[[PageOutline]] = Computer and communications security workshop at the 2008 [http://anarchistbookfair.net/ NYC Anarchist Book Fair] = Discussion about this is going on on #590. Feel free to edit here, and put commentary on [ticket:590 that ticket]. == Logistical Details == This will be a 75 minute workshop on Saturday, 2008-04-12, from 12:45 to 14:00. We're expecting around 20-25 people, most of whom will be non-techies, but anarchists and activists who are interested in how to better understand the online tools they use. === Schedule === * Introduce presenters (~2 minutes) * Highlight ideas to keep in mind (~2 minutes) * introduce role play (~2 minutes) * role play (~30 minutes) * discussion and wrapup (~30 minutes) == Underlying Ideas == We want to help people to evaluate their online activities in reference to ideas that they're already somewhat comfortable with from their everyday life. Four useful ideas people can use to evaluate their communications strategies are: Privacy:: Who can see my communications? Is it only the people i expect? What does privacy mean when sending the same message to many people? Who can breach the privacy? Authenticity:: When i receive messages, how do i know who they're from? Are they really from that person? When i communicate messages where my identity is important and relevant, how can the people i'm communicating with know that my messages are really from me? Anonymity:: When i want to communicate ''without'' divulging my identity (whistleblowing, etc), how can i be sure that my identity is protected? Reliability/Access:: Is the communications medium i'm using something i can rely on? Who controls the medium? Can it be shut down or interrupted? Will it be there when i need it urgently? == Use Cases/Case Studies == We're interested in addressing particular common scenarios. We're not lawyers, so we won't get into legal advice. Some scenarios that we want people to think about (via role play and discussion - see below) are: * Chinese dissident bloggers getting their personal info turned over to the authorities from their blog hosts * Upstream ISPs shutting down your site in response to a DMCA cease'n'desist or other thread of legal action. * Collusion between corporate e-mail providers and illegal government surveillance * E-mail encryption -- what does it mean? * IM encryption -- how does this differ from e-mail encryption? * Search engine queries and online purchases can be tracked to an individual * Metadata (in JPEGs, Microsoft Office files, etc.) == Role Play == Roleplay notes are here: RolePlay We have not fully figured out what role plays we can do or how to organize them. We discussed having one role play that attempts to address the scenarios/use cases above or doing a series of simpler role plays, each one addressing one or a few of the scenarios/use cases above. One role play we discuss: each participant is issued an identity, objectives, and complicating restrictions. People in the room all stand in a circle, facing outward, away from each other, but with hands within reach. People do not walk around. Each person has a pad of paper and a pen, and is issued an "e-mail address". One subgroup of people in the room is a group of activists, trying to select a time for their next action (a surprise picket, say). They need to pick a time when as many of them can make it as possible, and they need to do this by writing notes on paper and handing them off around the room. Other scenarios/objectives? == Followup == We should pass around a signup sheet asking for people to indicate interest in a followup workshop -- for example, if there's a sense that the crowd really wants to learn how to use OpenPGP, we'd like to schedule a time that interested folks can actually get trainings. == Materials == What materials will we need to provide? * Paper, pens, identity badges (playing cards?), instructions, envelopes for role play * carbon paper for simulating a mailing list? * signup sheets for followup * posters to invite people to the workshop == Outreach == How should we solicit participants for the workshop before/during the day it takes place? Are there mailing lists we should send out invites to? Blogs to post on?