Canadian Journalists for Free Expression (CJFE) is holding a free, full-day, hands-on workshop on October 29th, 2017, to instruct in practical ways to strengthen digital security for journalists and human rights activists. The training will help to ensure that individuals and organizations have the knowledge and tools required to use the internet and associated tools securely, facilitating the crucial public-interest work that they perform on behalf of Canadian society.
See below for the full program and the trainers who will be joining us.
Digital Self Defence Workshop Agenda
Threat modeling (Floh + Gen)
Information security is great -- but do you know what you’re protecting? This session will give you an introduction to the questions you should ask yourself before jumping into specific tools. We’ll introduce the concept of threat modeling, talk about some common scenarios, and how one might defend against them. We’ll also dig into some basics about how the internet works that have huge impact on how security tools might work -- and how they sometimes don’t work.
Practical security strategies for journalists (Olivia)
This session will serve as an introduction to digital security in the context of fearless, adversarial journalism. Now more than ever, storytellers of all stripes bear the brunt of a rapidly proliferating surveillance state wrested by government, corporate, and criminal entities. How, then, can we use technology to defend ourselves against digital threats both large and small?
Grounding basic tenets of digital security preparedness in scenarios in the field, the presentation will provide participants with the knowledge to make informed decisions about their own digital security needs. Together we will talk about strategies and tools that will empower our journalism as we navigate the hurdles of source protection, risky research, and file management.
- Understanding of, and appreciation for, differing applications of encryption in networks
- Comfort with a framework for selecting tools for secure communications
- Development of an individualized “low-hanging fruit” digital security practice
Organizing, Activism, and Rights in the Digital Age (Julian + Will)
This workshop outlines some of the major technology based challenges to organizing and activism that have emerged in recent years including digital infiltration, monitoring with the purpose of preemptive derailment, and flooding/issue distortion. These challenges are framed with examples drawn from first-hand experience and analysis of recent events surrounding various social movements. This culminates in the suggestion that tech literacy is extremely important for contemporary social movements. Finally, the facilitators provide an overview of some active techniques that can be deployed by activists and organizers to overcome these challenges in advance their causes.
- Understand the importance of tech literacy in social movements
- How to protect oneself and their right to free expression and assembly in a public sphere
- Understand the direct and indirect threats that arise when states and reactionary social actors weaponize free speech against journalists, activists, and the public sphere
- How to deploy information technologies not only to protect themselves but actively pursue their aims
Afternoon small-group workshops
Encrypting A/V: Strategies for Securing Audio and Visual Footage (Olivia)
Capturing the perfect moment on camera requires skill and experience. The same can be said for protecting that footage once it’s been written to a memory card. In this presentation, participants will work through a series of scenarios that photojournalists, documentary filmmakers, and activists typically face as they rally for accountability through the use of audio and visual media.
In doing so, we will discuss file encryption, cold storage encryption, mobile security, and operational strategies for file sharing.
- Knowledge of options for file encryption
- Knowledge of strategies for secure archiving
- Introduction to mobile security and documentation
- Strategies for sharing and deleting sensitive A/V footage
Tor, secure web browsing, and anonymity (Sukhbir)
The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.
Tor Browser lets you use Tor on Microsoft Windows, Apple MacOS, or GNU/Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained (portable).
In this workshop, we will discuss secure web browsing and how to maintain your anonymity online using Tor and Tor Browser. This will be an interactive workshop and we will walk through these tools so please feel free to bring your devices (laptop and/or smart phone).
Best practices for high risk reporting (JM)
Journalism is publishing what someone else doesn't want published; everything else is public relations, George Orwell said. Today powerful people who don't want something published will go to great lengths to prevent you from publishing it--including hacking and stalking journalists, breaking into your home, gaslighting, blackmail, threats, physical intimidation, assault, kidnapping, even murder. If you're a national security reporter facing down a nation-state adversary, or if you operate in a conflict zone or region of the world where corrupt, ruthless people will stop at nothing to prevent you from doing your job, then this session is for you.
- Learn how to develop a security mindset
- Understand how technical tools (Tails, Qubes, etc) fit into the context of high-risk reporting
- Understand that journalism security is a political problem first, and a technical problem second
Mobile security for Android and iOS (James)
The Mobile Security Workshop will present the current threats facing users mobile devices and the data they send with them. The workshop will go through a list of attack vectors with the appropriate matching defenses to protect against them.
- How to secure and minimize cloud data
- An understanding of Android and secure Android ROMs
- Overview of iOS and protecting iOS devices
- An understanding of how the broad geopolitical context can affect your digital security
Physical security and desktop security for Windows and OS X (Geneviève)
The security of your team and friends is only as good as your weakest endpoint. That ancient Windows PC that you often leave unattended in a café -- that’s probably it!
What are the different ways your computer could be compromised? We’ll talk about encryption -- what it is, how and where to use it -- and about physical security We’ll demonstrate a few vectors an attacker could use against your devices, and review some best practices and desktop PC hygiene.
