CreditsLast Updated 2017-06
The goal of this session is to introduce participants to the strategic critical thinking process that goes into making informed decisions about the implementation of digital security practices and tools, and to identify resources that will help them stay up to date after the training.
This session was developed for, and should be attributed to, the Institute for War & Peace Reporting resource “Cyberwomen: Holistic Digital Security Training Curriculum for Women Human Rights Defenders” under a Creative Commons Attribution-Share Alike 4.0 International CC BY-SA 4.0 License
As this session requires a basic level of baseline knowledge of digital security concepts, it is best suited for a multi-day training or as part of a shorter workshop focused more on designing individual security protocols.
Step 1 | Start by asking participants how many times they have asked a trainer or other expert a question about digital security, only to receive different answers each time depending on who they ask – it’s quite confusing, right? Sometimes when we ask for advice on digital security, people who offer to help may not walk us through a process, but will just “fix the problem” on our devices without explaining what they’ve done – wouldn’t you rather know what it is that they did so you can replicate the process if the problem arises again?
Step 2 | Explain that the goal of this session is to introduce the group to the strategic critical thinking process that goes into making informed decisions about the implementation of digital security practices and tools, and to identify resources that will help them stay up to date after the training. Discuss how digital security is about more than just downloading new apps, it is about knowing your practices well and making informed decisions to build a safer environment for yourself.
Step 3 | Show or demonstrate once more to participants a few of the tools or platforms that you might have presented previously to the participants (e.g. Signal, HTTPS Everywhere, ObscuraCam, Skype, Telegram, etc.) – ask them to identify which type of software each one is according to the information they have access to, such as a tool’s website.
Step 4 | Explain what proprietary (closed source) software is: what are the characteristics of this type of software (provide examples of programs). What are the digital security implications of using this type of software?
Step 5 | Explain what open source software is: what are the characteristics of this type of software (provide examples of programs). What are the digital security implications of using this type of software? Be sure to also explain the open source software community and software auditing for context.
Step 6 | Explain what FLOSS (Free/Libre and Open Source Software) is: what are the characteristics of this type of software (provide examples of programs). What are the digital security implications of using this type of software?
Step 7 | If you’ve already done the exercise “Who Do You Trust?”, remind the group of the examples of adversaries they shared; likewise, if you already covered the Deepening session “Gender Based Risk-Model”, remind the group of the risk model you created together. This is all to ultimately reinforce that that not everybody has the same needs or faces the same risks in terms of digital security:
Step 8 | The following questions are important ones to ask when considering using a new platform or tool – explain this to participants. You don’t need to go through and answer each one individually (as they are very specific), but be sure to read them out loud and give a bit of background for why each is important:
Step 9 | Remind the group once more that there is not one universal digital security solution or recommendation for everybody - not all tools will be proper fit for every user. Being strategic about digital security tools and practices is more about getting to know ourselves better as users, choosing which tools work best for each of us based on our knowledge of our own circumstances.
Step 10 | Point out to the group that a lot of digital security software incorporates encryption to varying degrees – explain to participants that if encryption is an important feature for them, then open-source software is recommended. Open source software can be audited by the community to ensure that there are no backdoors; if a given tool’s software does not incorporate encryption, and encryption is not an important factor in decision making, the use of open-source software may be less important (though certainly cheaper).
Step 11 | Complete this part of the session by having participants split up into groups of 3-4 people (maximum) – in their groups, ask them to make a list of some digital security tools they know, and to answer the questions listed about each one. As they go, each group should discuss the advantages and disadvantages they find within in each of the tools they listed – give participants about 10-15 minutes for this step, with each group sharing their outcomes once time is up.
Step 12 | Provide participants with the set of WHRD case infographics (see [DEFINE LOCATION]) and ask them to remain in their groups from the previous step – make sure you have enough cases to give one to each group. Don’t share the solution component with the groups – during this step, participants should work together to come up with their own solutions based on the information they have been provided during this session and what they might already know about digital security tools.
Step 13 | It’s important for your participants to have access to further resources once the training is complete, that they can refer to in order to maintain their practice and to keep themselves updated on new tools or practices that emerge from the digital security community. Here are some suggested resources which you can offer to your participants:
Zen and the Art of Making Tech Work for You
Tactical Technology Collective
Security in a Box
Frontline Defenders & Tactical Technology Collective
Electronic Frontier Foundation
Genios de Internet (Spanish)