LFI.3: Week three discussion

Hi all, thanks for another great session yesterday! Here are some questions for us to consider this week:

  • How can threat modeling help us when thinking about privacy practices?
  • How might someone’s threat model have changed given the current pandemic?
  • What are your impressions of the privacy education tools linked in the readings?Something you learned, or something you note about their pedagogical approach, or any other thoughts you have.

I’m sad that this week’s content was so interesting to me as someone who teaches frequently, but I barely felt like I had the attention span to focus on it. I have increased appreciation of the what my “work husband” (who has ADHD) deals with regularly. I’m wondering how long it will take to adapt to this new normal and start being able to focus on things again.

There are so many concerning privacy issues that it frequently feels overwhelming and impossible to do anything about it. I think threat modeling allows people to think concretely about what data they actually care about being private, which is going to differ from person to person. They then can consider their relative risk and what it would take to secure that data. It’s concrete and simple and doable for most people.

I wonder if people’s threat models regarding their location data might change during the pandemic due to the increased awareness of how many people and companies already have access to their location data. I think when countries like China and Israel track their citizens, it’s easy to write that off because they are countries that have a history of curtailing freedoms in the name of national security. When you have mayors of major North American cities claiming that they are using everyone’s cell phone data to catch people violating the stay-at-home order (which later turned out not to be true) and companies are producing scorecards about how much people living in any county in the U.S. are traveling around, people are going to become more aware that their own phone is telling a whole lot of people where they are going.

Personally, my threat model around my browsing data on my work computer has changed. While my College’s IT policy does say that they can spy on what you’re doing on your work computer, it’s not something I have ever worried about because I know it’s not something they actually do. However, with everyone working from home now, I can imagine that administrators will be more concerned about whether their employees are REALLY working or not and they have an easy “in” to spy on their employees because of the IT policy. Also, my general trust in my College and my boss has decreased because of the terrible way they handled things before the College fully closed and their total lack of transparency. I plan to not use any social media or browse non-work websites on my work computer and use my home laptop for stuff like that. I just don’t trust the College at all anymore and I imagine many people are feeling equally disillusioned about their places of work and how valued they feel.

EFF’s educational tips were terrific! Their harm-reduction approach was a breath of fresh air. I really appreciated the focus on not stigmatizing bad practices and focusing on small, achievable tasks. I’ve seen people who have expertise in privacy practices shame others for their lax practices and shaming is never an effective motivator for change. The focus also on tailoring the privacy education to what the audience actually wants to learn about rather than telling people what we feel is important for them to know also really fits in with my general approach to information literacy instruction. I usually go into teaching info lit with a flexible approach that I tailor on-the-fly depending on where the class is in their research process (which often doesn’t match what the instructor tells me!). Also, I do a lot of problem-based and scenario-based teaching, so the focus on active problem-based learning rather than just showing people a bunch of tools resonates. And I love that each of their lessons (or at least the ones I read) has an activity so you’re not just the “sage on the stage” the whole time.

1 Like

Hi Week 3!

Alright - discussion questions!

  1. How can threat modeling help us when thinking about privacy practices?

Threat modeling definitely put into focus what is at risk. In most of our day to day the risk is in the data - the personal identifiers about patrons or even staff that we hold. Most of what the public library does, I think, in reference to threat modeling is find ways to protect the patrons. For instance, my public library recently installed privacy screens on the public computers in order that patrons might feel more confident that others were not staring at their personal information.

The interesting thing about the pandemic is that I think it’s shifted the threat modeling from data to humans. We are assessing ways that we can both avoid and serve the public at the same time - rethinking surfaces, cleaning, and really people are having to look into their hearts and assess their value on life. I recently went through a narcan training where the trainer described the act of saving someone from a drug overdose as a way to offer someone a second chance.

This belief seemed counter to what the current edict might be described as. Capitalism only wants you to be a number that participates in the workforce, pays taxes, and follows along the trail towards more investment and money for, probably, someone more powerful than you. Capitalism doesn’t give a shit about overdoses, it’s against market principles to max out on a mood altering drug (regardless of the fact that our system often times drives people to find chemical escape). I think in this light seeing humans as the thing that has to be protected in a threat modeling situation is not coming naturally to a lot of people. And it is certainly being debated. I don’t know, maybe I’m way off but there is an ethical emergency when we talk about threat modeling for a pandemic, even at the local library scale. This is a conversation worth having in communities.

