Tech CareTech Care

What is a Digital Security Helpline for Civil Society?

phone cord collage

The information, support and encouragement that strangers can provide from a distance can be life-changing and sometimes even life-saving. Supporting or counselling from a distance among people who do not know each other is, in essence, an area of human action that is characterised by its diversity and heterogeneity. The reasons and motivations driving their creation and the ways those initiatives self-define and communicate about themselves can be widely different. Accordingly, the procedures, standards and policies they establish, as well as their sustainability models, can also be very diverse.

These initiatives can overlap with collective actions aimed at building networks of support and solidarity. These networks can be local, regional, national or even international, as in the case of the transnational convergence between social movements, for instance. They usually arise organically and informally from individuals and collectives that self-organise to provide solutions, services, care and attention to issues they are facing. Participation within these networks is voluntary, not motivated by economic profit but by the social capital and/or well-being that derives from citizen participation or volunteering activities.

We can interpret many of these initiatives as a self-organised response from civil society to counteract and confront the long series of injustices and violence generated by the capitalist, patriarchal and colonialist systems we live in. Among the informal networks of support and solidarity and the formalised help desks for civil society, we can find many other models for providing support to others from a distance. This section intends to introduce those different models, their definitions, main advantages and characteristics.

Advantages and values of services providing support at distance

With respect to helplines in general, there are different classifications and values associated with the audiences they serve and how support should be provided. For example, some helplines are defined as "Volunteer Emotional Support Helplines" (VESH). They form an international network that combines the various telephone counselling services operated by three international projects - Befrienders/Samaritans, IFOTES and Lifeline. Together, they represent 1200 member centres distributed in 61 countries. They work together to promote best practices and communication skills that contribute to emotional health, increase information sharing among participating associations and represent the experiences of their members internationally.

Complementarily, the International Federation of Telephone Emergency Services (IFOTES) develops international standards for these listening services, which must consist of the implementation and respect of the following elements:

  • Emergency Telephone Services are available, at any time, to anyone who wishes to contact, regardless of age, sex, religion or nationality.
  • All callers have the right to be heard and treated with respect regardless of their beliefs, convictions and personal choices.
  • Listening is offered in a welcoming and open attitude, and the listener's golden rule is never to impose any obligation on the caller.
  • The content of a call is highly confidential, especially with regard to any information concerning private life.
  • During a telephone conversation, the listener must remain strictly anonymous and the caller has the right to remain anonymous if they wish to do so.
  • The branches work on a voluntary basis. The call handlers have been selected, trained and supervised in order to constantly improve their listening skills.
  • Emergency Telephone Services are completely free of charge to the caller.

On the other hand, the USAID manual on how to create a hotline (Stratten & Ainslie, 2003) highlights the following advantages when considering creating a new one:

  • Hotlines offer an effective way to provide callers with accurate information, advice and referrals to appropriate community services or resources. The anonymity of a hotline is a key advantage, especially when working with adolescents because it allows the caller to ask questions that may be difficult or uncomfortable to address in a face-to-face setting.
  • Hotlines can be a useful barometer for measuring the impact of public education and media campaigns, and can provide information to guide new interventions.
  • Hotlines reinforce prevention messages disseminated through other channels, especially the mass media. Unlike mass communication, hotlines reinforce messages in an interpersonal way with person-to-person contact through telephone lines. It is this interpersonal communication that can serve as the basis for people to adopt new behaviours.

Traditionally, the vast majority of helplines could be contacted by telephone, and nowadays they are often complemented with other channels such as contact forms, emails, chats via instant messaging services, SMS and even bots. Each type of medium has advantages and disadvantages with respect to the kind and quality of interaction as well as the care and support it can provide.

As seen in this introduction, helplines, hotlines and help desks can be efficient services to provide accurate and timely information to vulnerable or at-risk populations, offer an opportunity for dialogue and a better understanding of what these populations feel, experience and need.

Hotlines, Helplines and Help Desks

A hotline is a phone that automatically directs you to a pre-selected destination number. However, the colloquial use of the term "hotline" usually refers to a call centre that can be reached by dialling a specific telephone number. There are toll-free numbers for reporting crimes, calling the police, fire departments and other emergency services. These hotlines are generally managed, supported and/or financed by public institutions.

Within civil society there are crisis hotlines and helplines to prevent suicide, to support people facing violence and various forms of discrimination, to report crimes or to provide support immediately after a natural or human catastrophe (war, terrorism). Helplines can offer access to general information, specialised advice, personalised accompaniment or a more generic emotional listening and support service. These services may or may not be free of charge, may be temporary or permanent services, may be run by local non-profit organisations or by NGOs and entities working on international cooperation issues. Some hotlines or helplines may be staffed 24 hours a day, seven days a week, others may have more limited hours.

