- What threat modeling is
- Strategies for reducing threats to your digital security
You may hear that there is no such thing as perfect digital security, and we agree. The surveillance capabilities of a well-resourced adversary are nearly limitless, and those that we described in “Digital Threats to Social Movements” barely scratch the surface. However, not all risks are equal, not all surveillance tools are equally likely to be used, and there is a lot that an individual and a group can do to reduce the threats due to surveillance.
We can model a digital security threat in terms of the following relationship:
In this model, surveillance capabilities refers to your opponent’s level of resources, as discussed in the chapter “Digital Threats to Social Movements.” Suppression risk refers to the ways in which your opponent may try to undermine you, as discussed in the chapter “Mechanisms of Social Movement Suppression.”
It is important to keep in mind that surveillance supports suppression both indirectly and directly. Many of the examples we gave in the chapter “Mechanisms of Social Movement Suppression” were indeed supported by surveillance:
- The direct violence meted out on Black Panther Party leader Fred Hampton through a targeted assassination was supported by detailed knowledge of his schedule and apartment layout.
- The US Department of Justice issued threats of sanction through the legal system against those individuals organizing the protests of Donald Trump’s inauguration and requested to obtain all website traffic information of an organizing web page (described at the end of the chapter “Anonymous Routing”).
- Steven Salaita’s employment deprivation was a result of the monitoring of his Twitter activity.
- The deception used by the FBI against Mohamed Mohamud began with the monitoring of Mohamud’s email.
Reducing the Threat
We can reduce digital security threats by decreasing surveillance capabilities or suppression risk or by increasing the effort required to obtain one’s data.
Reducing Surveillance Capabilities
Most activists have little immediate control over surveillance capabilities. However, there are a number of laudable efforts to regulate surveillance with some success, such as the banning of face recognition and CSS in certain jurisdictions. But unless your social movement work is aimed at trying to ban or limit surveillance, going down this route would take you away from your goals.
Reducing Suppression Risk
Likewise, activists have little control over suppression risk. You could minimize the risk of suppression by reducing the threat to your opponent, but then you would be succumbing to the chilling effect.
Increasing the Effort Required to Obtain Your Data
That leaves us with increasing the effort required to obtain your data, which is the focus of the remainder of this book. While protecting all data is important (the more your opponent knows about you, the better they can undermine you), we encourage putting any additional effort in protecting your data toward the most protective strategies. So to guide that effort, you should keep in mind the surveillance capabilities of your opponents and their likely modes of suppressing your efforts. To this end, focus on protecting data that:
- could most likely be used to suppress your efforts and
- is most vulnerable to surveillance.
Understanding point 1 will be through a deep understanding of the efforts and opponents of a given social movement. To consider point 2, we need to understand where your data is (described below) and how to protect it (which will be discussed in the remaining chapters of this book).
Where Is Your Data?
We take different protective strategies depending on where data is vulnerable. Your information becomes data when it is put on a device (e.g., a cell phone or laptop) and then may be transmitted through the internet via service providers. We distinguish here between websites where you may be browsing or cloud providers where your data may be held (from Google to Facebook).
In the remaining chapters, we discuss how to protect where your data is. In the chapter “Security Culture,” we discuss how to decide whether your information becomes data (when you have control over it) and whether to store your data in the cloud—that is, whether you want your data to transmit over the red arrows. In the chapter “Protecting Your Devices,” we discuss how to protect data that is held on devices that you have control over (e.g., your laptop and cell phone). In the chapter “Protecting Your Communications,” we discuss how to protect your data while it transmits from you to your destination, be that a website, cloud provider, or another person. In the chapter “Protecting Your Remote Data,” we discuss how to protect data that is held in the cloud if you have made the decision to do so.
We then discuss how to protect your identity—that is, how to be anonymous or pseudonymous online and break through censorship—in the chapter “Protecting Your Identity.” Finally, we discuss how to select digital security tools in the conclusion and give the principles we use for our recommendations.
In Context: Edward Snowden
In the years leading up to 2013, Edward Snowden collected data from his workplaces (mostly NSA subcontractors) that he had access to in his role as a systems administrator. Snowden’s leaks of troves of classified material illustrated just how advanced and broadly deployed the surveillance tactics of many of the world’s most powerful governments were. However, in order to make these disclosures, Snowden was up against a powerful adversary: the National Security Agency itself.
Snowden was unlikely to achieve long-term anonymity—his goal was to keep his behaviors (collecting information) and goal (whistleblowing) unknown for long enough to leak the information to journalists, who would responsibly report on it, and hopefully long enough to get to a safe haven, where he could live in freedom. It took months for Snowden to set up an encrypted communications channel with Glenn Greenwald (a journalist known for fearless, deep reporting), this being in the days before “plug-and-play” end-to-end encrypted messaging apps. But once the reporting on Snowden’s disclosures started, he knew his identity would be discovered and unmasked himself. Snowden didn’t end up where he had hoped (Latin America). His US passport was canceled during his flight from Hong Kong (where he disclosed his leads to Glenn Greenwald) to Russia, preventing him from further air travel. Snowden was able to claim asylum in Russia.
However, Snowden was very successful in his whistleblowing, with the reporting lasting for years after and with numerous changes to our communications: encryption is more commonly available now, so much so that many people don’t even know when their conversations are end-to-end encrypted.