I wish I would have had the privacy tools websites earlier! I totally could have used them for a class I teach at my library, but I have them now and will make use of them. End to end encryption and passwords are always the ideas I fall back on while teaching the internet safety class. Passwords are always kind of a hard thing to talk about because a lot of times when I’m working with the public they often times cannot remember their passwords, don’t have them written down, are often under stress because of any number of socio-economic triggers and then fall back on insisting they are ‘bad at computers’ - and it all started with passwords. There’s a lot of emotions happening all at once - there is a fair amount of talking the public off of a technological cliff before you can even get to the core of what your trying to tell them - this is definitely more prevalent with adult learners.

I feel you! I am definitely operating at half capacity on my best days.


We’ll also see a lot of people saying that this IS THE WAY WE FIGHT THE VIRUS. That’s largely unproven, especially when we haven’t taken the proven measures yet (testing, isolation, etc). It’s already happening, so we need to be ready to respond that authoritarian measures are not the solution and importantly, they will stick around after this is over.

Excellent point, and one that I know we will discuss during our April 6th lecture. I am working on the details now but I am hoping that Lindsay from EFF (who wrote their recent blog post about privacy and online learning environments) will be able to answer our questions about this.

God yes, lots of workplaces showing their priorities right now. Turns out, their priorities are not their workers!!!

Yes!!! You love to see it!

This made me think of the tweet that goes:

(you, dumb): we should pay workers more
(me, has taken econ 101): you see where this line meets that line? that’s why the poor should starve

I think this is a good framing. We are collectively watching as our leaders make a choice between a humanitarian response or an authoritarian response. Unfortunately, the latter is currently winning.

One of our weekend speakers will be helping us with transformative approaches to teaching privacy, recognizing how many of our community members have issues like what you just referred to, and figuring out how to teach while meeting people where they are and being trauma-informed and all that. We are experiencing an enormous collective trauma right now so this kind of approach is more important than ever.

I think this is one of the ways that threat modeling can help, because it breaks things down and makes it all more manageable.

I think threat modeling makes this whole process a lot more digestible, especially for people who might not have a ton of computer or security knowledge. “SECURITY” and “PRIVACY” can entail so much, so where do we start? I also like the way that EFF doesn’t just mention what/how/consequences, but also what are you willing to do? For some, that is not much. Taking that into account for your patrons is vital, because some people don’t care at all about their privacy online and care only about access. I’m sure we all have a story about this type of patron. I recently (obviously before closures) had to explain to someone that we didn’t have her information saved in our database anymore because she hadn’t used her library card in over a year and we wanted to protect her privacy, and she was angry that we didn’t keep her private information because she wanted to get on our public computers ASAP. We don’t have much basic computer instruction at the State Library, so I’d be interested to hear how/if other librarians provide privacy information in basic computer learning programs.

As others have sad before me, I think less people are thinking about their personal data and are now thinking more about public and personal health. I have heard absolutely no one discuss the privacy issues of Zoom and other video conferencing software outside of this course. I haven’t seen anyone nervous, for example, about how the government apparently keeps our banking information from tax returns accessible and on file so that they can provide us with direct deposit stimulus checks. All of the “what you need to know” articles have basically included calculators about how much we’re going to get, not criticism as to the government keeping this type of very sensitive information from the 2018 tax returns or generally where this money is coming from. When there is a crisis, privacy is the last thing on many people’s minds.

I found the Data Detox Kit a lot easier to understand than even the Basics page of SURVEILLANCE SELF-DEFENSE. Having something literally tell you: do this, do this, do this, as opposed to a more in-depth and generally theoretical approach was much easier to follow, and I consider myself pretty computer literate comparatively.

  • How can threat modeling help us when thinking about privacy practices?
    Through threat modeling, we learn and become more aware of security and privacy issues from different perspectives. individuals can use threat modeling tools to improve their security and privacy. Most importantly, there is no “one size fits all” approach so we see this tool as a way to help us understand other people’s perspectives in privacy and security.

  • How might someone’s threat model have changed given the current pandemic?
    As others pointed out, zoom/online learning can change the way educators think about privacy and security. Racial targeting is also consideration during the current pandemic. The threat model shifts greatly for those who may identify as Asian heritage living in the US, and possibly being harassed by other people and data tracked by the government – The government has done this before to Japanese Americans during World War II and with the Chinese Exclusion Act, so xenophobia is on the rise again. Someone’s threat model may include such vulnerable groups.

