USENIX Enigma 2023 - Working on the Frontlines: Privacy and Security with Vulnerable Populations

USENIX Enigma Conference
22 Feb 202323:21

Summary

TLDRSarah, a security expert, discusses the complexities of privacy and security for vulnerable groups like journalists, activists, and refugees. She shares experiences from workshops in New York, Lebanon, Myanmar, and Ukraine, highlighting the importance of context-specific security advice. Sarah emphasizes the need for technologists to be humble, question assumptions, and design tools with high-risk users in mind to protect human rights in the digital age.

Takeaways

  • 🌐 Sarah, the speaker, emphasizes the importance of context when discussing privacy and security, especially for vulnerable populations.
  • 🔐 In 2016, a security workshop for Yemeni refugees in New York highlighted the gap between security advice and the actual needs of the attendees.
  • 🌟 Sarah's background includes working with highly vulnerable populations in various parts of the world, focusing on protecting data and information.
  • 🏛 She was the CTO and VP of Security at the Open Technology Fund, which supports projects countering censorship and surveillance.
  • 🚫 The danger of a one-size-fits-all approach in security advice is underscored, as it can be ignorant or even dangerous for individuals.
  • 📱 Signal, a privacy-focused messaging app, is not always suitable or safe to use in certain regions, such as the Middle East.
  • 🌍 Vulnerable populations, such as human rights defenders and journalists, face unique security challenges due to their independence and lack of resources.
  • 🔒 Digital security and literacy are crucial for these groups, as they often work independently and under-resourced conditions.
  • 🌐 The intersection of physical and digital violence is evident in projects like Forensic Architecture, which investigates human rights abuses.
  • 🛑 Sarah shares examples from Egypt, Lebanon, Myanmar, and Ukraine to illustrate the complexities and challenges of providing security advice in different contexts.
  • 💼 Becoming a public interest technologist involves connecting with a global network of professionals dedicated to safeguarding human rights through technology.

Q & A

  • What was the main issue Sarah faced when providing translation support for the security workshop for Yemeni refugees?

    -The main issue was that the security workshop focused on topics like passwords and privacy that were not relevant to the refugees' immediate concerns, such as human trafficking and navigating the job market in a new country.

  • What is Sarah's professional background in the context of security and privacy?

    -Sarah is a security expert who has worked with highly vulnerable populations and targeted groups worldwide, providing advice on data protection, internet shutdowns, and circumvention technology. She was also the CTO and VP of security at the Open Technology Fund, which funds projects countering censorship and surveillance.

  • Why is a one-size-fits-all approach to security guides and training dangerous?

    -A one-size-fits-all approach can be dangerous because it fails to consider the specific contexts and needs of different individuals or groups, potentially leading to inadequate or even harmful advice that could put people's safety at risk.

  • What are some challenges faced by vulnerable populations in terms of security?

    -Vulnerable populations, such as human rights defenders, journalists, and activists, often work independently without the protection of a larger organization, lack resources for privacy and security, and have limited digital security literacy, making it difficult for them to recognize and protect against attacks.

  • How can digital attacks intersect with real-world physical violence?

    -Digital attacks can intersect with real-world physical violence when, for example, spyware infections are used to target individuals who then face violence or when online activities lead to offline repercussions, as shown by the patterns of incidents investigated by Forensic Architecture.

  • What was the outcome of the security training provided to an organization in Afghanistan?

    -The security training resulted in a chaotic situation where employees were locked out of their accounts due to hasty changes to their IT setup and the use of alternate services without proper understanding or access to reset procedures.

  • What are some ways to get involved in public interest technology work related to human rights?

    -One can get involved by attending conferences to meet professionals in the field, applying for fellowships or funding opportunities, and connecting with a global network of cybersecurity professionals dedicated to protecting human rights.

  • Why is it important to question assumptions when working on security projects for vulnerable populations?

    -Questioning assumptions is crucial because it allows professionals to understand the actual needs and contexts of the people they are working with, avoiding the imposition of solutions that may not be suitable or could even be harmful.

  • What does 'design from the margins' mean in the context of technology development?

    -Designing from the margins means centering and designing technology for the most high-risk users, considering the worst-case scenarios, and ensuring that the tools account for the needs of marginalized populations to avoid perpetuating harm.

  • How can harm reduction be applied in the context of security advice for vulnerable populations?

    -Harm reduction involves meeting people where they are, understanding their context, and providing advice that is practical and relevant to their situation, such as using familiar platforms like Facebook more safely rather than advising against their use entirely.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now
Rate This

5.0 / 5 (0 votes)

Related Tags
Digital PrivacySecurity WorkshopsHuman RightsCybersecurityVulnerable GroupsSignal AppSurveillanceCyber JusticeTech EthicsInformation Security