Originally posted by Kit O’Connell
Threat modeling is a fancy term for “knowing how to protect yourself in different situations.”
This is a draft document which will become part of an upcoming zine on security for activists. Your feedback and constructive criticism is welcome.
The idea of “threat modeling” originated in the military before being adopted by security experts. While the field includes many advanced concepts that don’t interest us here, threat modeling can help us get a handle on our personal security choices. In an age of mass surveillance, choosing what steps to take can feel overwhelming. For a lot of people, it may feel easier to do nothing at all than worry about protecting yourself online.
Unfortunately, even if you think “you’ve got nothing to hide,” many of us are still vulnerable: to government repression, to police brutality and surveillance, and to threats from fascist forces. Even if you’re completely safe, your social networks might be used to target other people close to you. You might not even be aware that someone near you is taking actions that make them a target for surveillance.
Because of the many ways our digital lives are inherently intertwined, it’s important to remind people that we are responsible for each others’ safety and privacy. — “The Harm Reduction Approach,” EFF’s Security Education Companion
Threat modeling helps us understand that while the government may be collecting data on almost everyone, they’re unable to actually spy on every individual in the U.S., much less on planet Earth. Governments, police forces, and hackers are not all powerful, even if they all want you to think so.
Threat modeling for activists: Key questions to ask
At its core, threat modeling is about examining your situation and asking questions. Here are some key questions to ask:
- What do you want to protect?
- Who do you want to protect it from?
- How likely is it that you will need to protect it?
- What are the likely consequences if you fail?
- How much trouble are you willing to go through in order to try to prevent those?
Apply these questions to each action, situation, or plan you and your comrades make. It’ll help you figure out how cautious you need to be.
One problem is that humans aren’t always good at threat modeling. We often think we’re safer than we are. The flip side is thinking we’re under so much danger and threat we refuse to act. We might even behave more recklessly than necessary because we think a situation is hopeless. This is where it becomes important to consult with your trusted comrades, allies, affinity group or any computer security experts you know.
When in doubt, aim to be more secure than you think you need.
Applying threat modeling to activism
It should immediately be apparent that the answers to these questions vary depending on the situation and the task at hand. It might help to think about a number of hypothetical situations. Electronic Frontier Foundation, in their excellent Surveillance Self Defense Guide, asks readers to imagine protecting a home from burglars.
In my classes on security, I typically use two contrasting examples of direct actions: a banner drop near a highway at rush hour, and a multi-day occupation/shutdown of a building. These two actions form a kind of spectrum from “low risk” to “high risk.” The amount of planning, effort, people involved varies dramatically between each action. Obviously, many protests and actions fall somewhere in between, but I think it helps to think about two extremes.
A banner drop involves perhaps three people at most during the actual action. The activists involved will make their banner, scout out a location, tie it off at the appropriate time, and leave. The police are unlikely to expend very many resources to prevent a banner drop from occurring. The consequences of getting caught are relatively low, in most cases.
By contrast, our building occupation, involves dozens or even hundreds of people, and weeks or even months of planning. Depending on the tactics used, more severe legal consequences are possible. If this occupation succeeds, it will be a major disruption to business as usual. That means the police and other officials will be willing to go far to keep it from happening.
By applying threat modeling, we can see that we’ll need to take much stricter precautions for a building occupation than for a banner drop. The same questions can help us determine our best course of action both for computer security (protecting our devices) and offline operational security (protecting our comrades and planning meetings from infiltration).
More tips for threat modeling
It’s better to start being safer now and protect your information before it becomes necessary. If you end up the target of hostile people, whether that’s government agents or neo-nazis, it’ll be much harder to change your habits and hide your data after the fact. Also, as I said above, surveillance often involves spying on people near the actual target.
For example: maybe your main form of activism is feeding impoverished people in the park. But someone in your group, unknown to you, is also taking radical direct action to shut down fossil fuel infrastructure. It might be easier for feds or cops to spy on your friend through your food sharing group, than through your friend’s anti-pipeline affinity group. By taking steps to protect the security of your “low risk” group, you’re also protecting everyone involved. Along those lines:
- Establish a safer baseline. Protect your devices. Start using encrypted messaging for more of your everyday communication. Take protest planning off of Facebook. Begin to establish better security habits day by day while things are relatively calm.
- Turn up your security when necessary. Once you’ve established a safe baseline, it’ll be easier to take more extreme steps to protect escalating actions.
- Consider not sharing. Use offline and low tech methods for sharing information. Think about leaving your phone at home.
- You’re only as safe as your weakest link. Be very careful who you invite into your affinity groups, your group chats, and your trusted circles both online and off. Even if you don’t end up inviting an undercover cop into your circle, it only takes one person who doesn’t know when to stay quiet to ruin your operational security.
Some of these steps are beyond the scope of this article. Check out the resources below for more.
Other resources
- Computer Security For Activists & Everyone (Oh Shit! What Now? October 2018 Class)
- Surveillance Self Defense (Electronic Frontier Foundation)
- A 70 Day Web Security Action Plan (Candace Williams)
Threat Modeling For Activists: Tips For Secure Organizing & Activism by Kit O’Connell is licensed under a Creative Commons Attribution 4.0 International License.
Based on a work at https://kitoconnell.com/2018/10/22/threat-modeling/.
Kit’s patrons made this post possible. One generous anonymous sponsor asks that you support Austin Pets Alive! with your time and money.