Don’t Gamble Your Safety! How journalists and activists can assess risks online and in the field

This webinar addresses challenges that arise when crossing the often invisible lines between physical and digital spaces and how this can affect your work and aspects of your private life alike. Journalist and security researcher Dimitri Bettoni talks about the practical needs and the ethical dilemmas that journalists and activists face while shifting between the offline and online dimensions of their work.

Do you think that there is a disconnect between your offline and online work environments? Are you often looking for safety methods, tools or tips that apply to your digital research / investigation, and yet for more “tangible” solutions to keep you safe during field work? How do you anticipate your threats, and how do you assess and address risks related to your work?

When shifting between digital and physical spaces, hidden threats also spill from one realm to the next. If not anticipated and addressed these can have a significant impact on the work and safety of journalists, activists and others gathering and communicating information as evidence.

Through the lenses of threat modelling and risk assessment, this webinar discusses the practical needs of switching between online and offline spaces as well as the ethical dilemmas that may arise and that journalists and activists have to face in their work.

In brief, the webinar addresses:

  • the practices of 'threat modelling' and 'risk assessment’ and how they relate: when does a threat become risky?
  • the ethical dimensions of threat modelling (prior identification of threats);
  • the opportunities that come from participatory risk assessment and mitigation activities;
  • useful approaches that can be applied to various contexts, across “the offline and the online.”

Speaker

Dimitri Bettoni is a researcher at OBC Transeuropa and the Institute for Future Media Democracy and Society (FuJo) of the Dublin City University. His research focuses on surveillance technologies and cultures, both as a threat and opportunity for journalism, while exploring the intersections with topics such as disinformation, safety vs security, collaborative networks. He worked as a correspondent in Middle Eastern and Balkan countries, and he is a founding member of the Foreign Media Association in Turkey. His twitter account is: @DimitriBettoni1

Moderator: Léopold Salzenstein

Léopold Salzenstein is a freelance investigative journalist and researcher focusing on climate change. His work has been published in various online media, such as The New Humanitarian, Mongabay, The Third Pole and Climate Home News. Leopold has a Master’s degree in Disaster Risk Management and Climate Change Adaptation.

About the Organiser

Tactical Tech is an international non-profit organisation that engages with citizens and civil-society organisations to explore and mitigate the impacts of technology on society. Exposing the Invisible is a Tactical Tech project that develops resources, training and collaborations promoting investigation as one of the most important forms of public engagement.

Article: Participatory Threat Modelling in Hybrid (Online / Offline) Contexts

by Dimitri Bettoni, OBC Transeuropa

Outline: This article examines a participatory approach to threat modelling and risk assessment as an effective and ethical methodological framework for strengthening our collective security when conducting research or investigations online and offline. 

Field Versus Digital Risk Assessment and Security for Investigators

Our world is swiftly changing: the line between the digital and the physical is turning blurry, as physical objects are being plugged into the digital stream and vice versa. Increased reliance on digital technologies opens new prospects to our physical world, as well as challenges.

For investigators, this opens up new opportunities, but since it is also uncharted territory, it carries along new threats and risks. When shifting between digital and physical spaces, hidden threats spill from one realm to the other. If not anticipated and addressed, these can have a significant impact on the work and safety of journalists, activists and others.

This article examines a participatory approach to threat modelling and risk assessment as an effective and ethical methodological framework for strengthening our collective security.

The Main Concepts We Need to Understand  

Before diving in, let’s set a common ground of relevant words and concepts.

  • What is a threat?

A threat is a malicious event or actor that may negatively affect our investigation. This negative event can be intentional or unintentional, such as a hacking attempt or adverse weather conditions. Threatening actors are also labelled “adversaries” in the security jargon. They will be scanning for vulnerabilities, and opportunities to exploit these vulnerabilities.

  • What is a vulnerability?  

A vulnerability is a weak spot in our structured activities (research, communication, movements, data sharing, etc.), tools and resources that can be targeted by an adversary. A vulnerability can be a flaw in the software of our phone, a fallacy in our travel planning, or a moment of particular psychological distress experienced by one of the people involved in our investigation.

  • What is a risk?  

Risk is the possibility of harm occurring due to the fact that vulnerabilities can be easily targeted by adversaries. Risks are what we try to mitigate or neutralize to make our investigation as safe as possible.

