Course description

For individuals and organizations involved in political advocacy, cybersecurity threats are an increasingly common reality of operating in the digital world. Civil society has always been under attack from ideological, political, and governmental opponents who seek to silence dissenting opinions, but the widespread adoption of connected technologies by the individuals and organizations that make up civil society creates a new class of vulnerabilities.

Citizen Clinic at the Center for Long-Term Cybersecurity provides students with real-world experience assisting politically vulnerable organizations and persons around the world to develop and implement sound cybersecurity practices. Clinic students will participate in both a classroom and clinic component. In the classroom, students will study the basic theories and practices of digital security, the intricacies of protecting largely under-resourced organizations, and the tools needed to manage risk in complex political, sociological, legal, and ethical contexts. In the clinic component, students will work in teams supervised by the Clinic staff to provide direct cybersecurity assistance to civil society organizations. Students’ clinic responsibilities will include learning about an organization’s mission and context, assessing its vulnerabilities, and ultimately recommending and implementing mitigations to the identified security risks. The emphasis will be on pragmatic, workable solutions that take into account the unique operational needs of each partner organization. Weekly lectures will provide students with the background information and tools they will need to engage with partners. Coursework will focus on partner-facing, hands-on projects. Students will be expected to work an average of 10 hours per week, although the distribution of this workload may fluctuate based upon the availability and needs of the partner.


In the first half of the semester, class meetings will be a mix of lectures & discussions with project-oriented workshops. In the second half of the semester, these class times will be reserved for work with the teaching team and check-ins tailored to the specific needs of your partner organization.

Most assignments (some exceptions) are listed with a due date on the Sunday at 11:59 PM (Pacific). Readings are to be completed by the end of the week in preparation for the next week’s lectures.

Note: This schedule is tentative and may be adjusted - assignment dates may change, additional readings may be assigned, speakers/lectures may be shuffled, etc. The teaching team will announce when changes are made.

Week 1: Introduction / What is Public-Interest Cybersecurity?

5/2 Lecture Week 1A:

Introduction to Public Interest Cybersecurity

o Introductions

o Content and methods of the course

o What is Public Interest Cybersecurity?

Assignments Due (by Tuesday 11:59PM Pacific):

(Review) Code of conduct: Posted in “files” section on 2U. [Individual]

(Read) pages 7 - 21 & 48 - 52 of “An Introduction to Cybersecurity Ethics” (Shannon Vallor, The Markkula Center for Applied Ethics)

Prepare answers to questions on pages 13-15 and page 53 for in-class discussion (don’t submit anything).

(Read) Sandro Contento, Toronto Star, “How these Toronto sleuths are exposing the world’s digital spies while risking their own lives”

(Explore & use) Citizen Lab’s Security Planner.

(Skim) Tactical Tech's Annual Report

5/3 Assignments Due (by Wednesday 11:59PM Pacific):

(Submit) Signed code of conduct: [Individual]

5/4 Lecture Week 1B:

● Ethical Considerations.

● Citizen Clinic “Rules of the Road”

o Citizen Clinic Code of Conduct.

o Personal Risk of Citizen Clinic.

o How to talk about Citizen Clinic.

o Security Response Plan.

Read (by next week):

● Citizen Lab. “Bittersweet: Supporters of Mexico’s soda tax targeted with NSO exploit links”

● Access Now. “Spyware in Mexico: an interview with Luis Fernando García of R3D Mexico”

● Silver & Elgin. “Torture in Bahrain Becomes Routine With Help From Nokia Siemens”

● Arthur Turner. “Consulting Is More Than Giving Advice.”

● Thomas Wedell-Wedellsborg. “Are You Solving the Right Problems?”

(Optional) Joseph Cox. “I Gave a Bounty Hunter $300. Then He Located Our Phone”

(Optional) Stephen Arnold. “Telestrategies - An Interview with Dr. Jerry Lucas”

Week 2: Threats to Civil Society’s Cybersecurity

5/9 Lecture Week 2A:

● Problem Diagnosis and Reframing

5/11 Lecture Week 2B:

Guest Speaker: “How to inventory cyber security assets”


● Electronic Frontier Foundation, “Surveillance Self-Defense: Your Security Plan” - know the definitions of underlined terms.

● Jorge Luis Sierra “Digital and Mobile Security for Mexican Journalists and Bloggers”

● Le Blond et al. “A look at targeted attacks through the lense of an NGO”

SAFETAG Guide. Skim to Section 2.2, then read Section 2.2 and Section 2.3.

(Read and Explore Examples) About PESTLE (use an ad-blocker!)

(Optionally Watch) CLTC / TechSoup. Webinar. “Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making Practical Improvements.”

