Improving Digital Security & Privacy Practices
This past week I attended a behavior change and digital security workshop hosted by the Tactical Technology Collective in Berlin. Tactical Tech does fantastic work supporting people who engage in information advocacy and activist projects (Rahul, a researcher at the MIT Center for Civic Media, has previously written about his work with the collective). Tactical Tech has long been involved in the digital security space, working on projects like Security in a Box — an introductory handbook aimed at advocates and human rights defenders trying to learn best practices and tools to improve their digital security. They also have a neat project called Me and My Shadow, an awareness raising campaign to get people to think more about the invisible traces left behind from their online and mobile phone activity.
Digital security and privacy are extremely important for journalists and activists, yet many of those who would benefit most from related tools and practices are unable to learn to use them, or unable to incorporate them into their routines. And, given increasingly disturbing revelations of the extent of surveillance by the United States government, the general public may well also think about improving their security and privacy practices. Last week’s workshop brought together digital security trainers, journalists, human-centered designers, and behavior change specialists to think about ways to motivate people, especially those in high-risk circumstances, to improve their digital security and privacy practices.
Before joining the Civic Media team here at MIT, I worked on a project called Hackademia with Beth Kolko. In this project, we brought our experience with participatory research methods to bear on co-designing a technical skill development course with students who self-identified as “non-technical.” Borrowing from resources and practices found in hacker- and maker-spaces, we challenged our students to practice self-directed learning while working on collaborative projects. The course meetings involved both skill building activities and discussion of what it means to “be technical.” We found that there are many factors—not just technical skill—that lead to technical competence. Some of these factors include social support, vocabulary building, motivation, and self-efficacy (if you’re interested, you can read more about our work in a paper we wrote for the Participatory Design Conference). Because learning to use digital security tools can be as challenging and cumbersome as learning other types of technical skills, I tried to connect some of the lessons we learned in the Hackademia project to conversations about the design of training materials, tools, and practices for digital security.
One of my long term goals includes creating informal learning environments for teenagers to engage in technical and artistic skill development, and I’ve been enjoying thinking about how to incorporate digital security training into the mix. One of the conversations that most resonated with me at the event was a group brainstorm about ways to embed digital security training into other kinds of training people might want to receive (data journalism or small business development, for example) to better connect specific skill development with the larger motivations and goals of learners. I believe most people want to learn more about their passion, craft, or cause — not just how to use a new tool.
Speaking of tools, we talked at length about the usability and desirability of current security tools and practices (KeePass, email encryption, OTR messaging, TOR, TrueCrypt, to name a few), most of us agreeing that the poor usability of some of them is a major barrier to use and long-term adoption. I was glad to participate in lots of conversations about design and design research at the event, and I think a focus on who is using security tools and in what contexts will help inform the design of better tools and practices.
There’s a lot more I could say about the event and what was discussed, but to save us both from a longer blog post, I’ll just recommend keeping your eyes peeled for the work that Tactical Tech and friends will be pushing out in the next couple of years related to these topics. In the meantime, feel free to contact me if you want to have a chat about the workshop, digital security, or participatory design for learning!