Computer and communications security workshop at the 2008 ​NYC Anarchist Book Fair

Logistical Details

This will be a 75 minute workshop on Saturday, 2008-04-12, from 12:45 to 14:00.

We're expecting around 20-25 people, most of whom will be non-techies, but anarchists and activists who are interested in how to better understand the online tools they use.

Schedule

• Introduce presenters (~2 minutes)
• Highlight ideas to keep in mind (~2 minutes)
• introduce role play (~2 minutes)
• role play (~30 minutes)
• discussion and wrapup (~30 minutes)

Underlying Ideas

We want to help people to evaluate their online activities in reference to ideas that they're already somewhat comfortable with from their everyday life. Four useful ideas people can use to evaluate their communications strategies are:

Privacy

Who can see my communications? Is it only the people i expect? What does privacy mean when sending the same message to many people? Who can breach the privacy?

Authenticity

When i receive messages, how do i know who they're from? Are they really from that person? When i communicate messages where my identity is important and relevant, how can the people i'm communicating with know that my messages are really from me?

Anonymity

When i want to communicate without divulging my identity (whistleblowing, etc), how can i be sure that my identity is protected?

Reliability/Access

Is the communications medium i'm using something i can rely on? Who controls the medium? Can it be shut down or interrupted? Will it be there when i need it urgently?

Use Cases/Case Studies

We're interested in addressing particular common scenarios. We're not lawyers, so we won't get into legal advice.

Some scenarios that we want people to think about (via role play and discussion - see below) are:

• Chinese dissident bloggers getting their personal info turned over to the authorities from their blog hosts
• Upstream ISPs shutting down your site in response to a DMCA cease'n'desist or other thread of legal action.
• Collusion between corporate e-mail providers and illegal government surveillance
• E-mail encryption -- what does it mean?
• IM encryption -- how does this differ from e-mail encryption?
• Search engine queries and online purchases can be tracked to an individual

Role Play

We have not fully figured out what role plays we can do or how to organize them. We discussed having one role play that attempts to address the scenarios/use cases above or doing a series of simpler role plays, each one addressing one or a few of the scenarios/use cases above.

One role play we discuss: each participant is issued an identity, objectives, and complicating restrictions.

People in the room all stand in a circle, facing outward, away from each other, but with hands within reach. People do not walk around. Each person has a pad of paper and a pen, and is issued an "e-mail address".

One subgroup of people in the room is a group of activists, trying to select a time for their next action (a surprise picket, say). They need to pick a time when as many of them can make it as possible, and they need to do this by writing notes on paper and handing them off around the room.

Other scenarios/objectives?

Followup

We should pass around a signup sheet asking for people to indicate interest in a followup workshop -- for example, if there's a sense that the crowd really wants to learn how to use OpenPGP, we'd like to schedule a time that interested folks can actually get trainings.

Materials

What materials will we need to provide?

• Paper, pens, identity badges (playing cards?), instructions, envelopes for role play
• carbon paper for simulating a mailing list?
• signup sheets for followup
• posters to invite people to the workshop

Outreach

How should we solicit participants for the workshop before/during the day it takes place? Are there mailing lists we should send out invites to? Blogs to post on?