Appendix D: Glossary and References

Overview

This appendix provides a comprehensive glossary of terms used throughout the field guide, along with references to additional resources, organizations, and materials for further study and operational support.

D.1 Glossary of Terms

A

Access Control

Security measures that restrict access to resources, systems, or information based on user identity and authorization levels.

Adversary

Any individual, group, or organization that poses a threat to resistance operations or personnel.

Air Gap

Physical separation between computer systems or networks to prevent unauthorized data transfer.

Anonymity

The state of being unidentifiable within a set of subjects, providing protection against identification.

Authentication

The process of verifying the identity of a user, device, or system before granting access to resources.

B

Backdoor

A hidden method of bypassing normal authentication or security controls in a computer system.

Burner Device

A temporary communication device used for specific operations and then discarded to maintain security.

Burner Identity

A temporary or false identity used for specific operations to protect real identity.

C

Cell Structure

Organizational method using small, independent groups to limit exposure and damage from compromise.

Cipher

An algorithm for performing encryption or decryption of data.

Clearnet

The publicly accessible internet, as opposed to darknets or private networks.

Compartmentalization

Security practice of limiting access to information based on need-to-know principles.

Compromise

The unauthorized disclosure of sensitive information or the loss of security integrity.

Counter-Intelligence

Activities designed to prevent or thwart espionage, intelligence gathering, or sabotage by adversaries.

Counter-Surveillance

Techniques and activities designed to detect, evade, or neutralize surveillance operations.

Cover Story

A false but plausible explanation for activities, presence, or identity used to maintain operational security.

Cryptography

The practice and study of techniques for secure communication in the presence of adversaries.

D

Dark Web

Encrypted online content that requires specific software, configurations, or authorization to access.

Dead Drop

A method of espionage tradecraft used to pass items or information between two individuals without requiring them to meet directly.

Deniability

The ability to deny involvement in or knowledge of particular activities or information.

Digital Footprint

The trail of data created by online activities and digital interactions.

Disinformation

False information deliberately spread to deceive or mislead.

E

Encryption

The process of converting information into a code to prevent unauthorized access.

End-to-End Encryption (E2E)

A system of communication where only the communicating users can read the messages.

Exfiltration

The unauthorized transfer of data from a computer or network.

F

False Flag

An operation designed to deceive by making it appear as though it was carried out by another party.

Firewall

A network security system that monitors and controls incoming and outgoing network traffic.

Forward Secrecy

A feature of specific key agreement protocols that ensures session keys will not be compromised even if private keys are compromised.

G

Gray Literature

Information produced outside traditional commercial or academic publishing channels.

H

Honeypot

A computer security mechanism set to detect, deflect, or counteract unauthorized use of information systems.

HUMINT

Human Intelligence - intelligence gathered by means of interpersonal contact.

I

Identity Management

The security and business discipline that enables the right individuals to access the right resources at the right times.

Infiltration

The practice of entering an organization or group covertly to gather intelligence or influence operations.

Information Security (InfoSec)

The practice of protecting information by mitigating information risks.

J

Jail Support

Organized assistance provided to individuals who have been arrested, including legal, financial, and emotional support.

K

Key Management

The management of cryptographic keys in a cryptosystem, including generation, exchange, storage, use, and replacement.

L

Legal Observer

Trained volunteers who attend public demonstrations to monitor and document police behavior and potential civil rights violations.

Livestreaming

Real-time broadcasting of video content over the internet.

M

Malware

Software designed to disrupt, damage, or gain unauthorized access to computer systems.

Metadata

Data that provides information about other data, such as when a file was created or modified.

Multi-Factor Authentication (MFA)

A security system that requires more than one method of authentication to verify user identity.

N

Network Security

Policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network.

Need-to-Know

Security principle that restricts access to information to only those individuals who require it to perform their duties.

O

Operational Security (OPSEC)

A process that identifies critical information and analyzes friendly actions to determine if they can be observed by adversaries.

