Phishing. Government and corporate snooping. Weak passwords. And that time Instagram showed you an ad for something you and your roommate were discussing voice-to-voice the night before.
These are just some of the concerns that come up in the realm of personal digital security. Since the 2016 presidential election, fear, particularly among activists, has increased. Many of us are asking ourselves how we can tell if our personal information is safe from hackers, corporations and the government.
Tania Lee (at left in photo) and Slammer are two queer activists of color working in the technology fields who are trying to help folks answer those questions. They bring a unique approach to digital security, and a desire to help QPOC navigate their security processes. Lee started out in this field while working in technology project management for international humanitarian organizations, and she now works for a media company. Slammer dedicated 10 years to community development work through media justice organizing, event production, community research and radio production before transitioning into the tech sector through the Code for Progress fellowship.
Both have now developed a curriculum to help queer, trans and people of color identify digital security risks and action steps. Colorlines spoke to them in Washington, D.C., for this interview that is edited for length and clarity.
What was your path to digital security work?
Lee: I first started thinking about digital security when I was doing tech projects for international non-governmental organizations. I was working with different teams on the ground who were collecting data about refugee populations and internally displaced people. I learned a lot about surveillance, threat actors, privacy and security.
Slammer: I started thinking more about [personal digital security] when I started working with the Astraea Lesbian Foundation for Justice on their CommsLabs project, where I worked with LGBT organizations based in Kenya and South Africa. I particularly worked with folks who were trying to build or revamp websites for their organizations. Not every organization is comfortable with putting their office address out there. Not every organization wants a staff page. So what are the factors that you should consider to support people in doing their work but also be cautious and thoughtful around that?
Did you think about how these issues could impact you personally?
Lee: I didn’t really think about it until Trump got elected. Then it was, "Holy shit how do I apply these tools to my life?" Now, part of my digital security framework is that it has to go beyond just me, because my private information is in the emails and phones of my friends and family. It’s a networked community effort—which is why these conversations with local queer POC and trans folks is so important. We are not secure unless our networks are secure.
Slammer: The Trump election basically put me in a whole other space. There was a moment where almost every person that I knew felt very defeated and very afraid. The conversations that Tania and I have been having about personal digital security should have always been happening. We are really losing control over our digital lives. You have government surveillance, and you also have corporate surveillance.
What are some of the risks?
Lee: There are so many ways that your information can be compromised. Even after I transformed my entire password, my Airbnb account got hacked.
So how do you start improving your digital security without getting overwhelmed?
Slammer: The first thing is to let yourself off the hook for not doing this perfectly. No approach is fully secure. Hopefully, that takes the pressure off so that you can move forward in way that says you are the best person to know and understand your context.
What do you mean by "your context"?
Lee: Context is [what] information you want to better protect and what information you actually want to be out there. The majority of us don’t want to be totally off the grid. Community is our lifeline, and so there are some identities that we want out there.
Slammer: [I’ve been] thinking more about some of the trade-offs. I had my Instagram account public up until January when I was going to visit Kenya, because [while there] I didn’t want people to look me up and see certain posts around my sexuality and my politics. I made that private, and it’s basically remained private. I asked myself a lot of questions like, "What is the purpose of Instagram in my life?"
What did you decide about Instagram?
Slammer: Instagram is a place where I’ve built up confidence in myself and what I look like. I’m no longer ashamed of being really into selfies and selfie culture. When you’re queer, when you’re a person of color, when you’re a Black woman, when you’re genderqueer—[there are] physical standards of beauty you don’t meet in a certain way. Putting yourself out there and having people heart you is amazing. That to me is tied to my personal security.
What do you all think are some of the priorities in terms of first steps?
Slammer: Passwords and phishing. When some app or page asks you for information, ask yourself if you should provide it? If something seems strange, take the extra two seconds to verify. Also, pay attention to the types of information that services ask you for. A couple of months ago, when I was going through my own audit, I went through all of my apps in my phone to see my settings. If an app was asking for access to, say, my camera but didn’t need it, I turned that off.
How can you tell if something is important enough to take additional security measures?
Lee: Personally speaking, I asked myself what the effect would be if something was compromised. [For example,] I never want anybody to see a text conversation between me and my friend about very personal things. It’s like if someone breaks into my house and opens up my diary. So that’s when I moved from SMS over to Signal. I still use a mix of iMessage and SMS. For my most personal personal stuff I use Signal, but I’m not going to make my Auntie Linna download Signal to know the details about Thanksgiving.
You both emphasize talking to other people about personal digital safety? Why is that so important?
Slammer: You don’t need to do it by yourself. Let’s have some tea, create a plan, execute certain tools and see if they work and come back to it. You’re not stupid—it’s hard.
Lee: I had a lot of shame around my password choices. It’s really hard for me to remember shit, so I just use the same thing for everything. It wasn’t until I talked to someone that I decided on my tier of accounts that I’m going to go hard on with a more secure password. Then I just started to slowly modify my password habits. Hopefully our method of talking about it with someone helps you take that first step.
What steps should protest-goers take?
Slammer: If you’re going to protests you shouldn’t have your phone with you. Or you should have a burner phone. You need to have a plan that doesn’t rely on your phone in terms of documentation and connecting with people.
Lee: If your phone has wifi and it connects to a Stingray [device], people monitoring you can download information from your phone. In Baltimore, this was a huge tactic with police. When you’re participating in a protest, turn off your wifi and your Bluetooth.
How do you keep from feeling paranoid?
Slammer: We have every right to be paranoid. Speaking as this queer Black woman immigrant who has been tracked ever since she entered this country, I’ve never experienced privacy. The government has always known where I’ve been. As communities of color, we’re extra-tracked, whether we’re accessing social services or involved in criminal justice systems. The more we have conversations that demystify this technology, the better.
Resources recommended by Lee and Slammer:
Allied Media Presentation: Lee and Slammer presented this guide to starting a security audit at this year’s Allied Media Conference.
Tor browser: Tor is a secure Internet browser that prevents people monitoring your Internet connection from learning what sites you visit. It also stops the sites you visit from learning your physical location.
CryptoHarlem: The New York City-based group organizes parties where people learn to secure their phones and laptops. The founder, Matt Mitchell, is now working on a tool to help organizations deal with data breaches. Lee and Musuta recommend his Twitter feed, @geminiimatt, as another resource.
Center for Media Justice: The organization works to "build a powerful movement for a more just and participatory media and digital world—with racial equity and human rights for all."