12:15pm - 1:45pm PST

Digital Learning Commons, Design Space

Middlebury Institute of International Studies at Monterey

Description: With the increasing complexity of our digital environments and networks, we believe it is important for people working in and across international contexts to protect themselves from the increased threats of surveillance and harassment. DLINQ & WIIS’s CryptoParty aims to explore these threats through discussion and help protect people who are or who are planning to be on the front lines of international security and development initiatives, as well as those who may work with and support marginalized communities.

Event Outline

12:00 - 12:15 Sign-In, Get Settled

12:15 - :25 Welcome, Rules of engagement, Networking

Introductions & Ground Rules

Be excellent to each other

No harassment tolerated

Permission to ask silly questions granted

Honor the vault of confidentiality

Other people’s keyboards are lava!

Informal Networking

12:25 - :40 Threat Modeling Discussion

<aside> 💡 The United Nations Declaration of Human Rights, Article 12 No one shall be subjected to arbitrary interference with [their] privacy, family, home or correspondence, nor to attacks upon [their] honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.


Threat Modeling & Risk Assessment (5 mins)

<aside> 💡 A way of thinking about the sorts of protection you want for your data so you can decide which potential threats you are going to take seriously. It's impossible to protect against every kind of trick or adversary, so you should concentrate on which people might want your data, what they might want from it, and how they might get it. Coming up with a set of possible threats you plan to protect against is called threat modeling or assessing your risks. https://ssd.eff.org/en/glossary/threat-model



<aside> 💡 Risk is the current assessment of the possibility of harmful events occurring. Risk is assessed by comparing the threats an actor faces with their vulnerabilities, and their capacity to respond to or mitigate emergent threats. https://safetag.org/guide/#section1.5


<aside> 💡 In computer security, risk analysis is calculating the chance that threats might succeed, so you know how much effort to spend defending against them. There may be many different ways that you might lose control or access to your data, but some of them are less likely than others. Conducting a risk assessment means deciding which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about. https://ssd.eff.org/en/glossary/risk-assessment


Discussion: Threat modeling personas (7 mins)