize that you are under surveillance after noticing several security incidents: Now you can take action about surveillance.

Security incidents represent “the minimum unit” of

security measurement and indicates the

resistance/pressure on your work.

Do not let them go unnoticed!

When and how do you notice security incidents?

This depends on how obvious the incident is. If it could potentially go unnoticed, your ability to recognise it depends on your security training and experience and your level of awareness.

The greater your awareness and training,

the fewer incidents will escape your attention.

Security incidents are sometimes overlooked or briefly noticed and then brushed to one side, or people sometimes overreact to what they perceive as security incidents.

Why a security incident may go unnoticed?

An example:

A defender experiences a security incident, but the organisation s/he works with does not react at all. This could be because…

• the defender isn’t aware that a security incident took place;
• the defender is aware of it but dismisses it as unimportant;
• the defender hasn’t informed the organisation (s/he forgot, doesn’t believe it necessary, or decide to keep quiet because it happened because of a mistake on their part);

* the organisation, having done a team evaluation of the incident after the defender registered it in the incident book, does not judge action necessary.

Why do people sometimes overreact to security incidents?

For example:

A colleague might be constantly telling stories about some security incident or other, but on further examination they prove not to have substance or merit the definition. The actual security incident in this instance is the fact that your colleague has a problem which makes him/her see non-existent security incidents. S/he might be feeling very afraid, or suffering from stress, and should be offered support to resolve the problem.

Do not forget that it is more

common that security incidents are overlooked or

dismissed: Be careful about this!

Dealing with security incidents

You can deal with security incidents in three basic steps:

1. Register them. Every security incident noticed by a defender must be registered, either in a simple, personal notebook or one accessible to the whole group.

2. Analyse them. All registered security incidents should be properly analysed straight away or on a regular basis. It is better to analyse them as a team rather than individually because this minimises the risk of missing something. Someone should be put in charge of making sure this is done.

Decisions must also be made about whether or not to maintain confidentiality about specific incidents (such as threats). Is it ethical and realistic to keep a threat hidden from colleagues and other people you work with? No single rule applies to every situation, but it is often best to be as open as possible in terms of sharing information and addressing logistical concerns, as well as fears.

3. React to them. Given that security incidents give feedback on the impact of your work, they could lead to the following:

• Reaction to the incident itself.
• Feedback, in security terms, about how you work, your work plans or your work strategy.

Example ______________________________________________________________________________________________________________ of an incident which provides feedback on working more securely:

For the third time somebody from your organisation has had problems passing through :police checkpoint because they frequently forget to carry the necessary documents. :You therefore decide to compile a checklist which all staff members must consult :before leaving the city. You might also change the route for these types of

journeys.

Example _____________________________________________________________________________________________________ of an incident providing feedback on how you plan for security:

At the same police checkpoint, you are detained for half an hour and told that your :work is poorly regarded. Thinly veiled threats are made. When you ask for an :explanation at police headquarters, the scene is repeated. You call a team meeting :revise your work plans, because it seems clear that changes have to be made in order :to continue working. You then plan a series of meetings with Interior Ministry civil :servants, change some aspects of your plans and arrange weekly meetings to monitor

the situation.

Example _____________________________________________________________________________________________________ of an incident which provides feedback for your security strategy:

'When you start work as defenders in a new area, you immediately receive death :threats and one of your colleagues is physically assaulted. You did not anticipate :such opposition to your work, nor provide for it in your global strategy. You

will therefore have to change your strategy in order to develop tolerance of your

work locally and deter further attacks and threats. To do this you may have to :suspend your work for a while, withdraw from the area and reconsider the entire

project.

Reacting urgently to a security incident

There are many ways of responding promptly to a security incident. The following steps have been formulated in terms of when and how to react from the moment a security incident is reported, while it is happening, and after it is over.

Step 1: Reporting the incident.

• What is happening/has happened (try to focus on the actual facts)?
• Where and when did it take place?
• Who was involved (if it can be established)?
• Was there any injury or damage to individuals or property?

Step 2. Decide when to react.

There are three possibilities:

• An immediate reaction is required to attend to people with injuries or stop an attack.
• A rapid reaction (in the next few hours or even days) is necessary to prevent possible new security incidents from arising.
• A follow up action (in several days or weeks or even months): If the situation has stabilised, an immediate or rapid reaction may not be necessary. However, any security incident that requires an immediate or rapid reaction must be followed by a follow up action in order to restore or review your working environment.

