On digital security training, propaganda, and what happens when you’ve been working from the US to digitally protect activists abroad, and suddenly you’re asking them to help protect your neighbors at home.
For those that don’t know, Aspiration is a phenomenal SF-based nonprofit that specializing in holding space for important and difficult conversations around digital strategy, be it for volunteer labor organizers in the Central Valley or professional activists in Amsterdam. They run workshops around the world, and have established a remarkable network of passionate, kind, and brilliant people. But their signature event is the Nonprofit Technology Developer’s Summit (DevSummit), and they hosted their 13th iteration in Oakland this week.
There’s something inherently special about DevSummit. Most visibly, it’s diverse af, with the best genuine LGBT representation I’ve ever encountered. But it’s more than checking the boxes for age, skin color, gender expression – every participant is there because they want to challenge themselves to center identities that are not their own. That just feels special, and it doesn’t take long to pick up on it, embrace it, and want to share it with everyone you meet the rest of the year.
I also had the pleasure of being Aspiration’s Lead Technology Strategist in 2015. I’ve been to more than a few DevSummits and other Aspiration events, so I earlier this month, I confidently assumed I knew what to expect – some sticky notes, lots of energy, and a packed format to optimize knowledge transfer.
So given the thing that happened last week, the vibe was impacted somewhat. The opening go-round is usually something like a bunch of kids excited to see each other after summer break. This one was different. People had mostly moved past shock and fear into anger and anxiety. But everyone was ready to get to work.
Digital Security Trainings
My first instinct, and I suspect the instinct of many others, is that I can offer some support for people that want to operate more securely (be it for personal risk or as solidarity). But now that the risks are a bit scarier, there’s even more pressure to worry about screwing it up.
My question going in was a more naive “what training do I need” and “how do I contend with very confident assholes (who sometimes do it wrong)”? So I was interested to see the people I look to for answers scrambling themselves to give better answers on a more massive scale.
- Tactical Tech’s Security-in-a-Box training is four years old. When training materials go online, how do we maintain them for relevancy? How do we built in “Best By” dates?
- “Threat modeling” is both scary and foreign to a lot of people. But if you’re a young black man, you already know something about navigating risk every time you go outside. “Risk management” and “harm reduction” may be more effective framing.
- Many trainers operate in a very colonial (or at least self-centered) mindset, and focus on bringing people to “where they are.” This contradicts the whole “find out what the individual needs are” thing. Instead, trainers should focus on getting themselves to understand where people are, and where they’d like to go.
- One-off trainings are attractive to trainers for logistical reasons, but less effective over the long run for the people being trained. Instead of learning a bunch about security and then sprinkling it over different networks, consider committing to a specific cause and making yourself available as a security resource when the group is ready for it.
- The previous point tied back to a session led by Suzi Grishpul on being a good ally: Don’t show up and expect to be put to work. Having managed volunteers, I can vouch that it can be almost as much work managing volunteers than doing the work yourself, and not every organization is set up to accept “free” labor. Don’t walk in and ask “what can I do”, but “is there something I can do.” Same goes for security – make your whole self available, and if you build trust and the need arises, your support will be far more successful.
- Three very incredible participants (Rachel Weidinger, Cooper Quintin, Matt Mitchell) already authored and published a new guide for trainers, based on the discussions we had. It’s definitely work checking out, and keep an eye out for more evolutions in thinking around centering and longevity in digital security trainings.
In something of an Aspiration tradition, I was asked to lead a more creative session: designing our own propaganda. We started by brainstorming phrases (open to even the artistically challenged!). Some highlights:
- Literally Just Don’t Be Nazis: Come On
- Security as Solidarity: Install Signal
- Support Planned Parenthood: It’s UterUS, not UterYOU
We had some crazy talented people, and though I didn’t grab as many pictures as I should have, here are a couple highlights.
HURIDOCS and Uwazi
Continuing my tradition of getting up in every good org’s business, I was a spokesperson for HURIDOCS during the demo round. Their usual (and beloved) DevSummit participant couldn’t make it, so I spent an hour pitching their new document management system Uwazi (Swahili for “open”).
The demo session was new to me at DevSummit, so I was surprised how many people were interested in talking about case law. But, of course, if we spend so much time talking about collecting and sharing records, it makes sense we’d inevitably have to curate and analyze them.
Honestly though, if there’s a highlight to the session, it was being reminded how hard core I learned to be while working with Aspiration. Like the post office, not rain not snow nor terrible wifi will stop me from giving a presentation.
Stepping outside to tether off my phone, I preloaded a window full of tabs to mimic walking through the Uwazi site. It worked great, until naturally, a very nice guy accidentally clicked on a link, without wifi, causing the tab to get stuck on an empty page. Before he could finish apologizing, I switched to another screen with… a complete duplicate set of pre-loaded tabs! I had tabs on tabs! And a full set of screenshots, as further backup. (Former) Team Aspiration does not play!
As usual, I find DevSummit equal parts humbling and inspiring. I’m humbled that there are so many people that know more than I ever will, but inspired that there are such brilliant and kind people doing things that rarely get praised and are essential to protecting our liberties. I’m finally registered for a National Lawyers Guild observer training, and making plans to make more plans with more people. The next four years are going to be exhausting, overwhelming, and discouraging at times, so I count this is a success for now.