MozFest 2017

 

Keeping Safe Spaces Safe and Secure

Allison Ivey - learnallthetime.org

Robert Friedman - mozilla.org

Bill Fitzgerald - funnymonkey.com

Matthew Frymire

Session Date and Time: 29 October, 4:30 PM
Location: Level 6 - 602
Etherpad: https://public.etherpad-mozilla.org/p/privacy-security-spaces
Hashtag: #mozfestprivacy

This presentation is licensed under a CC Attribution Share-Alike license.

We Are

Allison Ivey

 

learnallthetime.org

 

Robert Friedman

 

mozilla.org

 

Bill Fitzgerald

funnymonkey.com

Matthew Frymire

 

And you are?

Why This Session? Why Now?

Successes?

 

Over the last 6 months?

Over the last 12 months?

Etherpad: https://public.etherpad-mozilla.org/p/privacy-security-spaces

Challenges?

 

In the next 6 months?

In the next 24 months?

Etherpad: https://public.etherpad-mozilla.org/p/privacy-security-spaces

What Resources Would Be Helpful?

Etherpad: https://public.etherpad-mozilla.org/p/privacy-security-spaces

Scenarios

Scenario One

You are the responsible adult for an activity with children after school. You've been using your personal phone to collect parent contact information for children. When you came into the school today, you noticed immigration and customs enforcement officers parked outside. You're pretty sure some of your students are undocumented or have complicated residency status.

What do you do now?

Etherpad: https://public.etherpad-mozilla.org/p/privacy-security-spaces

You can go back in time 12 months.

Etherpad: https://public.etherpad-mozilla.org/p/privacy-security-spaces

What preventative steps do you take?

Scenario Two

You are doing a review of the contact information for the youth who participate in your club. While doing a search, you discover that a document in your Google drive is included in the search results. When you check the file, you notice that the folder’s permissions (who is allowed access to it) have been altered so that all the contents in the folder are publicly visible. This folder contains spreadsheets that contain both personal contact information and health information about students.

What do you do now?

Etherpad: https://public.etherpad-mozilla.org/p/privacy-security-spaces

You can go back in time 12 months.

Etherpad: https://public.etherpad-mozilla.org/p/privacy-security-spaces

What preventative steps do you take?

Scenario Three

Your phone rings, and when you pick up you are speaking with a concerned parent who has just received a threatening email about his child. You reassure the parent and promise you will look into it.

 

You check your email, and have a message that demands a ransom or more parents will get more messages. The ransom note also specifies that the author has accessed contact, medical, and educational information.

What do you do now?

Etherpad: https://public.etherpad-mozilla.org/p/privacy-security-spaces

You can go back in time 12 months.

Etherpad: https://public.etherpad-mozilla.org/p/privacy-security-spaces

What preventative steps do you take?

Risk Assessment

  • What do you want to protect?

  • Who do you need to protect it from?

  • How much energy is required to protect it (implied question: is it worth it)

  • What protections are currently in place?

  • What are the consequences if the protections fail?

Personal
vs/and Organizational

Impacts can include

  • Compliance issues
  • Headlines (usually local, sometimes national)
  • Parent complaints
  • Social media attention
  • Degraded connectivity/network performance

How does this
impact the
trajectory of youth,
and their families?

Things We Can Do Today

Personal Tech Inventory

  • What do you use?
  • What do you use it for?
  • What does it know about you?
  • What does it know about your friends?

Personal Risk Assessment

  • How "private" do you want to be?
  • Who are your least private friends?
  • We are all in this together

For better and worse.

Clean up our browsing

  • Blocking trackers
  • Blocking javascript
  • Rethinking how we search
  • Prioritizing browsing
  • Browser personas
  • Tor
  • VPNs

Clean up our
mobile devices

  • What apps do we need?
  • What permissions do they require?
  • What data do they collect?
  • Turn off bluetooth, wifi, location
  • Reset advertising IDs

Make a plan

  • Do today

  • Do this month

  • Do in six months

Write it down. Make it measurable. Revise as needed.

Map the Personal
to the
Organizational

Check Your Organization's Breach Notification Plan

Resources Available at:

Closing/Q and A

MozFest 2017

By billfitzgerald

MozFest 2017

  • 404
Loading comments...

More from billfitzgerald