Step 3. Decide how to react and what your objectives are.

• If the reaction has to be immediate, the objectives are clear: Attend to injuries and/or prevent another attack.
• If the reaction has to be quick, the objectives will be established by the person in charge or a crisis team (or similar) and focus on restoring the necessary security for those affected by the incident.

Subsequent actions/reactions will take place through the organisation’s normal decision-making channels, with the objective of restoring a safe working environment externally, as well as re-establishing internal organisational procedures and improving subsequent reactions to security incidents.

Any reaction also has to take into account the security and protection of other people or organisations or institutions with which you have a working relationship.

Establish your objectives before taking action.
Prompt action is important, but knowing why are
you taking action is more important. By first establishing
what you want to achieve (objectives), you can decide how to achieve it (course of action).

For instance:

If a defenders´ group has news that one of their colleagues has not duly arrived to her destination in a town, they may start a reaction by calling a hospital and calling their contacts in other NGOs and a nearby UN Office and police. But before starting those calls, it is very important to establish what you want to achieve and what you are going to say. Otherwise you may generate an unnecessary alarm (imagine that the defender was just delayed because they missed a bus and forgot to call the office) or a reaction opposite to the one intended.

Attacks against human rights defenders

Violence is a process, as well as an act. A violent attack against a defender does not take place in a vacuum. Careful analysis of attacks often shows that they are the culmination of conflicts, disputes, threats and mistakes which have developed and can be traced over time.

Attacks against defenders are the product of at least three interacting factors:

1. The individual who takes violent action. Attacks on defenders are often the product of processes of thought and behaviour we can understand and learn from even if they are illegitimate.

2. Background and triggers which lead the attacker to see violence as an option. Most people who attack defenders see attacking as a way of reaching a goal or solving a personal problem.

3. A setting that facilitates the violence, allows it to take place or does not stop it.

Who, then, is a danger to defenders?

Generally, anyone who thinks that attacking a defender is a desirable, acceptable, or potentially effective way to achieve a goal can be considered a potential attacker. The threat increases if s/he also has, or can develop, the capacity to attack a defender.

Some attacks are preceded by threats, and some are not. However, the behaviour of individuals planning a targeted violent attack often shows subtle signs, since they need to gather information about the right time to attack, plan how to get to their target, and how to escape.

The threat can decrease with changes in the potential attacker’s capacity to stage an attack, their attitude towards how acceptable an attack is, or how likely s/he is to be caught and punished.

It is therefore vital to detect and analyse any signs indicating a possible attack. This involves:

• Determining the likelihood of a threat being carried out (see Chapter 3);
• Identifying and analysing security incidents.

Security incidents which involve surveillance of defenders or their workplace are aimed at gathering information. This information isn’t always intended for use in an attack, but it is important to try and establish whether it is or not (see Chapter 4).

Surveillance of staff or offices is intended to acquire information about them and can be used for a number of purposes:

• To establish what activities are carried out, when and with/by whom;
• To use this information later to attack individuals or organisations;
• To gather the information necessary to carry out an attack.
• To gather information for a legal action or other harassment (without direct violence);
• To intimidate your supporters or other people who work with you, or provide you with information to stop doing so;

It is important to remember that surveillance is usually necessary in order to carry out an attack, but doesn’t in itself constitute an attack. Also, not all surveillance is followed by an attack. Targeted violence does sometimes occur in situations when an attacker suddenly sees an opportunity to strike, but even then some level of preparation has usually been carried out first.

There is little information available to help you recognise an attack being prepared. The absence of studies on this subject contrasts sharply with the large number of attacks against defenders. However, the studies which do exist offer some interesting insights .

Attacking a defender isn’t easy and requires resources. Surveillance is needed to establish an individual’s movements and the best location for attacking. Getting to the target and making an effective, quick escape is also vital. (However, if the environment is highly favourable to the attacker, attacks are easier to carry out.)

People who attack defenders usually show a degree of consistency. The majority of attacks are aimed at defenders who are heavily involved in issues affecting the attackers. In other words, usually attacks are not random or aimless, but respond to the interests of the attackers.

