Security Education in Uncertain Times: 2017 in Review
From the time Donald Trump became president-elect in November 2016 and through 2017, EFF was flooded by requests for digital security workshops. They poured in from all over the country: educational nonprofits, legal groups, libraries, activist networks, newsrooms, scientist groups, religious organizations. There are a few reasons for this rise in digital security training requests. Certainly, the 2016 election made a lot of communities rethink their relationships with the U.S. government. At the same time, a rise in high-profile stories of groups being hacked, often using increasingly sophisticated methods, left many of those groups feeling vulnerable.
It doesn't work to drop into a roomful of people you've never met before and have no connection to, spend a day teaching them security basics, and then leave, never to interact with them again.
We've also seen a marked increase in technologists hungry for opportunities to share security advice in their communities, with their friends, and with groups they support. We heard from people who'd unwittingly become the de facto source for security education in their communities, but didn't have the right structure to teach effectively. We heard from nonprofit professionals who wanted to start offering security workshops in their spaces but didn't know how. And we heard from people who really wanted to help out but just had no idea where to start.
When thinking about how we'd respond to this new demand and what value EFF could provide specifically in the security education space, we kept coming back to one point: the solution isn't to fly around the country hosting digital security trainings. It doesn't work to drop into a roomful of people you've never met before and have no connection to, spend a day teaching them security basics, and then leave, never to interact with them again.
Our conversations repeatedly brought us to the effectiveness of training from within: learning security from a friend will be more effective than learning from an outsider. You can ask more honest questions and have deeper discussions. And when something goes wrong, you won't call an organization in another city across the country for help; you'll call your friend.
We thought about what an alternative model for teaching digital security might look like, and where EFF and EFF supporters could uniquely add value. Influenced by human-centered design methods, we wanted to make sure that what we created was informed by a thorough understanding of these problems and the space, and that it complemented the many wonderful digital security resources already out there. The Security Education Companion came out of this long journey.
We began by conducting informal interviews at conferences and on calls, where we spoke at length with dozens of US-based and international digital security trainers and practitioners. From late 2016 through July 2017, we asked trainers a loose series of questions, including:
“What is the starting point for a security training?”
"What are the hardest things for participants to learn in a security training? What do participants tend to misunderstand?”
“What is the fundamental knowledge that people should have coming out of a security training?”
We facilitated two webinars with the Electronic Frontier Alliance and learned more about the digital security training scene in various cities around the US. These conversations with trainers helped us to assess what seasoned digital security trainers are already doing, what kind of resources they are using, what kinds of resources are missing, and where more guidance is needed for newer teachers of digital security. We learned that many trainers use our Surveillance Self-Defense resources to inform their training, and we learned where trainers felt that these existing resources fell short. We shared these comments back with our SSD team, and we have worked hard to address these concerns.
We decided to narrow our audience to new teachers of digital security who would be teaching to their friends and neighbors.
Here at EFF, we were turning those findings into our new approach to security education. We compared and discussed existing resources on pedagogy, educational resources for new teachers, end-user focused digital security resources, and existing methods for teaching digital security. We tested out our draft security education materials and teaching approaches in our own digital security events, reflected on how they could be improved, and iterated on them. We looked through all our incoming training requests, created sixteen personas based on these requesting groups, and used these personas to help inform the beginnings of a curriculum. We also created a tone guide, requirements for our writing (such as striving to meet Simple English constraints), a glossary for our new terms, and guidelines for our graphics and materials to make it easier for end users to remix and localize them. We decided to narrow our audience to new teachers of digital security who would be teaching to their friends and neighbors.
When we had enough data to begin making materials, we used it to create twenty inclusive digital security learner personas and trainer personas. We used these personas to help us organize and prioritize what advice we felt was important to share with new teachers, what materials they might need for a basic digital security workshop, and lesson modules. As we designed the educational materials and the structure of the website, we shared our materials with a group of internal and external digital security trainers to test our materials with learners, collected feedback from their experiences, and made adjustments to our educational materials. We also began sharing our resources with a group of trusted digital security practitioners, and solicited feedback.
The Security Education Companion is growing and improving, and we are excited to share it with beginner teachers of digital security. Through 2018, we will continue to work hard to ensure that the Companion improves on the existing collective body of training knowledge and practice. Read our Security Education 101 articles and try out the lesson modules with your friends: we’d love to hear how they worked out.
This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2017.