It should be noted that the terms "hotline" and "helpline" are often used interchangeably. However, it is important to emphasise that in some cases they do stand out as having clearly differentiated objectives.

Sometimes the concept of "hotline" is more oriented to temporary lines to alleviate crisis situations related to natural or human catastrophes and tends to overlap in these cases with the concept of "crisis lines". In this sense, we also see that the hotline concept tends to be used more in the context of NGOs and development cooperation. In other cases we have identified initiatives that use both concepts to differentiate between the services they offer to their constituents. For instance, SaferNet, a project founded in 2005 in Brazil, is clearly divided between the hotline that serves to report Internet crimes and the helpline that provides support to people facing violence on the Internet.

Besides these examples we find the concept of "help desks", which are defined as a “resource intended to provide the customer or end user with information and support related to a company's or institution's products and services. The purpose of a help desk is usually to troubleshoot problems or provide guidance about products such as computers, electronic equipment, food, apparel, or software" (REF XXX). Help desks are focused on providing answers and solutions to callers regarding problems or emergencies they may be experiencing with respect to their use and interaction with Information and Communication Technologies, encompassing electronic devices, software, hardware, IT infrastructure, administration of networks, social media platforms, etc.

We find the concept of “Digital Security Help Desks for Civil Society”, which typically consist of projects that provide support to activists, human rights defenders (HRDs) and/or civil society organisations facing digital risks, attacks and emergencies, to be of central interest to this guide. It is difficult to trace their origins precisely but we can name some initiatives that we feel are part of their trajectory.

For instance hacklabs, which are “rooms or buildings where people interested in technology can come together to socialise, create and share knowledge, and work on projects individually or as a team" (Maxigas, 2014). Hacklabs are run by hackers for hackers, where people interested in hacking ICTs (Information and Communication Technologies), developing free technologies and discussing the political implications of technologies can gather and recognize themselves. These spaces enable hacker communities to flourish and put their technical skills and knowledge at the service of other social movements and collectives, in particular when setting up autonomous IT infrastructure, learning to use it in more secure ways and facilitating the use of ICTs to inform, communicate and document their struggles.

Some examples of hacker movements that have provided remote support to other movements can be found in the hacktivist collective Telecomix, who provided support to Egyptian activists about how to circumvent state censorship of the internet using landlines, or the cyberfeminist collectives that have provided support to other feminist collectives in mitigating and overcoming gender-based violence and migrating to more secure tech infrastructure.

The multiplication of digital attacks targeting activists, defenders and civil society organisations to hinder or impede their work has been a growing trend over the last decade and has led to the emergence of more initiatives focused on setting up digital security help desks. For instance, Access Now Digital Security Helpline, which was created in 2014, is one of the first of its kind to orient its services explicitly at civil society.

As we can see, the origins of digital security help desks oriented at civil society can be linked to informal initiatives such as hacklabs and hacktivists movements which are based on distributed networks with a loose membership affiliation. Nonetheless, digital security help desks oriented at civil society are generally based on formal rules and policies that define how they provide support to others, document their work and share sensitive information with others. To understand this level of formalisation, we need to introduce the concept of Computer Emergency Response Team (CERT).


A Computer Emergency Response Team (CERT) "operates according to very specific protocols to determine how computer incidents are managed and documented, how mitigation, warning and follow-up actions are coordinated with other entities or organisations, and what guidelines must be followed in order to share information (almost always of a sensitive and confidential nature) with other individuals and organisations".

The first CERT© or CERT-CC (Computer Emergency Response Team) was created in 1988 by the Software Engineering Institute to respond to and mitigate the problems created by the Morris computer worm. Although the term CERT was patented by the Institute, its use by other projects and initiatives is allowed. However, other terms such as CSIRT (Computer Security Incident Response Team), CIRT (Computer Incident Response Team), or SIRT (Security Incident Response Team), among others, are also used.

CERTs can be created at the level of an enterprise, a nation state, a critical infrastructure sector, or a group of organisations. National CERTs are also often referred to as National Cybersecurity Centres (NCSCs), which by law are usually assigned the role of CSIRTs, as well as providing additional services such as handling schemes to classify information within a country. CERTs typically provide a set of services ranging from information and cybersecurity incident management, to digital security oversight, vulnerability management and monitoring, and overall cybersecurity knowledge sharing management.

A final concept to detail is the Security Operations Centre (SOC) (ENISA, 2020), which provides an incident detection service by monitoring networks and systems, and may also be responsible for incident response and management. In large enterprises, SOCs sometimes focus only on monitoring and detection services and then hand over incident management to a separate CSIRT. In smaller organisations, CSIRTs and SOCs often overlap with each other.

