Security and Privacy
Sara Rasmussen
Overview
“Security” holds multiple, varied meanings: Digital information security intersects with personal, physical, and financial security and overlaps with personal, political, and economic issues. With respect to digital tools and systems, security seeks to achieve confidentiality, integrity, and availability for all users. Security manifests within technology as a stand-alone product, such as a password manager, but more often it is embedded within everyday technologies. Security becomes especially important with respect to Internet-connected devices. It is a necessary consideration when connecting to a network and engaging in online activities, such as logging into accounts, sending email, securely banking, shopping online, or sharing personal information on social media.
Privacy, according to NYC Digital Safety, is “the extent to which one’s personal data is observed, shared, revealed, exploited, or misused in digital spaces and systems, such as the Internet and the ability to exercise control over that personal data.”[1]
Through participant observation and participatory action research, Seeta Peña Gangadharan studies digital literacy programs at libraries and community centers serving marginalized groups. Gangadharan found that new internet users, while optimistic about the potential of the internet, encounter a “privacy-poor, surveillance-rich experience,” and come to feel a “sense of inevitability” that if they use the internet, they will eventually experience a breach of their privacy and security.[2] At the time of the study (2012-2013), Gangadharan found that these programs barely covered topics of security and privacy, and moreover, instructors were unable to sufficiently answer the questions of program participants. Gangadharan warns that, through our analog social systems, marginalized communities have historically been “watched by default,” which feeds into the experience of using the Internet. Gangadharan further notes that, even while being offline is rarely an option, being digitally included “means participation in the potentially harmful consequences arising from inappropriate and asymmetric flows of information.”[3] This highlights the tension between the necessity and the risks of digital participation.
From their origins, the disciplines of information security and privacy have focused on technical solutions to such risks. This traditional approach either assumes users to be expert technologists, or identifies them as “the weakest link” in the security chain.[4] Security is implicitly designed with an “expert user” in mind, but that’s regularly not the reality. Because security and privacy are most often attributes of a technological product, rather than its primary purpose, they are inherently embedded into larger and more complex systems. This makes the topics of security and privacy nearly impossible to isolate; they must be carefully considered with respect to broader digital skill-building efforts and within the user’s and community’s context.
Moreover, security and privacy awareness are not inherently linked to digital literacy: It is possible to use technologies in a variety of ways without accounting for the threats they present. And likewise, it’s reasonable that non-users of a particular technology may choose this path for their own security or privacy-driven reasons.
While the concepts are often abstract, security and privacy are critical facets of community-centered explorations of digital technologies. For a brief introduction, watch Carrie Anne Philbin’s Crash Course Computer Science video on Cybersecurity. Below is a curated list of resources on security and privacy, segmented by audience.
Curriculum for Young People
Common Sense Education from Common Sense Media
- Intended Audience: Families, kids, and educators
- Quality content, broken down by age group.
- Provides activities for kids, readings for parents, and lesson plans for educators.
- This nonprofit is affiliated with Comcast.
- Looking for lesson plans? Common Sense offers this overview of “23 Great Lesson Plans for Internet Safety.”
Protecting Children’s Privacy Online – A Guide for Parents, Carers and Educators from CompariTech.com
- Intended Audience: Families and educators
- A long but comprehensive article containing both safety strategies and specific instructions for families in protecting their kids.
My Future from The Boys & Girls Club
- Intended Audience: Kids
- The interactive features are only available to members of the Boys & Girls Club, but the training modules provide good inspiration as well as links to relevant free online resources.
- There are resources on privacy, online presence, trolls, bullying, etc.
Civic Online Reasoning from Stanford University and MediaWise
- Intended Audience: Ages 10-20
- The curriculum includes 30 free lessons and is accompanied by short videos for teachers.
- The modules are for educators to teach students fact-checking and how to evaluate online sources. According to the website, “The lessons and assessments that make up the curriculum provide students with opportunities to apply fact checkers’ questions to real-world examples.”
- Topics covered: Wikipedia, social media, and determining how real a website is, with practice opportunities built in.