OSINT

Open Source Intelligence - intelligence collected from publicly available sources.

P

Penetration Testing

Authorized simulated cyberattack on a computer system to evaluate security.

Phishing

Fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity in electronic communication.

Privacy

The right to be free from intrusion or interference in one’s personal life and affairs.

Pseudonym

A fictitious name used to conceal identity.

Q

Quarantine

Isolation of potentially compromised systems or information to prevent spread of security threats.

R

Risk Assessment

The identification and analysis of relevant risks to achieving objectives.

Root Access

Administrative access to a computer system that allows complete control over the system.

S

Safe House

A secure location used for meetings, storage, or temporary shelter during operations.

Security Culture

Shared practices, attitudes, and norms that prioritize security in all activities and communications.

SIGINT

Signals Intelligence - intelligence derived from electronic signals and systems.

Social Engineering

Psychological manipulation of people to perform actions or divulge confidential information.

Steganography

The practice of concealing information within other non-secret text or data.

Surveillance

Close observation of a person or group, especially one under suspicion.

T

Threat Model

A structured representation of all the information that affects the security of an application or system.

Tor

Free and open-source software for enabling anonymous communication by directing internet traffic through a worldwide volunteer overlay network.

Two-Factor Authentication (2FA)

Security process in which users provide two different authentication factors to verify themselves.

U

User Access Control

Security technique that regulates who or what can view or use resources in a computing environment.

V

Virtual Private Network (VPN)

Encrypted connection over the internet from a device to a network to ensure private data transmission.

Vulnerability

A weakness in a system that can be exploited by threats to gain unauthorized access or perform unauthorized actions.

W

Whistleblowing

The activity of a person who exposes information or activity that is deemed illegal, unethical, or not correct within an organization.

Z

Zero-Day

A computer software vulnerability that is unknown to those who should be interested in mitigating the vulnerability.

Zero-Knowledge

A method by which one party can prove to another party that they know a value without conveying any information apart from the fact that they know the value.

D.2 Essential References and Resources

Security and Privacy Guides

Digital Security Resources

• Surveillance Self-Defense (EFF): ssd.eff.org
  • Comprehensive digital security guide for activists and journalists
  • Threat modeling, secure communications, device security
• Security Education Companion: securityeducationcompanion.org
  • Digital security training curricula and resources
  • Trainer guides and participant materials
• Level Up: level-up.cc
  • Holistic security training resources for civil society
  • Trauma-informed security training approaches
• Tactical Technology Collective: tacticaltech.org
  • Digital security and privacy tools for activists
  • Research on surveillance and digital rights

Privacy and Anonymity Guides

• Tor Project Documentation: tb-manual.torproject.org
  • Official Tor Browser user manual and security guidance
  • Anonymity and privacy protection techniques
• Tails Documentation: tails.boum.org/doc
  • Comprehensive guide to using Tails operating system
  • Amnesic and anonymous computing practices
• Privacy International: privacyinternational.org
  • Global privacy rights advocacy and research
  • Surveillance technology analysis and countermeasures

Legal Resources

Know Your Rights

• ACLU Know Your Rights: aclu.org/know-your-rights
  • Constitutional rights during police encounters
  • Protest rights and legal protections
• National Lawyers Guild Legal Observer Manual: nlg.org
  • Legal observer training and procedures
  • Protest law and civil rights documentation
• Electronic Frontier Foundation: eff.org
  • Digital rights and privacy law resources
  • Legal guides for technology users and activists

Legal Support Organizations

• Center for Constitutional Rights: ccrjustice.org
  • Civil rights litigation and advocacy
  • Legal support for social justice movements
• National Police Accountability Project: nlg-npap.org
  • Police misconduct litigation and advocacy
  • Legal resources for police accountability