Geographical factors matter. For example, attacks on defenders in rural areas may be less public and therefore provoke less reaction at law enforcement level and political level than attacks in urban areas. Attacks against NGO headquarters or high profile organisations in urban areas generate an even greater reaction.

Choices and decisions are made before an attack. People who are considering an attack against a defenders’ organisation must decide whether to attack the leaders or grass-roots members, and choose between a single hit (against a key, possibly high profile person and therefore at an increased political cost) or a series of attacks (affecting the organisation’s membership). The few studies done on attacks against defenders suggest that both strategies are usually applied.

Establishing the feasibility of an attack

To find out how likely an attack is to happen, you need to analyse the relevant factors involved. To establish what those factors are, it is useful to differentiate between different kinds of attacks, i.e. common crime, indirect attacks (being in the wrong place at the wrong time) and direct attacks (targeting), using the three tables on the following pages.

Table 1: Establishing the threat level of direct attacks (targeting)

Threat level for direct attacks (Targeting)

Note: PA = potential attackers

Factor: Capacity to attack Low Threat: PA have limited ability to act in the areas where you work. Medium threat:PA have operational capacity near the areas where you work. High threat: Zones where you work under the firm control of PA

Factor: Financial motive Low Threat: PA do not need your equipment or cash for their activities. Medium threat: Interest in your equipment, cash, or other forms of financial gain (ie. kidnapping) High threat: PA in clear need of equipment or cash.

Factor: Political and military motive Low Threat: None - your work has nothing to do with their objectives. Medium Threat: Partial intereat - your work limits their political and military objectives. High Threat: Your work clearly hampers their objectives, benefits their opponents, etc.

Factor: Record of previous attacks Low Threat: None or rare. Medium Threat: Occassional cases. High Threat: Many previous cases.

Factor: Attitudes or intentions Low Threat: Sympathetic or indifferent attitudes. Medium Threat: Indifferent, occasional threats, frequent warnings. High Threat: Aggressive, with clear and present threats.

Factor: Security forces capacity to deter attacks Low Threat: Existing. Medium Threat: Low. High Threat: None, or security forces collaborate with PA.

Factor: Your level of political clout against PA Low Threat: Good. Medium Threat: Medium to low. High Threat: Limited (depending on circumstances) or none. Example of the threat level for direct attacks (targeting):

The PA control the areas in which you work, but they do not have any financial motive for attacking you. Your work only partially limits their political and military objectives, and there are no precedents of similar attacks in the city. Their attitude is indifferent, and they do clearly not want to attract any national or international attention or pressure by attacking you. The threat level for direct attacks in this scenario is considered to be low to medium.

Table 2: Establishing the threat level for crime

Level of threat for crime

Note: CO = criminal offenders

Factor: Mobility and location of CO Low Threat: CO usually stays in their own areas, away from NGO zones. Medium Threat: CO generally enter other areas at night (or operate close to NGO areas). High Threat:CO operate anywhere (day or night).

Factor: Aggressiveness of CO Low Threat: CO avoid confrontation (predominantly commit crime where there is no NGO presence). Medium Threat: CO commit crime in the street (but not in staffed offices). High Threat: CO openly commit street robberies and enter premises to commit crime.

Factor: Access to / Use of weapons Low Threat: Unarmed, or use non-lethal arms. Medium Threat: Crude weapons, including machetes. High Threat: firearms, sometimes powerful.

Factor: Size and organisation Low Threat: Operate individually, or in pairs. Medium Threat: 2 - 4 people operate together. High Threat: Operate in groups.

Factor: Police responce and deterrence. Low Threat: Rapid response capable of detterence. Medium Threat: Slow responce, little success capturing criminals in the act. High Threat: Police do not usually respond with even a minimum degree of effectiveness.

Factor: Training and professionalism of security forces Low Threat: Well trained and professional, but lacking resources. Medium Threat: regular training, low pay, limited resources. High Threat: Police are either non-existent or corrupt (cooperate with offenders).

Factor: General security situation Low Threat: There is lawlessness but the situation is relatively secure. Medium Threat: Lack of security. High Threat: Rights not observed, absolute impunity. Example of an assessment of the threat level for crime:

In this city, criminals operate in different areas in pairs or small groups, sometimes during the day. They are often aggressive and often carry guns. The police does respond, but slowly and ineffectively, and the police force is unprofessional and under-resourced. However, the police leadership is well disciplined. There is a clear lack of security, and if applied to the marginal neighbourhoods of the city, the threat of crime is at its highest given that all the indicators are at high level. The likelihood of a criminal attack in the centre of a city like this is at a high to medium level.