Resources for Adults
TechBoomers
Intended Audience: Targeted to older adults, but good for everyone
TechBoomers provides a general resource for adults who want to learn to use technology and covers many aspects of safety, such as:
- Privacy settings on social media
- Online shopping safety tips
- Tutorials on popular websites and apps
- What is the cloud?
- Data privacy law
Oasis Connections
- Intended Audience: Similarly targeted to older adults
- Quick and easy to watch videos with tips on navigating the internet safely, this series covers a lot of topics with broad relevance beyond the specific concerns of older adults.
Surveillance Self-Defense from the Electronic Frontier Foundation
- Intended Audience: Adults
- An extremely comprehensive collection of how-tos as well as more detailed explanations of how information security and privacy works.
- Popular guides include how to create strong passwords, how to enable 2FA, how to use encrypted text messaging, and how to secure your social media presence.
- The writing can get a little technical, but they include a glossary, so when you see an unfamiliar term, you can hover over it and get a definition.
Resources for Educators
Cyber Safety for Schools Fact Sheet from Readiness and Emergency Management, U.S. Dept. of Education
- Intended Audience: Educators and school administrators
- Provides a summary of online safety concerns, legal and policy considerations.
- Provides guidance on planning for online threat incidents that impact students.
- Links to further learning resources (some are a little outdated).
NYC Digital Safety from the New York Public Library
- Intended Audience: Designed for a librarian audience, but useful for anyone teaching these concepts to others
- Quality video series to “train the trainers.”
- Starts at the basics, and covers internet technologies, online data collection, account security, tracking, scams, and malware.
- Features quizzes for readers to test their learning.
- Includes an extensive bibliography of news articles and more educational resources at the end of each “chapter.”
Workshop Facilitation Tools
These are all-in-one toolkits for people who want to lead workshops to educate coworkers or community members on digital safety.
Stronger NYC Communities, Organizational Digital Security for Immigration Justice from the Mozilla Foundation
- Intended Audience: Organizational leaders and facilitators; for example, school administrators, especially those who work with immigrant communities
- This website provides everything you need to run a digital security workshop (facilitator guides, participant workbooks, resource guides, etc.).
- From the workbook: “The Stronger NYC Communities (SCNYC) project was designed to advance the digital security capacities of community-based organizations that work directly with immigrant populations.”
- The purpose of this resource is to “support organizations to implement organizational security.”
Digital Defense Playbook from Our Data Bodies, available in English and Spanish
- Intended Audience: People connected to and working closely with families and the community
- A tool for communities to discuss and explore what online internet use, and subsequently data collection, means to them.
- This workbook, published as a zine by Our Data Bodies, contains popular education activities intended for nonprofits and community groups to use for reflection on data, surveillance, and community safety in their particular context. Through sharing these resources, the authors develop the argument that all groups (formal or informal) should be aware of and concerned about how data about the community is collected and used.
Go Deeper
Ready to explore further into the history of security attacks and preventive mechanisms? Here are two more videos from Carrie Anne Philbin’s Crash Course Computer Science series:
- “Privacy and Security in the Library,” NYC Digital Safety, accessed June 10, 2020, https://nycdigitalsafety.org/module/privacy-and-security-in-the-library/. ↵
- Seeta Peña Gangadharan, “The Downside of Digital Inclusion: Expectations and Experiences of Privacy and Surveillance among Marginal Internet Users,” New Media & Society 19, no. 4 (April 2017): 597, 605. https://doi.org/10.1177/1461444815614053. ↵
- Gangadharan, “The Downside of Digital Inclusion,” 608. ↵
- Mary Ellen Zurko and Richard T. Simon, “User-Centered Security,” in Proceedings of the 1996 Workshop on New Security Paradigms – NSPW ’96 (Lake Arrowhead: ACM Press, 1996), 27. https://doi.org/10.1145/304851.304859. Matt Bishop, Introduction to Computer Security (Addison-Wesley Professional, 2004), 1. ↵