  • What is threat modelling?  

Threat modelling is a family of activities that aim to improve security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent or mitigate the risks posed by threats (see more: Victoria Drake “Threat Modeling“: https://owasp.org/www-community/Threat_Modeling). When we start building our threat model, we lay down a list of all things that can potentially go wrong, and we implement measures to mitigate the damage that can stem from them.

We need to bear in mind that our threat models are not static. Rather, they change over time as the conditions around us change. Therefore, threat modelling is an activity that continues over time, until and even beyond the completion of the activities we have set for ourselves.

Read more about threat modelling and assessment in the “Holistic Security” manual published by Tactical Tech: https://holistic-security.tacticaltech.org/chapters/explore/2-8-identifying-and-analysing-threats.html

  • Hybridity

The concept of hybridity is characterized by complexity or mixed-ness, rather than simplicity or purity. When applied to our physical-digital environments, hybridity represents the results of the interactions between the digital and physical creating an overlap between these worlds.

 \ Hybridity applies to our multilayered identities as well. When building our threat models, let’s look at ourselves and the people around us as complex beings wearing different “hats” (identities) at the same time. One can be an investigator, a trainer, a mother, a friend, a victim and more – some, at the same time.

  • Ethics

Ethics is the discipline of dealing with what is good and bad, moral duties and obligations, regulated by sets of moral principles or values. An ethical approach to threat modelling implies that we should take into account many interacting moral principles. For instance, we need to consider how our plans and actions may affect others (from work partners to sources, family, etc.), to avoid causing harm to others while caring for ourselves, and to be inclusive and culturally sensitive, among many others. 

  • Participatory methods

Participatory methods refer to approaches that enable people to engage actively in all the decisions and activities that affect their lives. These methods can be used at all stages of an investigative project, including threat modelling: people are involved in collective assessment, analysis, decision-making, planning, implementation and evaluation.

A Participatory Approach to Threat Modelling

People’s practices are shaped by both privilege and oppression 

Participatory threat modelling is a practice which empowers actors that usually have a passive role in traditional threat modelling. The investigators are no longer in the role of single-handedly  detecting threats, vulnerabilities, risks and determining mitigation measures. A participatory approach draws its strength by applying concepts of intersectionality and inclusion, and aims to expose and address “the power relations that lurk under the trappings of expertise” (source Kindon, Pain, and Kesby; Stephen Kemmis, Robin McTaggart, and Rhonda Nixon “The Action Research Planner: Doing Critical Participatory Action Research”, 2014: https://doi.org/10.1007/978-981-4560-67-\   2 – as quoted in  “ReCONFIGURE: Feminist Action Research in Cybersecurity”, a report co-authored by the Reconfigure Network, p.9.)

By adopting a participatory strategy, the investigator includes all the interested actors, harnessing the potential of several minds working together on a common threat model that will benefit from this collaborative approach to the standard threat modelling activities, such as threat definition, prioritisation, and mitigation.

Participants are invited to define their own threats, and collectively discuss and implement the measures to defend themselves, bringing in traditionally marginalized and excluded experiences, for instance related to gender, ethnicity or sexuality.

A participatory approach also counters the idea of tech determinism and tech solutionism: the temptation of finding solutions to all problems through the deployment of technologies. Tech solutionism leads to a poor understanding of what mitigation strategies are best to address the complexity of a threat model, and it precludes legal, economic, political or cultural realistic and viable strategies.

Participatory approaches to threat modelling limit the role of technological biases, and expose issues such as patriarchy, racism and sexism as inherently encoded into technology, often reproducing existing forms of oppression under the false belief of a claimed technical neutrality.

In an ethical participatory approach, security ceases to be the privilege of an individual and becomes a collective duty. As such, consider threat modelling as a periodical, healthy form of caring for the others, or even a way of life. Prioritise people over results, implementing practices of informed consent, of collective decision making such as the ones related to the hybrid spaces where both the threat modelling activities and the investigation happen.

Let’s not forget that participants in this process may not always feel comfortable with their direct engagement. People involved in our investigation may have intimidating and overwhelming experiences, leading to practices of avoidance. It’s our duty to create safe spaces where it is possible for participants to speak freely about their feelings, and where to address all the forms of arising discomfort and concern.

