In recent years, the “safe space” idea has been stretched (link 2, link 3) nearly beyond recognition, transforming the concept from a tool for protecting minority populations from bigotry into a strategy for insulating various communities from each other. And as our lives increasingly take place online, this transformation has also been reflected in the digital sphere (link 2). Concerns over digital “safety” (including privacy and security), however, are especially acute for women and Muslim Americans. And as the nebulous state (link 2, link 3, link 4) of government data collection of its own citizens continues to evolve and during a time when hate speech online is reaching unprecedented levels (link 2, link 3), the scale of these intrusions and risks is certain to only grow in magnitude. In response, a number of projects and guides, are being rolled out to inform people of the risks and equip them with tools to protect themselves, such as Crash Override’s COACH, Note to Self’s Privacy Paradox project, and the EFF’s Surveillance Self-Defense Guide to name but a few.
In this issue, we speak with Cyber Communication Specialist Arikia Millikan, about why she started using digital security and privacy tools as a journalist and her recent efforts hosting CryptoParty workshops to teach people how to develop personal risk assessments and how to make use of increasingly broad-based and user-friendly tools to defend themselves.
We hope you enjoy this issue of Inclusion.Tech, and look forward to your ideas and feedback, growing our community, and together making the world a better place.
Savannah Kunovsky, & Claire Hsu
IT: What first got you interested in protecting your digital privacy/security? How did you take your first steps to protect yourself, and how have you updated your precautions over time?
Arikia: I was not always aware of the importance of information security. I became aware while working abroad journalistically, when one of my colleagues was reporting from a conflict zone. My editor asked if I could contact her, as she was in a timezone that was more aligned with where I was, so I reached out on Gchat, and said “Hey what’s up? What do you need?” and she responded by explaining, “I need you to not talk to me about this on Gchat. Here are some services where it’s acceptable, where you can communicate with me. So if you want to talk to me, use them.” I was taken aback at first because it sounded so alarmist, but having her take a firm stance about not communicating with me unless doing so in a secure way, got me thinking about the importance of incorporating it into our online lives.
IT: Having been alerted to the importance of information security, you’re now hosting CryptoParty workshops to help spread the word. When did you first decide to host CryptoParties and what has that experience been like?
Arikia: One of the key techniques we cover is threat modeling, as different risk profiles require the adoption of different types of measures and tools. Most people haven’t had to worry about this, but if for example you work in a place ruled by a government that says it’s illegal to say anything that could be perceived as negative about the administration, then it becomes more important. For people using Facebook to talk to family members and not much more, maybe they’re not at much risk. However, our networks are built so we can connect to our peers, and as we move to an increasingly globalized society, we may not know whether our peers are in a situation in which our communication could harm them. This is also a consideration in the U.S., where the domestic spying programs are largely obscured from public view and it’s unclear who is listening in on communications we assume are private.
As for CryptoParties, I had heard about them while living in New York, as I worked with a lot of people within the DIY and tech communities back when I worked at Wired, but I started to really become interested when I visited Germany last winter to attend the Chaos Computer Congress, which was attended by lots of people in the information security and privacy sector. It was there that I met one of the co-founders of CryptoParty NYC for the first time, and we got to talking. So when I came back to New York, we decided to co-organize one to help channel the momentum that people had generated around the election conversation and to empower them specifically with knowledge of cryptographic tools. Since the election, there’s been a kind of snowball effect of interest because tools are now getting more publicity, people are starting to adopt the stance that I started taking back in 2013 and that I take now, which is if you want to talk to me about something that someone may or may not have an interest in disrupting, do so on a secure channel. Save yourself trouble down the line. As for the tools available, the learning curve has become a lot more manageable to get a grasp on these new technologies. While I’ve had the opportunity to take the space to learn about these tools and meet the people building them and learn their value to society, most people just think encryption is something they don’t know how to do. Until quite recently the documentation for these products was very technical and created a barrier. But now I think the community is opening up and focusing on their UI so that the average person can use these types of tech in everyday life.
[A]ll online communications are built on trust. That all goes back to the trust that we place on individuals in face-to-face interactions.
TI: What advice do you have for individuals and companies that want to adapt to this new era of extreme surveillance?
Arikia: Everyone’s going to have to access tools based on their individual comfort level and state of urgency, but when you really think about it, all online communications are built on trust. That all goes back to the trust that we place on individuals in face-to-face interactions. In the case of browser tracking, you can install any number of programs to find out what information is being collected about you as you surf the web.
[E]nsure that private communication, which is crucial for them, remains just that.
As for bringing companies on board with encryption, once I became aware of the scope of the illegal surveillance programs in the U.S., I started to understand how unprotected most journalistic outlets are in terms of privacy and security, from my experience at the institutions I worked with directly. Ensuring privacy and security has never been a priority, and such efforts are largely motivated by the desire to protect institutions from lawsuits. Major outlets haven’t even been providing their own journalists with the tools that they need to protect themselves. The bigger a corporate media entity, the less likely they will be to change things to protect journalists. In general, media companies don’t worry about protection, they just worry about making money. After all, the main client is not the reader or the journalist, it’s the advertisers. Needless to say, this is very problematic, and I encourage people working within these institutions to pressure their managers to get them set up with encryption tools so that their sources don’t get exposed, and to ensure that private communication, which is crucial for them, remains just that.