Targeted attacks, phishing, and response (Etienne)
In this session, we will speak about the different type of targeted threats you should consider as journalists : different types phishing attacks (email, text messages) and drive by download attacks based on real-life examples. The second part will be to speak about solutions against these threats : how to spot phishing emails, how to open untrusted documents, 2 Factor Authentication, passwords and passphrases.
Cops and borders: device searches and the law (Lex)
Journalists and human rights defenders often face disproportionate scrutiny from government, which makes it particularly important to understand your legal rights when dealing with law enforcement and border officials. Together, we’ll explore questions like: “When can my phone or laptop be searched?" "Do I have to provide a password?" "Can the government ask for access to my social media accounts?” and "Do I have to hand over my camera to a police officer at a protest?"
This workshop will provide legal information that leaves participants with a better understanding of digital device and electronic data searches conducted by government authorities. It will also help participants understand the legal implications of their technical choices.
Florencia Herra-Vega - Peerio
Florencia Herra Vega is an excitable generalist who loves trying to break down and explain complex technical problems. As the CTO of Peerio, she wrangles distributed systems, distributed teams, and trying to make end-to-end encryption usable to humans. In addition to her career as a developer, she has also spent the past decade running popular education programs on topics ranging from sexual health to introductions to coding. She likes to take a harm reduction approach to digital security.
Olivia Martin - Freedom of the Press Foundation
Olivia Martin is a Digital Security Fellow at Freedom of the Press Foundation. A graduate of NYU's Gallatin School of Individualized Study, her professional work focuses on researching and delivering digital security trainings to journalists, activists, and human rights defenders. She has spent years in newsrooms as a designer and editor with new media and student publications, and uses this experience to aid in assessing the evolving needs of journalists in today's media landscape.
Geneviève Lajeunesse - Crypto.Québec
Geneviève Lajeunesse has been working in the interactive media world for nearly 10 years. She is a producer, strategic analyst and educator in the Quebec library system. She provides logistical and technical support to independent Quebec media and is involved in community networking (mesh networks, community WiFi access). Her fields of interest are intellectual property, the internet of things, Big Data, biometrics and surveillance. Previously a columnist and researcher for television and radio, she became involved in Crypto.Québec to defend the interests of citizens in order to build a freer world.
Sukhbir Singh - Tor Project
Sukhbir Singh is a software developer in the applications and community team of the Tor Project since 2012. He graduated with an Master of Mathematics (Computer Science) from the University of Waterloo where he was part of the Cryptography, Security, and Privacy (CrySP) research group.
Lex Gill - CCLA, Citizen Lab
Lex Gill is the Canadian Civil Liberties Association’s Advocate for the National Security Program. She is also a Research Fellow at the Citizen Lab at the Munk School of Global Affairs, a former Google Policy Fellow at the Canadian Internet Policy and Public Interest Clinic, and a former researcher and affiliate at the Berkman Klein Center for Internet and Society at Harvard University. She holds a B.C.L. and LL.B. from McGill University’s Faculty of Law.
James Donaldson - Copperhead
James Donaldson is CEO and co-founder of Copperhead, a team of information security researchers, forensic analysts, and software developers who produce a hardened, source-available version of the Android operating system named CopperheadOS. He also runs Toronto Crypto, a non-profit privacy advocacy group that promotes personal operational security.
J.M. Porup is a national security reporter, and operational security expert for journalists doing their jobs in high-risk environments. He reported from Colombia for four years during the civil war, where he was stalked by the secret police for his opposition to the so-called war on drugs. A programmer and security-focused sysadmin in Melbourne, Australia for many years, he spent spring semester in residence at Harvard University as part of the Berkman Klein Assembly 2017, a cybersecurity incubator that prototyped new security tools. In June he attended UOttawa's National Security Seminar for Journalists. He's based in Toronto. See JMPorup.com
Julian von Bargen - C4 collective
Julian von Bargen is a doctoral candidate in the Department of Political Science at York University (Toronto). He is interested in media theory, political economy, information/knowledge, infrastructure, institutions, power, computation, and the philosophy of technology. His current research examines the competing political struggles over and contradictions inherent to the informational restructuration of the Icelandic state known as “the Switzerland of bits.” Julian is a founding member of the Console Cowfolk Computer Club (C4).
Will Jaques - C4 collective
Netochka b3t4 (Nee Will) is a PhD candidate at York University in the department of political science, a high school teacher, and a founding member of the Console Cowfolk Computer Club (C4). Netochka's research interests include culture in cyberspace, ontological anarchy, contemporary social movements, the thought developed by Guattari and Deleuze, and the relation between aesthetics and politics. Their dissertation is tentatively titled Subjectivity in Cyberflux: Phenomenology and Crypto-anarchism.
Etienne Maynier - Citizen Lab
Etienne is a security engineer passionate about issues related to security and digital surveillance. He has worked on penetration testing and incident response for several years, and is now honing his focus on analyzing and better understanding how technologies are used to spy on citizens. Etienne believes in creating and fostering a robust public debate on privacy and surveillance issues. Etienne is a Researcher at Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, focusing on projects like measuring Internet filtering and network interference and investigating malware attacks.