Table 3: Establishing the threat level for indirect attacks

Level of threat for indirect attaks

Note: PA = potential attackers

Factor: Your knowledge of conflict areas Low Threat: Good. Medium Threat: Approximate. High Threat: You know very little about where conflict zones are located.

Factor: Distance to conflict areas Low Threat: Your work is far away from these areas. Medium Threat: Your work is close to these areas and you occassionally enter them. High Threat: Your work is carried out in combat zones.

Factor: Movement of conflict areas Low Threat: Conflicts are static, or change slowly and verifiably. Medium Threat: They change relatively often. High Threat: They change continually, making them unpredicatable.

Factor: Your knowledge of location of areas with landmines Low Threat: You have good knowledge, or there are no mined areas. Medium Threat: Approximate knowledge. High Threat: Unknown.

Factor: Distance between your workplace and areas with landmines Low Threat: Your work takes place far away from these areas, or there are none. Medium Threat: Your work is close to these areas and you occassionally enter them. High Threat: Your work takes place in mined areas.

Factor: Combat tactics and arms Low Threat: Discriminate. Medium Threat: Discriminate, with occassional use of artillery, ambushes and snippers. High Threat: Indiscriminate - bombardment, heavy artillery, terrorist or bomb attacks. Example of an assessment of the threat level for indirect attacks:

In this area, you are familiar with the combat zones, which change slowly and verifiably. Your work is close to the areas where the fighting takes place and you occasionally visit or stay in the combat zones. You are not close to mined areas. The combat tactics used are discriminate and therefore do not affect civilians very often. Work in this zone carries a low level of risk of indirect attack.

Preventing a possible direct attack

You now know that a threat can decrease with changes in the potential attacker’s capacity to stage an attack, their attitude towards how acceptable an attack is, or how likely s/he is to be caught and punished.

To prevent an attack it is therefore necessary to:

• Persuade a potential attacker or a person making threats that an attack will involve unacceptable costs and consequences;
• Make attacks less feasible.

This type of attack prevention is similar to the analysis covered in Chapter 2, which says that risk is dependent on the defenders’ vulnerabilities and capacities. It also said that in order to protect yourselves and reduce risk, you need to take action against the threat, reduce your vulnerabilities and enhance your capacities.

Table 4: Preventing a direct attack - different protection outcomes

Preventing a direct attack: Different protection outcomes

1. Changes in the perpetrator's behaviour: Deterring attackers by increasing the potential costs of an attack 2. Confronting and reducing threats (by acting direstly against the source, or against any action taken by the source) Changes in duty-bearer stakeholdsers' compliance with the UNDeclaration on HRD: Dissuading attackers by improving the liklihood of authorities taking action to protect defenders or to punish the perpetartors of an attack 3. Confronting and reducing threats (by acting direstly against the source, or against any action taken by the source) Reducing the feasibility of the attack: Reducing defenders' exposure, improving your working environment, managing fear and stress properly, developing security plans, etc. Reducing vulnerabilities, enhancing capacities

When a threat is made and you want to reduce the risk associated with it, it is important to act - not just against the threat itself, but also on the vulnerabilities and capacities most closely linked to the threat. At times of great pressure, when you want to react as quickly as possible, you often act on the vulnerabilities which are easiest to deal with or closest to hand instead of those which are most relevant to the threat.

Be careful: If the risk of attack is high (that is, if the threat is strong and real, and there are several vulnerabilities and fewer capacities), working on vulnerabilities or capacities to reduce the risk makes little sense, because these require time to change and become functional. If the risk is very high (a direct and severe attack is imminent) you can only do three things to avoid it:

1. Immediately and effectively confront the threat, knowing that you can achieve an immediate and specific result which will prevent the attack (Usually it is very difficult to be sure that there will be an immediate and effective result, because reactions take time, and time is precious in this situation)