  • What are your impressions of the privacy education tools linked in the readings?Something you learned, or something you note about their pedagogical approach, or any other thoughts you have.
    I really enjoy exploring the Data Detox Kit, I plan to organize some virtual forums in my school for our teachers/staff to consider these options. I’m inspired by it. So many folks are using computers/phones at home, this is the perfect time to engage with them to safeguard their privacy.

This is such a great insight that I want to go deeper with! The piece about avoiding and serving at the same time has come up a lot in mutual aid conversations and projects that I’m part of. We’ve been trying to circulate this resource from british group QueerCare on transmission prevention while doing care and solidarity work. I feel weirdly grateful that this virus is not primarily circulating within or stereotyped to any one group now that it has community spread in the US. We have to keep repeating over and over that we’re not protecting a “them” from “us” or “us” from “them.” We have to treat it as keeping each other, and everyone’s web of relationships, safer.

Which of course makes me think about digital security and how easy it is to think about digital security as an individual project, and digital security lapses or getting phished, doxxed, subpoenaed, whatever as individual failures to adequately understand the situation and protect oneself. I appreciated how the EFF emphasized that your security is only as good as the most vulnerable component-- but so often we don’t have control over all the components, because so much of the reason we generate and store information is to share it, to transmit it, making digital security inherently collective.

Thank you!

1 Like

How can threat modeling help us when thinking about privacy practices?

I definitely appreciate frameworks like Threat Modeling. Threat Modeling gives me a sense of agency over my ability to act on my privacy. As an academic librarian, I could see the Threat Modeling framework as an add on to the ACRL Information Literacy Framework. I am not an expert on the new information literacy framework, but it seems natural to me to have something that addresses information and privacy in addition to the various elements that the information literacy, the ACRL framework, identifies.

How might someone’s threat model have changed given the current pandemic?
So I decided to use pandemic as a sample search during my switch to online information literacy instruction. As I began to do searches on pandemics, it became clear to me that data surveillance is an essential step to pandemic prevention and containment.

A simple search on Google using Big Data and COVID led me to the following articles below on China and Taiwan. Intensive data surveillance seems to be the defacto way of containing viral outbreaks. And now that national emergencies have been declared, will we see a strong move to consolidating citizen and non citizen data? Will we see strong partnerships between corporations and their social analytic data that will allow the government to track individuals in these ways? Our threat models may change significantly in the next few months. Reflecting on the quotes below, By its nature it’s always been the case that it is easier to track individual movements in an authoritarian regime, the idea that scares me is “how does this intense data collection technology amplify social control and power at the top?” Can this technology be implemented during a crisis, but be put back into a box when that crisis is over? I personally don’t think so. Can we construct democratic checks to this power? I think there can be. And it would be good to think about what that would look like.

Here are some disturbing quotes from these two articles 1 and 2:

  • “Taiwan integrated its national health insurance database with its immigration and customs database to begin the creation of big data for analytics. That allowed them case identification by generating real-time alerts during a clinical visit based on travel history and clinical symptoms.”

  • “All hospitals, clinics and pharmacies (in Taiwan) were given access to this information for each patient.”

  • "Households (in Taiwan) were grouped into wards, or sections, and a chief was named for each ward. “So [authorities] will say to the chief, ‘There’s a person under quarantine in your ward, why don’t you go check on them and bring them some food,’” says Wang. “In an epidemic, you have to be nice to people, otherwise they’ll hide their symptoms.”

  • Penalties for noncompliance with the temporary orders are steep. Profiteering off prevention products like masks, or spreading false information about COVID-19 [can bring a penalty of years in jail and fines over a hundred thousand US dollars] One couple was fined USD $10,000 for breaking a 14-day quarantine rule. Three Hong Kong visitors who “disappeared for a week” were tracked down, fined USD $2,350 each, and transferred to designated quarters for medical isolation, according to the JAMA report.

  • On February 7, AI company Megvii (in China) said it was working on a solution that “integrates body detection, face detection and dual sensing via infrared cameras and visible light” to help staff working at airports and train stations “to swiftly identify people who have elevated body temperatures”.

  • The Chinese government has arguably set up the most expansive and sophisticated surveillance system in the world. In addition to the real-name system - which requires people to use government-issued ID cards to buy mobile sims, obtain social media accounts, take a train, board a plane, or even buy groceries - authorities also track people using some 200 million security cameras installed nationwide.