According to the reference manual developed by the Dutch national CERT (FIRST, 2006), some of the advantages of setting up a CERT are the following:

  • They establish a central coordination point for ICT security within your organisation.
  • They systematically respond to ICT incidents and take appropriate steps.
  • They help their constituency to recover quickly and efficiently from security incidents and minimise loss or theft of information and disruption of services.
  • They use information gained during incident handling to better prepare for handling future incidents and to provide better protection for systems and data.
  • They deal properly with legal issues that may arise during incidents.
  • They endeavour to exchange knowledge within your constituency.

International networks such as FIRST and Trusted Introducer bring together various computer security incident response teams in government, commercial or educational organisations. The aim of these networks is to foster cooperation and coordination in incident prevention, facilitate rapid reaction and promote information sharing among members and the community at large. They also create standards and protocols to ensure the proper certification of CERTs.

Even if CERTs have historically tended to focus on the objectives of large companies, universities and even entire countries, their modus operandi can also serve the needs of civil society members such as human rights defenders, activists, non-profit organisations and citizens in general, who are the growing target of attacks and emergencies taking place in digital spaces.


The Civil Society Computer Incident Response Center (CiviCERT) was created in 2015. In 2016, CiviCERT became an official member of the Trusted Introducer network, a necessary step to being recognized as a CERT. Individual CiviCERT members are also members of FIRST. These accreditations provide a unique platform for presenting important digital security issues affecting civil society to a wide range of CERTs serving government and corporate entities.

CiviCERT's membership policy and code of conduct, as well as the data and information management and vetting policies were designed to best suit the realities of the individuals and organisations that would join this project. As of 2022, CiviCERT counted 30 organisations and three individuals. About half of its members consist of international organisations such as Access Now, Amnesty International Security Lab, Digital Defenders Partnership, Freedom of the Press Foundation, Front Line Defenders, Human Rights Watch, Internews and the Organised Crime and Corruption Reporting Project, which all do extensive work globally regarding monitoring, research, advocacy about human rights violations and digital rights and, in some cases, also provide funding, rapid response and digital security accompaniment and training.

The other half consists of smaller projects that operate in a country or at a regional level and provide rapid response, either as a help desk, or providing training and accompaniment, and/or analysis and documentation of malware and other digital threats. Among the countries represented, we can find Armenia, Brazil, Colombia, Luxembourg, Myanmar, Nigeria, Pakistan, Serbia, Taiwan, Tibet, Uganda, Ukraine and the USA, for example.

CiviCERT members share with each other updates on the rapid response cases they carry out, what kind of new risks or threats civil society actors are facing, and what resources, research or tools are being developed. Altogether these updates provide a snapshot of the global picture of digital attacks on HRDs and civil society.

In addition, support is sought in terms of knowledge or access to resources. When possible, webinars are organised to present specific cases or methodologies. Finally, CiviCERT members coordinate through a private and encrypted mailing list, and gather in face-to-face meetings either during international conferences on digital security for civil society, or through training events oriented to its members. All members have access to a range of resources and shared technical infrastructure.

For instance, CiviCERT organisations that wish to do so can be listed as a supporting organisation in the Digital First Aid Kit, a free resource to help first responders, digital security trainers and activists with technical interests better protect themselves and their communities against the most common types of digital emergencies. This resource acts as the intake mechanism for support requests to CiviCERT through a choose-your-own-adventure approach that guides the visitor through several questions to understand what their issue is and which CiviCERT member can best address their emergency. The website, which can also be used offline, is available in Arabic, Albanian, Burmese, English, French, Indonesian, Portuguese, Russian, Spanish and Thai).

Moreover, CiviCERT members have access to an instance of the Malware Information Sharing Platform (MISP), the Phishdetect project and a Cuckoo Sandbox instance that facilitates the forensic analysis of malware, analysing what it does, what components it affects and what connections it makes.

CiviCERT and digital security help desks for civil society are still an exception, and the current CERT/CSIRT/SOC models are not usually developed with citizens and civil society in mind. They tend to be oriented mainly towards the commercial and governmental sector, and do not have an intersectional perspective in the way they analyse the risks faced by the audiences they serve but rather tend to promote an apolitical and neutral view of technologies. This can generate serious problems since cybersecurity institutes backed by public funding only give priority to commercial entities and minors, ignoring the risks faced by women, LGBTQIA+ people and traditionally discriminated and marginalised populations, all of which are often the target of electronic fraud, cybercrime and gender violence in digital spaces that are not usually portrayed and worked on by these organisations. So the burden of counteracting these dangers, risks and violence falls on self-organised civil society, which receives limited funding and support.