2. Reduce your exposure to as close to zero as possible, by going into hiding or leaving the area.

3. Another option might be seeking armed protection, assuming that armed protection is close at hand (immediate), can deter the potential attacker and does not put the defender in more danger in the medium or long term (realistically, such requirements of armed protection are very difficult to fulfil!). Sometimes a Government offers armed escorts to a defender, after national or international pressure; in these cases, accepting or rejecting the escort may have to do with holding the state accountable for the security of defenders, but in no way can a Government say that they are relieved of their responsibilities if the defender does not accept the armed escorts. Private security companies may lead to more risk if they are informally linked to State forces (see chapter 9). And for defenders to carry weapons we must say that it is usually ineffective against an organized attack, and also may make defenders vulnerable if a Government uses it as a pretext to attack them on the basis of fighting terrorism or insurgency.

Threatening situations that can lead to an attack are easier to handle if other relevant actors or stakeholders become involved and work together. Examples include a functioning judicial system; support networks (domestic and international) that can put political pressure on duty-bearer stakeholders; social networks (within or among organisations), personal and family networks, UN/international peacekeepers, etc.

Surveillance and counter-surveillance

Counter-surveillance can help you establish whether you are being watched. It is difficult to find out whether your communications are being intercepted, and for this reason you should always assume that they are . However, it is possible to determine if your movements and offices are being watched.

Who could be watching you?

People who are usually in your area, such as doormen or porters in buildings, travelling sales people who work close to the building entrance, people in nearby vehicles, visitors, etc, could potentially all be watching your movements. People do surveillance for money; because they are being pressurised to do it; because of their sympathies, or due to a combination of these factors. Those behind the surveillance can also place collaborators or members of their organisation in your area.

People can also watch you from a distance. In this case they are almost always members of an organisation and probably use the tactic of watching without wishing to be seen. This means keeping a certain distance, various people taking turns and watching from different locations, using different vehicles, etc.

How to know if you are being watched

You can find out if you’re being observed by watching those who could be watching you, and by adopting the following rules (without, of course, becoming paranoid):

• If you have reason to think that somebody might want to watch you, you should be mindful of the movements of people in your area and changes in their attitude, for example, if they start asking about your activities. Remember that women and men can do surveillance, as can old or very young people.

• If you suspect that you are being followed, it is possible to put in place a counter-surveillance measure involving a third party whom you trust, and who is unknown to those who might be watching you. This third party can watch, in advance and from a good distance, movements which occur when you arrive, leave or go somewhere. Whoever is watching will probably do so from a place where you can always be easily located, including your home, offices and the places where you most often do your work.

For example:

Before arriving home you can ask a family member or trusted neighbour to take up a position close by (e.g., changing a car wheel), to check if somebody is awaiting your arrival. The same can be done when leaving your office on foot. If you are using a private vehicle, it will be necessary to have another car leave after yours in order to allow a potential observer time to begin their approach towards you.

The benefit of counter-surveillance is that, at least initially, the person observing you does not realise you know they are there. It should therefore be made clear to anyone involved that it may not be advisable to confront the person observing you. They will then realise that you know about their activities, and this could also provoke a violent reaction. It is important to take the utmost care and keep a distance if you are aware of somebody watching you. Once surveillance has been detected, you can take the necessary action recommended in this manual (see Chapter 9).

Most of this counter surveillance advice applies almost exclusively to urban and semi-urban areas. In rural areas the situation is very different, but defenders and communities who live in such areas are more used to being aware of strangers nearby. It is therefore more difficult for somebody who wants to watch you to gain access to inhabitants of a rural area - unless the local population is deeply hostile towards your work.

A note: Building relationships with the security forces monitoring you could be beneficial in some circumstances – and in some circumstances the surveillance is not so secret, part of the point is to make it visible/intimidating. In some situations defenders cultivate people in the security forces who can sometimes tip them off when surveillance or even an action is planned against them

When to check if you are being watched

Logic dictates that it is wise to check if you are under surveillance if you have reason to believe that you are - for example, because of security incidents which could be related to surveillance. If your human rights work carries a certain risk, it is a good idea to conduct a simple counter-surveillance exercise from time to time, just in case.

You need also to think about risk you bring to others if you are under surveillance – the risk may be greater for a witness/family member of a victim you are meeting than for you – think about where it would be most secure for them to meet? You may need to warn them that your movements might be under surveillance.

