The Digital Security Exchange is focused on supporting U.S. organizations and individuals, though we coordinate with global networks to provide support to organizations and individuals around the world.
We rely on human-powered vetting and endorsement policies, we encrypt everything we can, we prioritize the minimization of user data, and we work as transparently as possible.
Below you’ll find brief descriptions of our approaches to our own operational security, our vetting procedures, and the communities we serve. For more information, check out our About, Partnerships, and Security pages.
Who we work with
The Digital Security Exchange is committed to working with community-based organizations, legal and journalistic organizations, civil rights advocates, local and national organizers, and public and high-profile figures who are working to advance social, racial, political, and economic justice in our communities and our world.
We will not work with, and reserve the right to refuse service to, anyone who espouses an agenda of hatred or division or who is not otherwise committed to the values set forth above.
Vetting and matching
We will only match organizations with providers we trust and who have been vetted to work collaboratively within relevant communities; whose values align with our own; who have shown a commitment to and experience working with vulnerable communities; who have worked previously with our staff, Advisory Committee members, and other DSX providers; and who have demonstrated expertise in customized approaches to digital security.
In addition, we have a strict vetting policy in place for organizations and providers.
For organizations new to our network, we initiate a series of intake conversations and request references from at least two other organizations. Similarly, providers requesting to join the DSX network must be vouched for by at least one existing member of the network, or must provide two references from other organizations with whom they have worked in the past.
If and when we do move forward with new and aspiring digital service providers, it will be initially within a discrete “pod” program, in order for all sides to continuously assess fit and expertise.
Where we do and do not operate
The DSX is focused on the needs of civil society organizations operating in the United States. That said, we work with a broad set of global partners, including the Center for Digital Resilience, the “parent” of DSX, and when necessary we refer non-U.S. cases to one of these partners.
Given our U.S. presence, we and our partners face a unique set of threats, vulnerabilities, and challenges. These threats include, but are not limited to, law enforcement requests for sensitive user data; passive surveillance conducted by law enforcement and intelligence agencies; intrusion attempts from hostile third parties; and phishing and social engineering attempts to access DSX and partner accounts.
To mitigate against these threats, we have a “security first” approach to our digital properties and physical operations, all of which is documented here. In addition, we take great care in minimizing the amount of data retained by the DSX website and other platforms, including:
- Hosting DSX infrastructure outside the United States (using Greenhost, based in the Netherlands)
- Whenever possible, utilizing encrypted messaging tools, including PGP and Signal, for intra-team communication and correspondence with partners
- Encrypting data submitted via our webforms
- Minimizing the use of 3rd-party tools hosted by U.S. companies, and, whenever possible, developing our own alternatives
- Minimization other forms of data collection, including data about website visitors, information gathered through intake forms, and donation information. More information can be found on our privacy page.
Any questions? Send us an email at [email protected] and we’ll get back to you as soon as we can.