Course Readings

All Citizen Clinic currently or previously assigned readings in one place.

Introduction to Public Interest Cybersecurity

Sean Brooks, Center for Long-Term Cybersecurity. “Defending Politically Vulnerable Organizations Online” []

Citizen Lab’s “About Us” Paper. []

Citizen Lab’s Security Planner. []

Sandro Contenta, Toronto Star. “How these Toronto sleuths are exposing the world’s digital spies while risking their own lives” []

Havron et al. "Clinical computer security for victims of intimate partner violence." In Proceedings of the 28th USENIX Security Symposium (pp. 105-122).[]

Deji Olukotun, Access Now. “Spyware in Mexico: an interview with Luis Fernando García of R3D Mexico” []

Tactical Tech's Annual Report []

Ethics and the Citizen Clinic Code of Conduct

Citizen Clinic. "Student Code of Conduct" []

Shannon Vallor, The Markkula Center for Applied Ethics. “An Introduction to Cybersecurity Ethics” []

Old School INFOSEC: Basic Controls

Le Blond et al. “A look at targeted attacks through the lense of an NGO” []

Sean Brooks, CLTC, TechSoup Webinar. “Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making Practical Improvements.”: []

Citizen Lab’s Security Planner. []

Electronic Frontier Foundation’s Surveillance Self-Defense guide. []

Alex Gaynor. “What happens when you type into your browser's address box and press enter?" []

Rus Shuler. “How Does the Internet Work?” []

Digital Surveillance of Politically Vulnerable Organizations: The Threat Landscape

Stephen Arnold. “Telestrategies - An Interview with Dr. Jerry Lucas” []

Joseph Cox. “I Gave a Bounty Hunter $300. Then He Located Our Phone” []

Vernon Silver and Ben Elgin. “Torture in Bahrain Becomes Routine With Help From Nokia Siemens” []

John Scott-Railton et al, Citizen Lab. “Bittersweet: Supporters of Mexico’s soda tax targeted with NSO exploit links” []

Problem Diagnosis and Reframing

Netgain. “Digital Security and Grantcraft Guide” []

Arthur Turner. “Consulting Is More Than Giving Advice” []

Thomas Wedell-Wedellsborg. “Are You Solving the Right Problems?” []

Threat Modeling & Bounding Risk Assessments

Electronic Frontier Foundation, “Surveillance Self-Defense: Your Security Plan” []

NIST SP 800-37 “Risk Management Framework for Information Systems and Organizations.” Chapter 2 only. [ or Shutdown Mirror]

NIST SP 800-39 “Managing Information Security Risk.” Chapter 2 only. [ or Shutdown Mirror]

NISTIR 8062 “An Introduction to Privacy Engineering and Risk Management in Federal Systems.” [ or Shutdown Mirror]

Contextual & Capacity Research

SAFETAG, Internews. "SAFETAG Guide" Skim to Section 2.2, then read Section 2.2 and Section 2.3. []

Read and Explore Examples About PESTLE. (use an ad-blocker!) []

Jorge Luis Sierra. “Digital and Mobile Security for Mexican Journalists and Bloggers” []

Information Gathering

Ruba Abu-Salma et al. “Obstacles to the Adoption of Secure Communication Tools” []

Jeanette Blomberg et al. "An Ethnographic Approach to Design" []

Jenna Burrell. "The Field Site as a Network: A Strategy for Locating Ethnographic Research" []

Collaboration on International ICT Policy in East and Southern Africa. “Safeguarding Civil Society: Assessing Internet Freedom and the Digital Resilience of Civil Society in East Africa” - Read each chapter, but for one country only. []

Lofland and Lofland. Read Chapter 5 (66-98) "Logging Data" in "Analyzing social settings: A guide to qualitative observation and analysis" []

Open Source Research Methods, Safety, and Tools

Awesome OSINT []

Ian Barwise. “Open-Source Intelligence (OSINT) Reconnaissance” []

Conor Fortune, Amnesty International. “Digitally dissecting atrocities – Amnesty International’s open source investigations.” []

OSINT Framework [] []

Travis Lishok, Protective Intelligence. “Part I: An Introduction To OSINT Research For Protective Intelligence Professionals” []

Travis Lishok, Protective Intelligence. “Part 2: An Introduction To OSINT Research For Protective Intelligence Professionals” []

SECALERTS - Automated Security Audit []

Security Law and Policy Factors

James C. Scott. “Seeing Like a State” - Chapter 9 []

Kim Fong et al. “A CRIMSon Tide of Data: An Assessment of Potential Privacy Problems of the Consolidate Records Information Management System” []

Adversary Persona Development

Julian Cohen. “Playbook Based Testing.” []

Bill Marczak and John Scott-Railton, Citizen Lab. “Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents” []

Nick Merrill, Daylight Security Research Lab. "Adversary Personas" []

Microsoft’s STRIDE and related blog posts. []

Threat Scenario Development

Mitre’s ATT&CK Wiki. []

Mitre’s PRE-ATT&CK Techniques. []

Mitre’s Common Vulnerabilities and Exposures search.[]

Changing Security Behaviors

The Engine Room. “Ties That Bind: Organisational Security for Civil Society” []

Adrienne Porter Felt et al. “Improving SSL Warnings: Comprehension and Adherence” []

Francesca Musiani and Ksenia Ermoshina. “What is a Good Secure Messaging Tool? The EFF Secure Messaging Scorecard and the Shaping of Digital (Usable) Security” []

Alma Whitten and Doug Tygar. “Why Johnny Can’t Encrypt” []

Social Engineering and Phishing

Citizen Clinic. "Phishing Simulation Policy" []

Masashi Crete-Nishihata et al, Citizen Lab. "Spying on a Budget: Inside a Phishing Operation with Targets in the Tibetan Community" []]

Micah Lee, The Intercept. “It’s Impossible To Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out.” []

Rachel Tobac. Social Proof Security. “How I would Hack You: Social Engineering Step-by-Step” []

Designing Security Training

Electronic Frontier Foundation. “Am I the Right Person?” []

Electronic Frontier Foundation. “How to Teach Adults” []

Browse the rest of EFF’s Security Education Companion. []

Rachel Weidinger et al. “How To Give A Digital Security Training” []

Rachel Weidinger et al. “Digital Security Training Resources for Security Trainers, Fall 2019 Edition” []

Psychosocial Resilience

Rated R for Resilience resource site. []

Angela Chen. The Verge. “Moderating content doesn’t have to be so traumatic” []

Sam Dubberley and Michele Grant. First Draft. “Journalism and Vicarious Trauma” []

Sarah Jeong, Charlie Warzel, Brianna Wu, Joan Donovan. New York Times. “Everything is GamerGate” [] - Read all of the four essays.

Harmful Information (Misinformation and Harassment)

Tahmina Ansari, First Draft. “This Muslim journalist embraced social media until it ‘ruined’ his life” []

Nicholas Monaco and Carly Nyst. Institute For The Future. “State-Sponsored Trolling: How Governments Are Deploying Disinformation as Part of Broader Digital Harassment Campaigns”. Read pages 3 to 21 & 45 to 51. []

Sarah Oh and Travis L. Adkins. InterAction. “Disinformation Toolkit.” []

Cindy Otis. USA Today. “Americans could be a bigger fake news threat than Russians in the 2020 presidential campaign” []

Reply All podcast. “#112 The Prophet” Listen to or read transcript. []

Last update: November 17, 2020