Reacting to attacks

No single rule can be applied to all attacks against defenders. Attacks are also security incidents, and you can find guidelines for how to react to security incidents in Chapter 4.

In any kind of attack there are two essential things to remember:

• Think always about security! – both during and after the attack!(If you are under attack and you have to make a choice between two alternatives, go for the safest one!)
• Following an attack, it will be necessary to recover physically and psychologically, take action to solve the situation, and restore a safe work environment for you and your organisation. It is crucial to retain as much detailed information as possible about the attack: What happened, who/how many people were involved, number plates of vehicles, descriptions, etc. This can be useful to document the case, and should be compiled as quickly as possible. Keep copies of any documents handed over to the authorities to document the case.

Human rights defenders working in hostile environments

Too often, defenders work in hostile environments. There are many reasons why. Most relate to the fact that defenders’ work may lead them to confront powerful actors who are violating international human rights law, be it government or state authorities, security forces, opposition armed groups or private armed gangs. These actors may retaliate by trying to stop defenders doing their work, through anything from subtle repression of attempts at free expression to declared threats and direct attacks. The actors’ level of tolerance depends on the defenders’ work - some activities might be deemed acceptable, others not. Often this uncertainty is also deliberate.

Two important considerations should be made here: In many cases, it is only certain elements within complex actors (such as those mentioned above) who are hostile towards defenders. For example, some elements within a government may be relatively serious about protecting defenders, while other elements want to attack them. Defenders may also experience more hostility during times of political upheaval, such as elections or other political events.

Defenders’ socio-political work space

This manual focuses on the protection and security of human rights defenders working in hostile environments and measures which are focussed on improving their security. There is of course action which can be taken at the socio-political level to improve respect for human rights and the environment for human rights defenders. The campaigning and promotion activities of human rights defenders are often aimed at securing a broader acceptance of human rights within society or more effective action from political actors to ensure human rights are protected. We don’t usually think of such activities as about security but when successful they can have a positive impact on protecting human rights defenders’ socio-political work space.

This socio-political work space can be defined as the variety of possible actions the defender can take at an acceptable personal risk. In other words, the defender perceives “a broad array of possible political actions and associates a certain cost or set of consequences with each action”. The defender perceives some of these consequences as “acceptable and others as unacceptable, thereby defining the limits of a distinct political space”.

For instance, a defenders´ group may pursue a human rights case until one of the members of the group receives a death threat. If they perceive they have enough socio-political space, they may decide to make public that they have been threatened, and eventually go on with the case. But if they perceive that their political space is limited, they may reckon that denouncing the threat will have unacceptable costs. They might even decide to drop the case for a while and improve their security capacities in the meantime.

The notion of “acceptable” risk can change over time and varies greatly between individuals or organisations. For some, torture or the death of a family member might be the most unbearable risk. Some defenders believe that being imprisoned is an acceptable risk, as long as it helps to achieve their goals. For others, the threshold might be reached with the first threat.

This political space of activity, in addition to being subjectively defined by those who move within it, is very sensitive to changes in the surrounding national political environment. You therefore have to look at it as a relative and changeable space.

Security and defenders’ work space

All security strategies can be summarised in a few words: You want to expand your work space and sustain it in that way. Speaking strictly in security terms, defenders’ work space requires at least a minimum level of consent by the main actors in the area - especially by political and military authorities and armed groups who might become affected by defenders’ work and decide to act against them.

This consent can be explicit, such as a formal permit from the authorities, or implicit, for example, in the case of armed groups. Consent will be more solid if the actor can see some benefit resulting from the defenders´ work. It will be lower if the actor perceives related costs. In this case, their level of consent will depend on the political costs carried by an attack on defenders. These issues are especially relevant in armed conflicts where defenders face more than one armed actor. One armed actor might see defenders´ work as helpful to their opponent. Another actor’s open acceptance of defenders´ work may therefore lead to hostility by their opponent.

Defenders’ work space can be represented by two axes:

• one representing the extent to which the actor will tolerate or accept your work based on the extent to which your work impacts on the actor’s objectives or strategic interests (the tolerance-acceptance continuum)
• one representing the extent to which you can deter attacks, because of high political costs, expanding to when you can dissuade the actor on rational/moral grounds or even persuade them of political benefits to not attacking you or violating human rights (the deterrence-dissuasion continuum).

