Flyer for a CryptoParty in Santiago de Chile, 2014: a grassroots endeavour to introduce the basics of cryptography. alpuerto/Flickr. Some rights reserved.The UK government has recently released its Digital Strategy. In it, the government calls for the enhancement of “digital skills”. Although the document leaves it open in terms of what these skills would encompass and require, the call for more technical abilities is not per se amiss. In fact, the call for digital proficiency and training is more than overdue and of particular importance when looking at the academic realm.
As a Postdoctoral researcher working on the intersection of technology and security, I have previously in both academic and media outlets emphasised the need for a change in our academic practice. My concern lies not in our ability to code, operate the computer terminal, or jam with the console cowboys in cyberspace, but most fundamentally in our ability to secure research data, communicate with colleagues and participants safely, and self-critically employ digital tools. The latter may be – due to various reasons – tampered with, censored or monitored.
It is a concern that is amplified due to the transformation and expansion of security and surveillance practices. Additionally, with society’s increasing shift to digitisation, ranging from our reliance on online search engines to the advancement of the Internet of Things (IoT), academics – just as many other professions – should think more carefully about these aspects.
In research, incautious use of digital tools cannot only impede on the security and privacy of researchers and students, but more worryingly participants and their next of kin. A criticism is therefore the lack of focus that is given to digital skills in the academic curriculum. While in many instances university students and staff are being educated in ethical dilemmas as well as in the methodological practices, the issue on how to protect their research data is often missing.
Incautious use of digital tools cannot only impede on the security and privacy of researchers and students, but more worryingly participants and their next of kin.
I acknowledge that many universities nowadays provide technical solution for the secure storing, handling and analysing data, pertinent when crossing borders for conference or research trips and to be compliant with national data protection laws.
There are also fantastic resources that have been set in place by various digital rights groups such as the Electronic Frontier Foundation or Access Now. Even though not always specific to the needs of academics, they do provide some foundational overview of the skills and techniques needed to ensure that security and privacy rights are upheld.
Nonetheless, in many instances the emphasis is still on the individual. It is up to oneself to find, understand and make use of supporting material and online guidance. It is up to oneself to learn about those tools and know how to operate them. And it is up to oneself to think about the foundations of Internet security or threat modelling. There is, to the best of my knowledge, no large-scale institutional attempt to include these aspects into the academic syllabus. Having recently submitted a project-related ethics application, I vividly recall the rather tedious process of reading website after website to find answers to some of my technical questions.
For students and staff less familiar with these concerns and institutions, this can become particularly challenging.
It was exactly this feeling of helplessness and lack of clarity when working on my PhD that resulted in the setup of a “CryptoParty” in Belfast. Startled by the sheer breadth of online information and the missing institutional training on the subject-matter of secure data storage and communication, I was seeking help from more knowledgeable people that could guide me through the process. I ended up finding likeminded people who were not only willing to run those sessions with me, but made me learn to value the inherently educatory element of these meetings.
CryptoParties are not new and neither unique. They form an existing format of decentralised events taking place all across the world. They are hands-on session in which anyone interested in learning about basic encryption tools and the fundamental concepts of their operation can be taught from others who are already familiar with these respective methods.
The meetings allowed me to address knowledge gaps that were not institutionally resolved, and were and indeed still are a means for me to keep up-to-date with ongoing technological developments. Additionally, due to their format, they can also create a community that can be prosperous for academics, journalists and activists alike and may function as a hub for people to share concerns and techniques.
CryptoParties are not necessary the panacea – neither for the lack of formal security and privacy education nor the rise of surveillance overall – but they might be a temporary relief to help students and staff to learn about these tools and processes. One can incorporate them as part of ethics or methods course or include them in programmes of national and international conferences; guidance on how to run them and organisations who might support them do exist.
CryptoParties can thereby not only allow to spread information about ‘best practices’ in a time where various levels of digital skills are needed, but help raise awareness and foster critical thinking on the changing climate in which surveillance and censorship prevails. Thus, bring out your laptop, get your students and/or your professors, and let’s CryptoParty!
The next CryptoParty in London will take place on Friday, 28th of April 2017, 5:30pm – 8:00pm at IDEALondon (69 Wilson St, London EC2A 2BB). For more details and links to Cryptoparties in other geographical areas see the official website: https://www.cryptoparty.in/london