Basic steps when conducting participatory threat modelling

Whether you are conducting threat modelling and risk assessment with / for your organisation or various collaborative projects you undertake, these are the basic steps and actions you can undertake:

  1. Identify the participants of your threat modelling and risk assessment activity / session. Every time you add someone, ask this individual to repeat the process and expand the network to other interested parties, collectively defining or modifying the boundaries of the involved group.
  2. Invite the participants to one or more discussion groups to define what they perceive as security threats, vulnerabilities and priorities: what they want to protect in their life, what makes them feel unsafe, and what parts of their security they wish to improve.
  3. Implement tangible steps to improve each individual’s practices during support sessions.
  4. Repeat these steps periodically to update the threat model. Remember, threat models are not static!

The Metaverse: Uncharted Territory 

\ The metaverse is often described as a fully digital environment accessed through virtual reality technologies. It is not quite so: the metaverse is indeed one of the highest expressions of a hybrid world, a virtual space that is capable of having impact on physical life and interacting with our physical reality. As these worlds (digital and physical) multiply and expand, both opportunities and dangers arise for investigators navigating through them.

  • “Undercover journalist witnesses abuse in metaverse”, BBC, 23 February 2022 (https://www.bbc.com/news/av/uk-60466557): “She noted that when another user touches you, the hand controllers vibrate, creating a very disorienting and even disturbing physical experience during a virtual assault.”

In journalism for example, the metaverse includes hybrid worlds that are multiplying and generating innovative forms of news-making through immersive reporting: the possibility of the audience / user to role-play a particular story from multiple points of view. Models of journalism were experimented in virtual spaces since the early stages of the metaverse evolution, one that witnessed the establishment of virtual newsrooms and forms of publications such as web sites, blogs and even virtual-world newspapers covering the events generated by users through their avatars.

The degree of interaction between the physical world and the digital world in a hybrid space determines varying levels of threats. For instance, does the higher degree of immersion typical of the metaverse imply a harsher impact on our psychological well-being, when it comes to traumatic experiences?

Of course, the metaverse is an object of investigation per se and journalists and researchers have been exploring the dangers stemming from the hybrid metaverse. Gendered and racialised vulnerabilities pose risks of hybrid location-tracking, bullying and doxing activities, or even virtual groping and gang-rape events. Additionally, flaws in the physical and digital architectures as well as legal and policy implications behind the metaverse often result in inadequate understanding of the threatening events that occur in it, and consequent failure or unwillingness to take action.

Talking about architectures, many metaverse threats are the outcome of the surveillance capitalism business model, built on the collection, storage, and harvesting of user data for profit. There are therefore threats and risks related to the surveillance capitalism model that need to be taken into account when planning an investigation in this hybrid dimension.

A hybrid metaverse where our hybrid identities meet and interact also foresees reputational risks. Questions such as what reputational damage can come from a hybrid environment, how this damage flows to and from our interlinked (physical-digital) spaces, are all aspects that need to be explored when collectively building our threat model. For example, can a naming-and-shaming event that occurs in the metaverse turn into a violent virtual aggression that will impact our physical world?

Another factor to put into consideration while threat modelling is language-related risks and threats. Resources are not only full of technical language, but mostly produced in English, and therefore not accessible for speakers of other languages. A participatory approach helps in tearing down language-related barriers by promoting a Multilanguage approach to security.

Keep it Ethical

Many of the risks that we have considered are not exclusive of the metaverse domain. Indeed, at the current stage, the metaverse is the environment where risks and threats that belong to the hybrid worlds are taken to their extremes. Therefore, it can be seen as an ideal ground for testing participatory threat modelling.

An ethical, participatory approach to threat modelling is, at the end of the day, an attempt to make our investigation not only safer, but also more just. By building an inclusive security framework we aim for social change. This approach has an effect on the quality of the results that we produce with our investigation and, as a cascade effect, on the hybrid worlds we live in.

This event is part of the Collaborative and Investigative Journalism Initiative (CIJI) project co-funded by the European Commission under the Pilot Project: "Supporting investigative journalism and media freedom in the EU" (DG CONNECT).

This text reflects the author’s view and the Commission is not responsible for any use that may be made of the information it contains.

First published on September 7, 2022

A product of

Tactical Tech

Connect

Previous projects