The expansion of your work space can be achieved over time. Achieving acceptance of defenders´ work through a strategy of dissuasion should take into account working for the needs of the population, your image, procedures, integration etc. But in areas of armed conflict the space usually remains limited to just that which follows from the armed actors’ consent, partially generated as a result of the costs of attacking the defenders (dissuasion).

Expanding your work space: Increasing tolerance and acceptance

Your work may affect the objectives or strategic interests of someone who does not care much about human rights, leading to a hostile working environment for defenders. In order to gain acceptance, or at least consent, for your work, it is important to limit the confrontation to a necessary minimum. Some suggestions for how to do this:

• Provide information and training about the nature and legitimacy of defenders’ work. Government officials and other actors may be more inclined to cooperate if they know and understand your work and your reasons for undertaking it. It is not enough just for higher officials to be aware of what you do, because defenders’ daily work usually involves many levels of officials in different government bodies. You should make a continuous effort to inform and train officials at all levels.

• Clarify the objectives of defenders’ work. In all conflicts it is useful to clarify and limit the scope and objectives of your work. This will reduce misunderstandings or unnecessary confrontations that can stop defenders achieving their aims.

• Limit your work objectives to match the socio-political space of your work. When defenders’ work affects an armed actor’s specific strategic interests, the actor may react more violently and with less consideration for his image. Some types of work make defenders more vulnerable than others, so make sure your objectives match your risk situation and protection capacities as much as possible.

• Allow space in your strategies for “saving face”. If you have to confront an actor about human rights abuses seek to leave them a way to gain credit for taking action to address the situation.

• Establish alliances widely with as many social sectors as possible.

• Find a balance between transparency in your work, to show that legitimate defenders have nothing to hide, and the need to avoid giving out information that could compromise your work or security.

• Finally, remember that the legitimacy and quality of your work are necessary conditions for keeping your work space open, but it may not be enough. You may also need to be able to dissuade potential attackers (see below).

Expanding your work space: Increasing deterrence and dissuasion

Human rights defenders working in hostile environments should be able to conjure up enough political costs to frighten an aggressor into not attacking them: This is called deterrence.

It is useful to distinguish between “general” and “immediate” deterrence. General deterrence consist of the combined effect of all national and international efforts at protecting defenders, i.e. anything which helps to create a general understanding that attacks against defenders will have negative consequences. This can happen through wide thematic campaigns or training and information about protecting defenders. On the other hand, immediate deterrence sends a specific message to a specific aggressor to keep their attacks away from a specific target. Immediate deterrence is necessary when general deterrence fails or is seen to be insufficient, and when protection efforts are focused on specific cases.

Dissuasion is a more inclusive concept. It can be defined as the result of acts which induce an opponent not to carry out a contemplated hostile action. Rational argument, moral appeal, increased cooperation, improved human understanding, distraction, adoption of non-offensive policy and deterrence may all be used to achieve dissuasion. Each of these tactics are used at different times by defenders at the national or international levels. Defenders cannot of course use direct “threats” very often: The strategy is more about reminding others that, depending on their decisions, a series of consequences could occur.

Putting deterrence to work

In order to measure whether we have been effective in deterrence, a series of conditions must be met:

1. Defenders must clearly specify and communicate to the aggressor what types of actions are unacceptable. Deterrence will not work if the aggressor does not know which actions will provoke a response.

2. The defenders’ organisation must articulate its commitment to deterring the aggression in a way that makes the aggressor aware of it. The organisation must also have a strategy in place for accomplishing the deterrence.

3. The defenders’ organisation must be capable of carrying out the deterrence, and make the aggressor aware of this. If a threat of mobilising national or international reaction is not credible, there is no reason to expect it to have a protective effect.

4. Defenders must know who the aggressor is. Hit squads often work in the dark of night and rarely claim responsibility. This therefore often boils down to analysing who might benefit from an attack. In order to improve the effectiveness of a national or international reaction, an assumption of “state responsibility”, although correct, requires more specific information about which factions within the state apparatus are behind the attack.

5. The aggressor must have seriously considered attacking and then decided not to carry it out because the costs - due to the defenders’ commitment - would be greater than the benefits.

