digi securitypres
TRANSCRIPT
Digital Risks and Security for Activists
eCampaigning ForumFuture ForumApril 11th, 2014
Dirk SlaterFabRiders- www.fabrider.net
@fabrider
Evolution of Information Security Stuff that makes us vulnerable The Problem with Online Services and Security
Tools Frameworks for Information Security Responsibility of Data Collectors Some tools and resources
Today
A personal look at protecting information The rise of the relational database
Evolution of Information Security
Stuff that makes us Vulnerable
• Email• Search engines• Web browsers• Cloud services• VoIP comms• Social networking
• (i.e. everything we do on the internet)
MOBILES
Stuff That Makes Us Vulnerable
The problem with online services
If you aren't paying for it you are the product
The problem with online services
The problem with online services
Why are we surprised?
The problem with security tools
They are often counter-intuitive and not in the reach of mere mortals
They often arise suspicion
It's an arms race
Information about us is shared everywhere Online Services are completely insecure and are
making money off the information they are collecting Security tools are problematic
So?
What about just using a notebook?
How does information itself make people vulnerable?
Information Security not Digital Security
Three things to remember when sharing information
What are your assets?What are the threats?What are the risks?
Assets
How is the information valuable?
What is the threat?
• Confidentiality is keeping assets or knowledge about assets away from unauthorized parties.
• Integrity is keeping assets undamaged and unaltered.
• Availability is the assurance that assets are available to parties authorized to use them.
• Consistency is when assets behave and work as expected, all the time.
• Control is the regulation of access to assets.
• Audit is the ability to verify that assets are secure.
What is the Risk?
The Likelihood of a Threat Actually Occurring:• Confidentiality• Integrity• Availability• Consi• stency• Control • Verification
Responsibility of Data Collection
• How can information be traced back to real people?
• What are the implications of that?
Responsibility of Data Collection
• Do you have consent?• Do people understand how you are
going to use the data?• Do people understand the risks?
Five Questions About Security Solutions*
What assets are you trying to protect? What are the risks to those assets? How well does the security solution mitigate
those risks? What other risks does the security solution
cause? What costs and trade-offs does the security
solution impose?* from Bruce Shneier's book 'Beyond Fear'
Password Managers PGP (email encryption) TOR The Guardian Project (TOR for
Android)
Security Tools to Consider
What are the assets, risks, & threats? Be responsible in your data collection Consider using security tools after you’ve assessed
their impact
Remember
EFF’s Surveillance Self Defense - https://ssd.eff.org/risk
Tactical Tech’s Protect Program – https://protect.tacticaltech.org/
Me and My Shadow https://myshadow.org/# Article 19’s Online Protection Videoshttp
://www.article19.org/online-protection/
Resources
Dirk Slater
FabRiders
www.fabriders.net
Twitter: @fabrider
THANKS!!!