Soteria Model

English

Español
Soomaali
العربية

English

Español
Soomaali
العربية

Appearance

If Compromised

When something goes wrong — a device is lost, a member is arrested, a breach is suspected — you need a clear response. Here's how to handle it.

Types of Compromise

LevelDescriptionResponse
Device Lost/StolenMember's phone is missingIndividual response
Device SeizedPhone taken by authoritiesSegment assessment
Member ArrestedMember detained by authoritiesSegment + cell response
Suspected InfiltratorConcern about a member's loyaltyInvestigation + containment
Active SurveillanceEvidence of ongoing monitoringCell-wide response

Immediate Response: All Situations

  1. Pause: Stop ongoing activities until situation is assessed
  2. Alert: Notify stewards through separate/backup channel
  3. Assess: What information may be compromised?
  4. Contain: Who needs to know? Who needs to change behavior?
  5. Respond: Take appropriate action based on assessment

Device Lost or Stolen

Member Actions

  1. Immediately:

    • Use another device to sign out of Signal remotely (if possible)
    • Alert segment lead through alternate means
    • Change passwords for any accounts on device

  2. Signal Deregistration:

    • On new device, install Signal with same number
    • This deactivates Signal on the lost device

Cell Actions

  1. Remove member from groups until secured
  2. Assess: Was device locked? Encrypted? What was on it?
  3. If low-risk (locked, encrypted, nothing sensitive): resume
  4. If higher-risk: notify affected members

Device Seized by Authorities

Member Actions

  1. Do not unlock if asked — you can refuse (though there may be consequences)
  2. Say: "I do not consent to a search of my device"
  3. Contact an attorney immediately
  4. Alert cell through alternate means when possible

Cell Actions

  1. Assume all content is accessible — encrypted devices can potentially be broken
  2. Remove member from all groups immediately
  3. Notify affected members: "Someone with access to our group has had their device seized"
  4. Assess what information was on the device
  5. Rotate sensitive information (meeting locations, etc.)
  6. Do NOT discuss response in compromised channels

Member Arrested

Immediate Actions

  1. Confirm facts: Who, when, where, by which agency
  2. Contact attorney: Immigration attorney for immigration detention, criminal defense for other arrests
  3. Contact family: Follow the member's emergency plan
  4. Alert cell stewards: Through secure channel

Cell Assessment

  1. What did this member know?
  2. Which segments were they in?
  3. What activities were they involved in?
  4. What communications did they have access to?

Cell Response

  1. Minimize exposure: Pause activities this member knew about
  2. Notify affected members: Without revealing the arrested member's identity to those who don't need to know
  3. Support the member: Legal support, family support (if this won't compromise others)
  4. Monitor situation: Is there evidence of broader enforcement?

Suspected Infiltrator

This is the most difficult scenario — you suspect someone isn't who they claim.

Warning Signs

  • Asking lots of questions about operations, other members
  • Pushing for information beyond their segment
  • Encouraging illegal activity
  • Inconsistencies in their story
  • Voucher expresses doubts or distances themselves
  • Gut feeling shared by multiple people

Response

  1. Don't confront directly — this tips them off
  2. Discuss with stewards only — in person, not on Signal
  3. Freeze their access: Don't add to new groups, don't include in new activities
  4. Assess exposure: What do they already know?
  5. Create distance: Gradually reduce their involvement
  6. If confirmed: Remove from all groups, notify affected members without details

Important

You may be wrong. Act carefully. Wrongly accusing someone damages trust.

Active Surveillance

If you have evidence of surveillance (not just suspicion):

Evidence Examples

  • Consistent vehicle observation
  • Confirmed physical following
  • Device tampering
  • Legal papers revealing monitoring

Response

  1. Full pause: Stop all sensitive activities
  2. In-person steward meeting: No devices, private location
  3. Assess scope: Is it targeted (one person) or broad (the cell)?
  4. Seek legal counsel: Understand your exposure
  5. Decide: Restructure, pause, or dissolve depending on severity

Communication During Compromise

What to Say

  • Keep it brief and factual
  • "There has been a security concern. Pause all activities until further notice."
  • "We are assessing a situation. Stewards will follow up."

What Not to Say

  • Don't speculate
  • Don't assign blame
  • Don't share more than people need to know
  • Don't discuss on potentially compromised channels

Backup Communication

Every cell should have a backup communication plan:

  • Secondary Signal contact for each member
  • In-person meeting location/time if communications go dark
  • Designated all-clear signal to resume

← Physical Security | Security Overview →

A replicable blueprint for community safety. Fork it. Adapt it. Protect each other.

Released under CC BY-SA 4.0 | No tracking. No data collection.