Good Cyber Story
Country: Colombia
Theme: Human Rights
Target Groups: Society, Government
Dominant Genes: Transparency and Accountability, Multi-Stakeholder Participation, Legal and Institutional Framework
DNA sequence Info


Klab1 1024x576

The challenge

Klab2 1024x576

Citizens, civil society organisations, journalists, human rights defenders and activists use the Internet and digital technologies to carry out their day-to-day activities, to guarantee access to reliable information, to hold leaders accountable, to safeguard civil liberties online as well as offline, and ultimately to uphold democratic values. While the Internet provides opportunities to increase participation, fight discrimination, promote human rights and foster development, cyberspace is also misused by malicious actors and governments to restrict Internet access, violate civil liberties and unlawfully infringe citizens’ privacy, among others.

According to Access Now, in 2019 a total of 213 Internet shutdowns were registered across 33 countries, which amounted to 1706 days of Internet disruption. Insufficient levels of cybersecurity can also lead to the loss or disclosure of confidential data. These issues represent not only a cybersecurity concern, but also a concrete barrier for development. Societal awareness and political traction regarding digital rights and the interlinkages between ICTs and development are increasing in Latin America, where mass-scale deployment of interconnected services has heightened concerns about citizens’ privacy and data protection, freedom of expression, digital activism and cybersecurity.

A response

The Karisma Foundation’s Digital Security and Privacy Lab (K+LAB) is the initiative in which this story is inserted. It was officially launched in 2018 as one of the responses to the digital security problems faced by civil society organisations, journalists, human rights defenders and activists in Colombia. Through this initiative, Karisma contributes to the principle of co-responsibility that was introduced by the 2016 National Cybersecurity Strategy.

The K+LAB has three strategic objectives:

  • analysing, in a non-intrusive way, the security and privacy of government websites and apps;
  • carrying out awareness-raising and training programmes for Colombian civil society organisations in order to improve their security and digital privacy;
  • providing evidence for the policy advocacy undertaken by the organisation.
In relation to the first strategic objective, the K+LAB is a citizen exercise aiming to contribute to the country’s digital security by developing DIY methodologies and collecting evidence to inform policymaking. The citizen audit exercises on digital security that Karisma carried out allowed the organisation to identify the need to have an effective and coordinated disclosure channel to report and fix identified vulnerabilities in the country.

K+LAB analyses in a non-intrusive way the security and privacy of governmental web pages, but does not limit its work to security assessments. Working from the idea of joint responsibility, it keeps in constant touch with policymakers to ensure that its findings contribute to better policies. In addition, K+LAB collaborates with Colombian civil society organisations to raise awareness and improve their digital security, working in areas as diverse as consumer defence, LGBTI rights, environmental protection, women’s organisations, organisations of victims and displaced persons, and groups of journalists.

You can learn more about this project here.

The Impact

K+LAB analysed the website Unidad Victimas, containing information on the care, assistance and reparation of more than 8.5 million victims of the internal armed conflict in Colombia.

Thanks to K+LAB’s work, citizens that use this website can be more confident that its cybersecurity is taken seriously and their personal data are kept private: a secure https protocol was implemented, policies and privacy notices were generated and access control was implemented to minimise the risk of sensitive information leakage.

K+LAB also contributed to strengthening the security and data protection policies of the IMEI Colombia Analysis website, where citizens can check data regarding Colombian cell phones that have been blocked due to theft or loss. It provides comments on governmental projects such as the police code, the strategy against cell theft, the Digital Citizen Services decree, the security of the DANE e-census website, and the governmental digital security risk management model.

In order to understand how they protect privacy and address digital security, K+LAB analysed three tools available in Colombia for COVID-19 disease information, symptom tracking, contact tracking, mobility passports, and enforcement measures for quarantines or stay-at-home orders. The organisation produced a technical report as well as some recommendations for national and local authorities on how to better protect the privacy of users.
Klab3 1024x576

Project DNA

Which aspects of this project have contributed to its success? And which, according to the implementing organisations, might play an important role in launching similar initiatives in other parts of the world? The project DNA profiling on the basis of the Good Cyber Stories framework highlighted the importance of three success genes in particular:

T - Transparency and Accountability

Transparency and accountability

M - Multi-Stakeholder Participation

Multi-stakeholder participation

F - Legal and Institutional Framework

Legal and institutional framework


Project DNA

Multi-Stakeholder Participation
Local Ownership
Organisational Capacity
Transparency and Accountability
Legal and Institutional Framework
Political Importance
Societal Awareness

Join the EU Cyber Direct Network

Subscribe to the EU Cyber Direct newsletter and receive updates on our latest research, news, and events