By Erica ‘Diya’ Basu
Harlo Holmes, Director of Newsroom Digital Security at the Freedom of the Press Foundation, led a Digital Security Clinic on Friday, October 13 at American University’s School of Communication. The session was co-sponsored by AU’s Internet Governance Lab, the Center for Media & Social Impact and the Internet Society of Washington, DC.
AU SOC Associate Professor Aram Sinnreich opened the discussion by highlighting the fact that digital security is a cultural issue and called on the audience to embrace a social norm of #DataLove, placing people at the center of digital security discussions. Policy circles have tended to view digital security primarily through a binary lens, between the geopolitical exigencies of national sovereignty and security and the economic drivers of commercial profit and competitive edge.
Harlo grounded her discussion on a “Threat Modeling” tool to assess digital security vulnerabilities. A practical, four-part schema that individuals could use to not feel overwhelmed and gain control of what was at stake with one’s online information. Ask yourself four questions. What assets or what is it that I am protecting – passwords, personal information, emails, photographs, financial data? Who is the adversary, who am I protecting this information from – companies, hackers, social and professional enemies, governments? What resources do my adversaries have, to access this information – technical expertise, time, monetary resources? How far will I go and what are my abilities to protect my assets – gain information, invest in anti-malware software, use better authentication options? The sheer practicality of the model resonated well with the audience especially considering recent data breaches reported by Yahoo, Target, Equifax, and Whole Foods. And reports of stalking and cyberbullying incidents on social networking sites like Facebook and Twitter. We have either been victims ourselves or know of family and friends who have been affected by their data being stolen or whose identities were compromised on the Internet.
Harlo provided useful tips on managing one’s digital “assets,” like using pass-phrases instead of passwords, password manager software, two-factor authentication and physical USB keys to secure our online data. She encouraged the use of end-to-end encryption platforms like Signal and WhatsApp, and reminded the audience of the distinct kinds of phishing ploys that “adversaries” may use to access our devices and our data.
Developing a culture of #DataLove may be the way forward as we navigate a hyper-networked world. Where our attitudes about digital security may often be at odds with our actions as we voluntarily and involuntarily leave larger and deeper digital footprints on the Internet. To this end, Harlo’s fourth question from the Threat Modeling tool was a telling one – how far will we go to protect our online assets and improve our digital security?
Check out the presentation below, which begins at the 22:42 minutes.