The Secure Communications Framework: Combining Impact with Adversary Capability and Motivation
The security threats against people looking to defend or enjoy human rights are as diverse as the people themselves. From threats like malware, phishing and spear phishing to real-world concerns such as device theft and border crossings, understanding all of the threats in detail and comprehending what situations require which practices and tools is something only the most devoted experts can aspire towards. At the same time, traditional models for information classification are inadequate in today’s environment of nuanced threats and Internet-enabled, global communities and organizations. Amnesty International and Mozilla have created The Secure Communications Framework, a pragmatic framework that allows individuals to leverage what they know -- what they are working on and their operating environment -- to determine a set of safe practices and tools for their specific situation. Whether you are an activist combating police bias in the Americas or a researcher working on labor in the Middle East, this security framework enables individuals to place their work on a grid that illustrates the risk to individuals and organizations as well as the capabilities and motivation of competing actors. It isn’t until this grid is completely drawn by those individuals most knowledgeable about the situation -- those that are living it -- that digital and operational security experts should have any voice in the conversation. After the map of work, risks and actors has been completed, best-of-breed security tools and rational practices are then applied to a small number of large sections of the framework. During this workshop, participants will build an understanding of the Secure Communications Framework from Amnesty International and Mozilla. We will go through an interactive activity where each person places their work on the framework based on their understanding of their non-technical situation. Then we will discuss appropriate practices and tools for each portion of their work. We will then discuss shortcomings of the Secure Communications Framework and how it could be more simple, appropriate or actionable. This security framework exists for the community in the open and be available for adaptation and modification as desired by anyone. During the session, we will also share how individuals can contribute to the framework.
|The Secure Communications Framework: Combining Impact with Adversary Capability and Motivation|
|Bio/s||Tim Sammut is currently a Ford Foundation and Mozilla Open Web Fellow working with the Technology and Human Rights team at Amnesty International's International Secretariat in London. In this capacity, he utilizes his many years of networking and security experience to bolster the technical capabilities of the organization and create technical functions and resources for the human rights community outside of Amnesty.|