Technical Resources

Cryptography and Security

• Applied Cryptography by Bruce Schneier
  • Comprehensive guide to cryptographic protocols and algorithms
  • Practical cryptography implementation guidance
• The Codebreakers by David Kahn
  • Historical perspective on cryptography and codebreaking
  • Understanding cryptographic principles and applications
• Computer Security: Art and Science by Matt Bishop
  • Academic treatment of computer security principles
  • Comprehensive security theory and practice

Network Security

• Wireshark Documentation: wireshark.org/docs
  • Network protocol analysis and security monitoring
  • Traffic analysis and network security assessment
• Nmap Documentation: nmap.org/docs.html
  • Network discovery and security auditing
  • Network mapping and vulnerability assessment

Operational Security Resources

Intelligence and Surveillance

• The Art of Intelligence by Henry A. Crumpton
  • Intelligence operations and analysis principles
  • Understanding intelligence collection and analysis
• Surveillance Countermeasures by Peter Jenkins
  • Practical surveillance detection and evasion techniques
  • Counter-surveillance operations and procedures

Resistance and Activism

• Rules for Radicals by Saul Alinsky
  • Community organizing and activism strategies
  • Tactical approaches to social change
• The Activist’s Handbook by Randy Shaw
  • Practical guide to effective activism and organizing
  • Campaign strategy and tactical planning

Historical References

Resistance Movements

• The Resistance by Matthew Cobb
  • French Resistance during World War II
  • Organizational structures and operational security
• A Force More Powerful by Peter Ackerman and Jack DuVall
  • Nonviolent resistance movements throughout history
  • Strategic nonviolent action and civil resistance

Intelligence History

• Legacy of Ashes by Tim Weiner
  • History of the CIA and intelligence operations
  • Understanding intelligence capabilities and limitations
• The Puzzle Palace by James Bamford
  • History and operations of the National Security Agency
  • Electronic surveillance and signals intelligence

Technical Manuals and Standards

Security Standards

• NIST Cybersecurity Framework: nist.gov/cyberframework
  • Cybersecurity risk management framework
  • Security controls and implementation guidance
• ISO 27001/27002 Information Security Standards
  • International information security management standards
  • Security controls and risk management frameworks

Cryptographic Standards

• FIPS 140-2 Security Requirements for Cryptographic Modules
  • Federal standard for cryptographic module security
  • Hardware and software security requirements
• RFC Cryptographic Standards: tools.ietf.org/rfc
  • Internet Engineering Task Force cryptographic protocols
  • Standard cryptographic algorithms and implementations

D.3 Organizations and Networks

Digital Rights Organizations

International Organizations

• Electronic Frontier Foundation (EFF): eff.org
  • Digital rights advocacy and legal support
  • Privacy tools and digital security resources
• Privacy International: privacyinternational.org
  • Global privacy rights advocacy and research
  • Surveillance technology analysis and policy advocacy
• Access Now: accessnow.org
  • Digital rights advocacy and emergency support
  • Digital security helpline and rapid response
• Article 19: article19.org
  • Freedom of expression and information advocacy
  • Digital rights and online freedom of expression

Regional Organizations

• European Digital Rights (EDRi): edri.org
  • European digital rights advocacy network
  • Privacy and digital rights policy advocacy
• Derechos Digitales: derechosdigitales.org
  • Latin American digital rights advocacy
  • Privacy and surveillance policy research

Legal Support Organizations

Civil Rights Organizations

• American Civil Liberties Union (ACLU): aclu.org
  • Constitutional rights advocacy and litigation
  • Know your rights resources and legal support
• Center for Constitutional Rights: ccrjustice.org
  • Civil rights litigation and advocacy
  • Legal support for social justice movements
• National Lawyers Guild: nlg.org
  • Legal support for activists and protesters
  • Legal observer training and jail support

International Legal Support

• Amnesty International: amnesty.org
  • Human rights advocacy and legal support
  • International human rights monitoring and advocacy
• Human Rights Watch: hrw.org
  • Human rights research and advocacy
  • International human rights monitoring and reporting

