Week 5 -- threat modeling!

Eva’s talk was a great expansion on the concept of “threat modeling”. How did the readings expand on what Eva talked about? How do you think you could use this strategy in library instruction or in talking to patrons? What are some threat models you feel like you’ve already encountered in your library community? Have you seen any of the ones that came up in the readings?

Still working on the readings and your pointers Alison, but I thought that folks might be interested in checking out the Risk Assessment tool that the Data Privacy Project put together. It mixes some of the vocabulary/tools from this week and week 3.

1 Like

Practical resource with non-scary vocabulary - thanks!

One specific threat model we encountered in our community was related to undocumented library patrons. I understand we’ll discuss this more in the upcoming weeks, so I’ll just mention a couple things! Given the threats to undocumented patrons, the library stopped collecting information about the photo IDs that people presented to get their library cards. Now library staff merely note that they checked a photo ID without recording any information about what type of ID it was or any information on the ID itself. I also attended a training about threats faced by undocumented people. The biggest threat seemed to be that a person would be arrested and their information would be entered into a law enforcement database that ICE has access to. This caused many people to refrain from driving, as they were afraid they could be involved in a driving-related infraction/crime that would put them in the computer system.

I haven’t discussed threat models regarding domestic violence directly. A few months ago I had a reference interaction with a patron who was conducting research on whether her ex-partner would be able to buy a gun in Oregon given his criminal history related to assaulting and stalking her. Were a similar interaction to come up again, I might ask the patron about her concerns about protecting personal info/data and some possible strategies to do that.

Glad to hear that the library took immediate action to protect those patrons. The law enforcement database you mention is definitely among the threats that undocumented people face. At the end of week six (on Tuesday the 17th) we’ll hear from Franklin Bynum, a criminal and immigration attorney, who is going to help us connect immigration and criminal issues (since in week 7 we’ll talk about law enforcement surveillance).

That’s such a scary scenario. I can imagine a person in that situation being so unnerved that they might not think about other ways to keep themselves safe from their abuser. Helping show them 2fa and a few strategies to avoid phishing and malware could not only help keep them safer but I imagine would certainly help give them peace of mind!!

I was in a lecture with @howard and the Director of Cybersecurity for the Electronic Frontier Foundation asked someone to define metadata. Did I dream that? Have I died and ascended to Library Valhalla? No, that happened for real, and it was gnarly. That I’m so excited about that makes me feel like a big nerd.

More serious concerns: privacy nihilists and privacy vegans are very useful language. I had never heard those terms before. As concepts, they are funny and relatable. I dropped “privacy vegan” in a meeting and everyone got it.

I thought it was interesting when Galperin asked for risks we’re all like malware / crappy ads and her examples were murder / prison / murder (friends & family) / prison (friends & family).

I think it was in this lecture that Yubikeys came up. Here’s a relatively easy to follow lecture about how they work and with links to cheaper ones if you want to play around: https://www.youtube.com/watch?v=vv11XMG5UJg

1 Like

I’m finding that all these weeks and lectures are blending as one.The terms privacy vegan and privacy nihilist also resonated with me. Yesterday, in our staff meeting, I shared the data detox from week one with staff and referred to Eva’s lecture from week 5. The week 4 assignment was to share the talking points but I shared the data detox instead because this is what felt most relevant to share with staff at this point in time. (our staff meets monthly and this was our first meeting since I started LFI). Staff members were excited to start on the data detox – one person said it’s exactly what she needed. Since we haven’t done much privacy training in our branch I’m sharing with staff so we can start sharing with patrons. I hope it’s okay to jump around with the assignments. I’m finding that I need to spend a significant amount of time with the weekly material to absorb it and share it so I’m not really doing the assignments in a linear way.

@Rebekah @librarianbryan, the privacy vegan/nihilist language has been useful for me too. Although, I did get into a conversation with a friend/privacy advocate who is actually a vegan, and who justifiably rolled their eyes at the metaphor. But, we did get to talking about firm ethical lines – veganism can be a way of reducing the complexity and moral ambiguity and creating a framework for decision-making, to say essentially, the world is messed up and I have to participate in the world, but I will not do that. It did make me think about how unclear I am about my own lines, when it comes to privacy.

Bryan, you’re in Nerdtown now. Welcome.

That’s how I felt the first time I heard her use it too (this was back in 2016 when April Glaser and Ithrew a little privacy conference for librarians at Noisebridge. Sure, not everyone falls on this binary, but it is illuminating to think about archetypes as a way of understanding the landscape.

lol yeah

yes PLEASE amend the assignments to whatever is most relevant to you. think of my assignments as suggestions.

That’s a great way to put it Kelly.

I felt super jazzed after that meeting with Eva and felt more confident about helping others with threat modeling. But after reading the readings, I’m knocked back a little about what I can actually help people prepare for. Particularly:

From: https://www.nytimes.com/2018/05/19/technology/phone-apps-stalking.html

“Victims’ advocates said they noticed after the case that makers of surveillance tools changed their tactics, sometimes moving computer servers overseas or scrubbing explicit language about spousal spying from their websites. ‘As soon as these companies caught wind that they shouldn’t be doing it, they just changed their marketing,’ Ms. Olsen said.”

I am happy to teach patrons how to threat model, but I guess a big part of it would have to be teaching them how to adapt the threat model to changing threats. I worry about developing strong, relatable content, but also, how do I imbue it with the overall fact that whatever they learn with me in that moment will surely change (possibly very soon)? Eva said something ~“people who are afraid don’t bring their best selves to the room; try to train for where people are at, not where i want them to be.” I want to try to keep that in mind, but not sure how stress the on-going nature of this work without making people afraid. I probably sound afraid myself at this point. I’m sure my own sensitive feelings about this will calm down. Just in a weird place about it right now, I guess.

1 Like

@kellymce, thanks for sharing this perspective. My wife is a privacy vegan and I used to think she was a bit over the top in her desire to not have an online presence, but over the years I’m starting to get it. Except it doesn’t always work smoothly – her work/school uses Facebook and other social media sites to communicate and so it’s a constant struggle. I’ve definitely been lax with privacy and my online presence, more of a borderline nihilist I think until recently. I guess the terms are a bit charged. They have been helping me to think about privacy in a different way, though.

1 Like

It’s true. Threat models change. Think about how many peoples’ threat models changed when Trump got elected. Actually right after the election, EFF ran a huge ad in Wired, addressed to the technology industry, saying exactly that: https://supporters.eff.org/donate/eff-wired

It can feel daunting to keep up, given how hard it is to get people even to make just a few small changes. But the thing is, even those few small changes (passwords, awareness about malware, etc) can cover a lot of ground for ANY threat model.

Remember that we’re aiming for harm reduction. Let’s imagine a patron with a serious threat model like a stalker ex. If all you do is help her with better passwords and some help avoiding malware, you’ve gotten pretty far. Most of those stalking apps require the user to click a malicious link in order to make the thing install in the first place. Help the patron think through her own threat model, too (if she feels comfortable sharing it with you!). If there are signs in her life that her stalker is still present, she may want to regularly back up the data on her phone that she knows is safe (photos and contacts) and then delete the apps and reinstall the operating system from scratch. If her situation is ongoing, she may want to do this every few months or twice a year.

I totally understand. I make myself anxious all the time thinking about how serious some threat models are, and how much work is required to really make things safe for people. When that happens, I try to remember that harm reduction is achievable and it matters. And it also reminds me why I started Library Freedom Project in the first place – if every library taught privacy and librarians became better equipped to advocate for a better internet, we could absolutely change things.


Ah! I have so much to learn! All good to know.