It is difficult for defenders to dissuade an aggressor who will remain unaffected by a commitment to deter: This happens when governments can be punished by the international community, but cannot in turn punish the actual human rights violator. For example, private armies can be outside the government’s reach or don't share its interests. In such cases, the aggressor may even benefit from attacking human rights defenders, because attacks will put the government in a difficult position and harm its image.

Defenders will never know in advance if their “deterrence commitment” is strong enough to dissuade a potential attack. The aggressor may expect benefits that defenders are not aware of. Assessing the situation as carefully as possible is a permanent challenge and may even be impossible due to lack of critical information. Defenders’ organisations must therefore develop extremely flexible fallback plans and the ability to respond rapidly to unexpected events.

Drafting a security plan

It should not be difficult to draft a security plan. Here is a process in just a few steps:

1.The components of the plan. A security plan is aimed at reducing your risk. It will therefore have at least three objectives, based on your risk assessment:

• Reducing the level of threat you are experiencing;
• Reducing your vulnerabilities;
• Enhancing your capacities.

It could be useful if your security plan also includes:

• Preventive plans or protocols, to ensure routine work is done within security standards, for example, how to prepare a public allegation or a visit to a remote area;
• Emergency plans for dealing with specific problems, for example, a detention or a disappearance.

2. Responsibilities and resources for implementing the plan. To ensure that the plan is implemented, security routines must be integrated into daily work activities:

• Include context assessment and security points routinely in your agendas;
• Register and analyse security incidents;
• Allocate responsibilities;
• Allocate resources, i.e. time and funds, for security.

3. Drafting the plan - how to begin. If you have done a risk assessment for a defender or organisation, you might have a long list of vulnerabilities, several kinds of threats and a number of capacities. You can’t realistically cover everything at the same time. So where to begin? It’s very easy:

• Select a few threats. Prioritise the threats you have listed, be it actual or potential ones, using one of these criteria: The most serious threat - clear death threats, for example; OR the most probable and serious threat - if organisations similar to yours have been attacked, that is a clear potential threat for you; OR the threat which corresponds most with your vulnerabilities - because you are more at risk of that specific threat.

• List the vulnerabilities you have which correspond with the threats you have listed. These vulnerabilities should be addressed first, but remember that not all vulnerabilities correspond with all threats. For example, if you receive a death threat, it may not be very useful to start securing the cupboards in your office in the city centre (unless you can be easily attacked in the office, which is usually not the case). It may be more useful to reduce your exposure while commuting from home to the office or on weekends. Securing the cupboards isn’t unimportant, but that in itself probably won’t reduce your vulnerability to the death threat.

• List the capacities you have which correspond with the threats you have listed.

You are now in a position to address the selected threats, vulnerabilities and capacities in your security plan, and can be reasonably sure that you will be able to reduce your risk from the right starting point.

Please note that this is an ad hoc way of drafting a security plan. There are more “formal” ways to do it, but this method is straightforward and makes sure you take care of the most urgent security issues - provided your risk assessment is correct - and end up with an “alive” and “real” plan at the end, and that’s the important part of security.

Coping with security challenges: Step by step security management

Security management never ends and is always partial and selective. This is because:

1. There are limits to the amount of information you can deal with - not all factors affecting security can be grouped and treated simultaneously;

2. It is a complex process - time and effort are necessary to create awareness, develop consensus, train people, deal with staff turnover, implement activities, etc.

Security management is pragmatic:

Security management can rarely attempt a comprehensive, long-term overview. Its contribution lies in the ability to prevent attacks and highlight the need for organisational strategies to cope with these. This may not seem very ambitious, but we must not forget that too few resources are usually allocated for security!

When reviewing a defender’s or an organisation’s security practices you may discover some sort of guidelines, plans, measures or patterns of behaviour already in place. There will be conflicting forces involved, ranging from stereotypical ideas about security practices to a reluctance to increase existing workloads by incorporating new security activities.

Security practice is typically a fragmented and intuitive work in progress. Security management should aim to make step by step changes to improve performance. Security rules and procedures tend to emerge from parts of an organisation covering specific areas of work, such as logistics or a field team especially concerned with its security, a manager under pressure by donor concerns about security, etc.

Step by step security management opens the door to informal processes and allows space for new practices to take root. Sudden events, such as security incidents, will prompt urgent, short-term decisions that, if properly managed, will shape