Your new post is loading...
A few short weeks ago, we were conducting a security training for a group of journalists in Palestine. The journalists were deeply aware of the potential threats facing them—and by not one, but three governments—but didn’t have the first idea of how to mitigate against those threats. “It’s too confusing!” claimed one, while another said it was futile.
Unfortunately, these reactions are all too typical. We’ve heard from a variety of populations all over the world. Despite all of the awareness-raising around surveillance that has taken place over the last year, many individuals feel disempowered, helpless to fight back.
Efforts such as the February 11 initiative the Day We Fight Back aim to empower individuals to lobby their representatives for better regulation of mass surveillance. But legislation and policy are only part of the solution.
In order to successfully protect our privacy, we must take an approach that looks at the whole picture: our behavior, the potential risks we face in disclosing data, and the person or entity posing those risks, whether a government or company. And in order to successfully fight off the feeling of futility, we must understand the threats we face.
In a recent piece for Slate, Cyrus Nemati hems and haws over the complexities of creating a private online existence, ultimately choosing to give up on Internet privacy and embrace the convenience of sharing. While working at an organization that advocates for digital rights, Nemati found himself anxious about his personal privacy and took steps that made browsing “a chore”; later, after getting married and wanting access to social tools, he claims he “learned … to love a less private Internet.”
The truth is that most of us simply can’t protect ourselves from every threat 100 percent of the time, and trying to do so is a recipe for existential dread. But once we understand our threat model—what we want to keep private and whom we want to protect it from—we can start to make decisions about how we live our lives online. You’ll find yourself empowered, not depressed.
Threat modeling is an approach undertaken by the security community. It looks at the specific circumstances of the individual and the potential threats facing him or her and makes a diagnosis (and a prescription) on that basis. Threat modeling looks at what a person has to protect (her assets), who she has to protect those assets from (her threat), the likelihood that she will need to protect them, her willingness to do so, and the potential consequences of not taking precautions.
A teacher in suburban California doesn’t have the same set of online privacy concerns than a journalist in Palestine. And the kinds of steps the teacher might take to protect his personal photos from nosey students and their parents are quite different from the precautions the journalist might take to protect her anonymous sources from being identified by the government.
Some us don’t want our Internet browsing habits tracked by companies like Google and Facebook. Some of us don’t want the NSA reading our emails. But without enumerating our threats and our assets, it’s easy to choose tools that are inappropriate or unnecessary to the task at hand.
The schoolteacher probably doesn’t need to PGP-encrypt his email or run every privacy-enhancing app and plugin, like Nemati did in his privacy hipster phase. The journalist might find that taking the time to use PGP gives her peace of mind.
Click headline to read more--
Via Chuck Sherwood, Former Senior Associate, TeleDimensions, Inc
![Passwords, Security and the Future of Authentication [#Infographic] | Education & Numérique | Scoop.it](https://img.scoop.it/01oTHxppmZ_3fPHqQEL0czl72eJkfbmt4t8yenImKBVvK0kTmF0xjctABnaLJIm9)
