Digital Risks and Security for Activists

eCampaigning ForumFuture ForumApril 11th, 2014

Dirk SlaterFabRiders- www.fabrider.net

@fabrider

Evolution of Information Security Stuff that makes us vulnerable The Problem with Online Services and Security

Tools Frameworks for Information Security Responsibility of Data Collectors Some tools and resources

Today

A personal look at protecting information The rise of the relational database

Evolution of Information Security

Stuff that makes us Vulnerable

• Email• Search engines• Web browsers• Cloud services• VoIP comms• Social networking

• (i.e. everything we do on the internet)

MOBILES

Stuff That Makes Us Vulnerable

The problem with online services

If you aren't paying for it you are the product

The problem with online services

The problem with online services

Why are we surprised?

The problem with security tools

They are often counter-intuitive and not in the reach of mere mortals

They often arise suspicion

It's an arms race

Information about us is shared everywhere Online Services are completely insecure and are

making money off the information they are collecting Security tools are problematic

So?

What about just using a notebook?

How does information itself make people vulnerable?

Information Security not Digital Security

Three things to remember when sharing information

What are your assets?What are the threats?What are the risks?

Assets

How is the information valuable?

What is the threat?

• Confidentiality is keeping assets or knowledge about assets away from unauthorized parties.

• Integrity is keeping assets undamaged and unaltered.

• Availability is the assurance that assets are available to parties authorized to use them.

• Consistency is when assets behave and work as expected, all the time.

• Control is the regulation of access to assets.

• Audit is the ability to verify that assets are secure.

What is the Risk? 

The Likelihood of a Threat Actually Occurring:• Confidentiality• Integrity• Availability• Consi• stency• Control • Verification

Responsibility of Data Collection

• How can information be traced back to real people?

• What are the implications of that?

Responsibility of Data Collection

• Do you have consent?• Do people understand how you are

going to use the data?• Do people understand the risks?

Five Questions About Security Solutions*

What assets are you trying to protect? What are the risks to those assets? How well does the security solution mitigate

those risks? What other risks does the security solution

cause? What costs and trade-offs does the security

solution impose?* from Bruce Shneier's book 'Beyond Fear'

Password Managers PGP (email encryption) TOR The Guardian Project (TOR for

Android)

Security Tools to Consider

What are the assets, risks, & threats? Be responsible in your data collection Consider using security tools after you’ve assessed

their impact

Remember

EFF’s Surveillance Self Defense - https://ssd.eff.org/risk

Tactical Tech’s Protect Program – https://protect.tacticaltech.org/

Me and My Shadow https://myshadow.org/# Article 19’s Online Protection Videoshttp

://www.article19.org/online-protection/

Resources

Dirk Slater

FabRiders

dirk@fabriders.net

www.fabriders.net

Twitter: @fabrider

THANKS!!!