Security and Privacy Organizations

Security Research Organizations

• Citizen Lab: citizenlab.ca
  • Digital surveillance and security research
  • Targeted surveillance and digital espionage research
• Tactical Technology Collective: tacticaltech.org
  • Digital security tools and training for activists
  • Surveillance and privacy research and advocacy

Privacy Advocacy Organizations

• Electronic Privacy Information Center (EPIC): epic.org
  • Privacy rights advocacy and policy research
  • Government surveillance and privacy policy advocacy
• Fight for the Future: fightforthefuture.org
  • Digital rights activism and campaign organization
  • Internet freedom and privacy advocacy campaigns

Technical Security Organizations

Open Source Security Projects

• Tor Project: torproject.org
  • Anonymous communication software and research
  • Privacy and anonymity technology development
• Guardian Project: guardianproject.info
  • Open source security and privacy tools for mobile devices
  • Secure communication and privacy applications
• Open Technology Fund: opentech.fund
  • Internet freedom technology development and support
  • Digital security and privacy tool funding and development

Security Training Organizations

• Security Education Companion: securityeducationcompanion.org
  • Digital security training curricula and resources
  • Security trainer development and support
• Level Up: level-up.cc
  • Holistic security training for civil society
  • Trauma-informed security training and resources

D.4 Additional Reading and Study Materials

Essential Books

Security and Privacy

1. “Data and Goliath” by Bruce Schneier
   • Surveillance capitalism and privacy protection
   • Policy and technical approaches to privacy
2. “The Age of Surveillance Capitalism” by Shoshana Zuboff
   • Economic analysis of surveillance and data extraction
   • Understanding surveillance business models
3. “No Place to Hide” by Glenn Greenwald
   • NSA surveillance revelations and implications
   • Government surveillance capabilities and overreach

Resistance and Activism

1. “From Dictatorship to Democracy” by Gene Sharp
   • Strategic nonviolent resistance theory and practice
   • Political defiance and resistance strategy
2. “The Politics of Nonviolent Action” by Gene Sharp
   • Comprehensive theory of nonviolent resistance
   • Methods and dynamics of nonviolent struggle
3. “Direct Action” by L.A. Kauffman
   • History of direct action and civil disobedience
   • Tactical innovation in social movements

Intelligence and Security

1. “The Art of War” by Sun Tzu
   • Classical strategic thinking and tactical principles
   • Intelligence and strategic planning concepts
2. “On War” by Carl von Clausewitz
   • Military strategy and tactical theory
   • Understanding conflict and strategic thinking
3. “The Craft of Intelligence” by Allen Dulles
   • Intelligence operations and analysis principles
   • Understanding intelligence collection and analysis

Academic Journals and Publications

Security and Privacy Research

• IEEE Security & Privacy Magazine
  • Academic research on security and privacy topics
  • Technical and policy analysis of security issues
• ACM Transactions on Privacy and Security
  • Peer-reviewed research on privacy and security
  • Technical advances in privacy and security technology

Social Movement Research

• Social Movement Studies
  • Academic research on social movements and activism
  • Theoretical and empirical analysis of resistance movements
• Mobilization: An International Quarterly
  • Social movement theory and research
  • Comparative analysis of social movements and activism

Online Resources and Databases

Security and Privacy Resources

• OWASP (Open Web Application Security Project): owasp.org
  • Web application security resources and tools
  • Security testing and vulnerability assessment
• SANS Institute: sans.org
  • Information security training and certification
  • Security research and threat intelligence

Research and Analysis

• Bellingcat: bellingcat.com
  • Open source investigation techniques and case studies
  • Digital forensics and online investigation methods
• Exposing the Invisible: exposingtheinvisible.org
  • Investigation techniques and tools for activists
  • Digital security for investigators and researchers

End of Field Manual FM-R1

This field manual represents a comprehensive guide to resistance operations and security practices. Regular updates and revisions ensure continued relevance and effectiveness in changing operational environments.