Recent overseas arrests have put a spotlight on the risks of international work in the digital era.
Consultants working campaigns abroad have long faced a medley of dangers, particularly if they were on the payroll of opposition candidates or parities competing in developing democracies.
Being in personal danger was one thing. Now, with voter and targeting data increasingly sophisticated, the danger to a campaign is heightened if a consultant’s personal electronic devices get compromised.
In one recent case, two international consultants found that having password protections on cellphones and laptops wasn’t enough security.
In August, John Phillips and Andreas Katsouris of Aristotle International were seized by police in Kenya while working on behalf of opposition presidential candidate Raila Odinga and his National Super Alliance, who were challenging President Uhuru Kenyatta and his Jubilee Party.
In detention, both were threatened with “violence or prolonged detention” to give up the passwords to their electronic devices. They relented. After hours in custody, both consultants were subsequently deported. Kenyatta secured reelection after a repeat of the vote was held in October.
“Maybe the world is getting more dangerous, and we consultants are caught up in that larger trend,” Katsouris recently told C&E.
Matthew McMillan, president of BuzzMaker, was detained in Saint Kitts on Dec. 4 as he prepared to board a flight back to the United States.
McMillan had been consulting for the opposition Nevis Reformation Party (NRP) ahead of elections for the local Nevis Island Administration set for Dec. 18. The day of his arrest, McMillan was on the island shooting B-roll using a drone outside of the home of a high-ranking government official.
After McMillan was detained at the airport, he was subsequently transferred to a police station. He spent a total of 12 hours in detention, but was never charged. While in detention, McMillan said his electronic devices were seized for several hours “in spite of the fact that no warrant was ever shown or issued to me for their confiscation.”
Authorities pressed McMillan for passwords to his devices, which were protected, but he refused to give them up.
Cyber security consultant John Bambenek said the best advice for consultants going abroad into potentially hostile environments is to “never bring a device that has any information [they] aren't prepared to lose.”
“The fact is, nations have almost unlimited rights to search what comes into and out of their country and campaign professionals are valid intelligence targets,” he said.
“If you have a password protected device with you, you can still be held on the condition of decrypting the device and since they have physical custody of you and the device, there isn't much you can do.”
Bambenek recommended consultants back up their devices before going abroad, and then doing a factory wipe before returning through customs.
“That way there is no residue of old data,” he said. “Disguising phone numbers is pointless considering the many number of ways to turn a phone number into a real identity.”
Despite their recent experiences, these consultants were upbeat about working internationally.
“Even knowing how it turned out, I’d do it again in a heartbeat,” said Katsouris of working in Kenya.
McMillan, who has worked extensively in the Caribbean, is pursuing legal action against authorities in Saint Kitts Nevis “It’s given me more resolve than ever to want to continue to fight the fight,” he said.
Meanwhile, Nancy Todd, head of the International Association of Political Consultants, said that the trade group hasn’t issued a warning to members in the wake of the incidents.
“We figure [international consultants] all have enough sense to know what they’re getting into,” she said. “I don’t think there’s any of us that do international work who haven’t had a scare or two.”