[[PageOutline]] = Computer and communications security workshop at the 2008 [http://anarchistbookfair.net/ NYC Anarchist Book Fair] = Discussion about this is going on on #590. Feel free to edit here, and put commentary on [ticket:590 that ticket]. == Logistical Details == This will be a 75 minute workshop on Saturday, 2008-04-12, from 12:45 to 14:00. We're expecting around 20-25 people, most of whom will be non-techies, but anarchists and activists who are interested in how to better understand the online tools they use. === Schedule === * Introduce presenters, basic overview: security is about making tradeoffs, not everything is right for everyone (~3 minutes) : `jamie` * Highlight ideas to keep in mind (see [wiki:nyc_anarchist_book_fair_2008#UnderlyingIdeas Underlying Ideas section below]) (~3 minutes) : `dkg` * Tell major stories (see [wiki:nyc_anarchist_book_fair_2008#UseCasesCaseStudies Case Studies section below]) (~15 minutes) : `micah` * role play (~20 minutes) : `takethestreets` * discussion and wrapup (~30 minutes) : introduced by `???` === Introduction === * Welcome and introductions (if less than 20 people, full go around, if more than 20 only introduce workshop organizers) * Topic: security in activism, particularly around Internet and technology * Audience: intended for non-technical audience, please help create a space where people feel comfortable asking questions * Trade-off: Security is not absolute - it is always a trade off. Too much security makes communication cumbersome and involving new people difficult. * Varied: everyone's security needs are different, always consider what your particular needs in a given moment == Underlying Ideas == We want to help people to evaluate their online activities in reference to ideas that they're already somewhat comfortable with from their everyday life. Four useful ideas people can use to evaluate their communications strategies are: Privacy:: Who can see my communications? Is it only the people i expect? What does privacy mean when sending the same message to many people? Who can breach the privacy? Authenticity:: When i receive messages, how do i know who they're from? Are they really from that person? When i communicate messages where my identity is important and relevant, how can the people i'm communicating with know that my messages are really from me? Anonymity:: When i want to communicate ''without'' divulging my identity (whistleblowing, etc), how can i be sure that my identity is protected? Reliability/Access:: Is the communications medium i'm using something i can rely on? Who controls the medium? Can it be shut down or interrupted? Will it be there when i need it urgently? == Framing Questions == Get people to think about these questions, even if they don't know all the answers * what are you doing? * who are your adversaries? * what might they be capable of doing? * what parts of the themes are you concerned about? == Use Cases/Case Studies == We're interested in addressing particular common scenarios. We're not lawyers, so we won't get into legal advice. Some scenarios that we will explicitly tell before the roleplay are: * "private" mailing list for NYC activist group on corporate provider being monitored by police * portside archive removal by yahoo groups * AttemptedSeizure of Seattle IMC servers during Quebec FTAA conference Other scenarios: * Chinese dissident bloggers getting their personal info turned over to the authorities from their blog hosts * Upstream ISPs shutting down your site in response to a DMCA cease'n'desist or other thread of legal action. * Collusion between corporate e-mail providers and illegal government surveillance * E-mail encryption -- what does it mean? * IM encryption -- how does this differ from e-mail encryption? * Search engine queries and online purchases can be tracked to an individual * Metadata (in JPEGs, Microsoft Office files, etc.) == Role Play == Roleplay notes are at [wiki:RolePlay] == Followup == We should pass around a signup sheet asking for people to indicate interest in a followup workshop. For OpenPGP, we should announce plans to have ongoing OpenPGP workshops at the No Rio Computer Center on Sunday afternoons, if that works for people. == Materials == What materials will we need to provide? * Paper, pens, identity signs, instructions, markers, envelopes for role play : `takethestreets` * butcher paper for presentation, more markers : `dkg` === Unaccounted for materials === * signup sheets for followup * posters to invite people to the workshop == Outreach == How should we solicit participants for the workshop before/during the day it takes place? Are there mailing lists we should send out invites to? Blogs to post on?