What are your impressions of the privacy education tools linked to the readings? Something you learned or something you note about their pedagogical approach or any other thoughts you have.

I really like the Data Detox kits. I am actually trying to ditch my smartphone and replace it with my Nokia 8110, use Linux, and carry an Ipad for work-related things only. Using Linux only for work is really hard for me to do. And it is also really time-consuming to remove your digital footprint. I never bought into geotagging, and AI assistants, but I did buy into facial recognition tagging. I don’t know if there is a way to get rid of my facial recognition data. I also like the dice method in selecting random passwords! I didn’t have a dice, but I put six pieces of paper in a cup and reset some of my passwords this way.

Threat modelling and privacy practices
I love the harm reduction approach of threat modelling, and how it weeds out the static and noise of products and tools that can seem urgent. I also love that it demands an active relationship with privacy.
A big gap in the threat modelling resources that I have seen, even in the resources that people have posted on LFP is some foundational information on the range of threats that are out there, and the range of tactics that might be employed. Without a fair amount of background information, one’s threat model is only as good as what one already knows about or…can imagine?
Does anyone have a resource like this?

I appreciate EFF’s use of examples, but I think we need more!

Changing threat models under the pandemic:

So many great points have already been raised!

I’m sure the other public librarians on here are also thinking about surveillance, threat modelling, and the houseless community. There are a lot of people who used the library as their only internet usage point not just because of, say, not having a home with wifi, but also because of intentional choices of trying to stay low profile, under the radar, offline. People doing their own threat modelling and deciding that offline was better for them. Now I’m in conversations with people reassessing that choice-still deeply mistrusting the government, the internet, etc, but wondering if getting a smart phone to be able to see news that might impact their lives, or research options for getting resources that allow them to interact less with agencies and law enforcement is now “safer.”

Privacy education tools:

I agree with Alexandra. SSD offers what I think are great tools, but the tangle of pages, many of which have chunks of the same information on them, is stressful, and I already use many of the tools they are talking about!

But I really like a lot of their framing and language around tailoring a plan to your specific context, and ways they break down specific processes, especially their stuff on how encryption works.

I feel like EFF is a great resource for librarians, educators, and people who like computers, but Data Detox is much more general public friendly. I’ll selectively pull from EFF to use in educational programming, but I wouldn’t refer most patrons to it as a resource.

Point well taken all the emotions involved in teaching these concepts! I work in an academic library at a research institution, and I too consistently find myself talking folks off technological cliffs, and also providing the emotional support necessary for them to persevere in thinking through these various tools and concepts. One thing I’ve noticed is that no matter who you are, your interactions with digital tools and the Internet is usually a very solitary experience. People develop all kinds of little workarounds and habits in their daily digital lives, depending on their circumstances, and they aren’t used to talking about them publicly. There’s a degree of vulnerability and too often, shame, in doing so.

Threat modeling is incredibly helpful in thinking about privacy practices because it can help us not get overwhelmed. The goal isn’t necessarily to do everything (which is probably impossible anyway for most people), but to think carefully about your situation and what steps make sense for you to meet your particular needs.

The struggle I have with threat modeling, for myself but especially for new learners, are questions #3 and #4. Answering the questions “How likely are you to need to protect it?” and “How bad are the consequences if you don’t protect it?” requires a lot of background knowledge about the capability of various adversaries, and what is possible. Beginning learners don’t always have this, and honestly, it seems like the possibilities are changing all the time anyway. For just one example, you might not think that corporations having your shopping data, for the purpose of serving you personalized ads, is that big a deal. But if you knew that that data could be sold to Palantir, or that more detailed “pattern of life” analytics were possible, or that governments could get their hands on it, your feelings might change.
I would love to have access to better tools for performing threat assessments and for helping beginners do their own. The closest/best tools for this that I’ve seen are the “Security Scenarios” offered by EFF.

I am hoping we can address some of the specifics of this on our call with Abi today.

Such a great framing!

And you’d be right!

The problem is that we never effectively have. I hope you’ll ask Abi some questions about this today.

It’s a hard problem to solve! So many threat models are fairly unique, and things change, so having resources for a range of possible problems is challenging to keep up with. But maybe that’s something we can work on as a group for the final project?

So true.

A lot of what we are going to do here as a group is try to answer these questions together, and then be ready to answer them for our patrons.