Week 3: Meet the First Client and Threats to Civil Society’s Cybersecurity

5/16: Meet the first client

Guest Speaker: Client

Week 4: Threats to Civil Society’s Cybersecurity

5/18 Lecture Week 4A:

Current Event Brief

Contextual Brief




● NIST SP 800-37 “Risk Management Framework for Information Systems and Organizations.” Chapter 2 only.

(Skim) NIST SP 800-39 “Managing Information Security Risk.” Chapter 2 only.

(Skim) NISTIR 8062 “An Introduction to Privacy Engineering and Risk Management in Federal Systems.”

● Example Risk Assessment shared via email.

● Julian Cohen. “Playbook Based Testing.”

MSFT’s STRIDE and related blog posts.

● Bill Marczak and John Scott-Railton. “Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents”

Week 4: Risk Assessment

5/23 Assignments Due (by Tuesday, 11:59PM Pacific):

● Communication Plan and Collaboration Plan (Break-out Groups) [Team]

o In Class Collaborative Plan [Team]

o Due After Class (11:59pm Pacific) Communication Plan [Team]

5/25 Lecture Week 4B:

● Current Event Brief

● Contextual Brief

● Bounding Risk Assessments – Alex’s presentation

o Review Teams’ Communication Plans [Team]


● Amnesty International. “Digitally dissecting atrocities – Amnesty International’s open source investigations.”

● Sarah Jeong, Charlie Warzel, Brianna Wu, Joan Donovan. New York Times. “Everything is GamerGate” - Read all of the four essays.

● Angela Chen. The Verge. “Moderating content doesn’t have to be so traumatic”

● Sam Dubberley & Michele Grant. First Draft. “Journalism and Vicarious Trauma”

● (Explore) The EFF’s Security Education Companion.

Week 5: Digital Security Training & Recognizing PTSD (post-traumatic stress disorder)

5/30 Week 8A:

● Contextual Brief

● Current Event Brief

● Social Engineering & Phishing Simulations

6/1 Week 8B:

● Contextual Brief

● Current Event Brief


● Protective Intelligence. “Part I: An Introduction To OSINT Research For Protective Intelligence Professionals”

● Protective Intelligence. “Part 2: An Introduction To OSINT Research For Protective Intelligence Professionals”

● Ian Barwise. “Open-Source Intelligence (OSINT) Reconnaissance”

(Explore) OSINT Framework


(Explore) Awesome OSINT

(Try) SECALERTS - Automated Security Audit

Week 6: Information Gathering and Analysis

6/6: Lecture Week 5A:

● Current Event Brief

● Contextual Brief

o Adversary Persona Development

● Threat Scenario Development

● Open Source Research Methods, Safety, and Tools

o Virtual Machines, Networks, & Identities

o Manual Searches & Google Hacking

o Automated Tools

6/8 Lecture Week 5B: continued


● Netgain “Digital Security and Grantcraft Guide”

● The Engine Room. “Ties That Bind: Organizational Security for Civil Society” - read Full Report.

● APF et al. “Improving SSL Warnings: Comprehension and Adherence”

● Abu-Salma et al. “Obstacles to the Adoption of Secure Communication Tools”

Week 7: Improving Baseline Digital Security (Part 1)

6/12 Assignments Due (by Sunday, 11:59PM Pacific):

● Draft Midterm Report and Work Plan [Team]

6/13 Lecture Week 6A:

● Contextual Brief

● Legal and Policy Factors For Non-Profits’ Cybersecurity

6/15: Lecture Week 6B:

● Misinformation & Harassment

o Definitions & Risks


● Micah Lee. “It’s Impossible To Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out.”

● (Watch) Rachel Tobac. “How I would Hack You: Social Engineering Step-by-Step”

● Weidinger et al. “How To Give A Digital Security Training”

● EFF. “Am I the Right Person?”

● EFF. “How to Teach Adults”

● (Skim) Weidinger et al. “Digital Security Training Resources for Security Trainers, Fall 2019 Edition”

Week 8: Improving Baseline Digital Security (Part 2)

6/19Assignments Due (by Sunday, 11:59PM Pacific):

● Work Plan Updated & Finalized [Team]

● Slides for Midterm Class Presentation [Team]


6/20 Lecture Week 7A:

No class – holiday

6/22 Lecture Week 7B:



● IFTF “State-Sponsored Trolling: How Governments Are Deploying Disinformation as Part of Broader Digital Harassment Campaigns”. Read pages 3 to 21 & 45 to 51.

● Cindy Otis. USA Today. “Americans could be a bigger fake news threat than Russians in the 2020 presidential campaign”

● InterAction “Disinformation Toolkit.”

● Reply All podcast. “#112 The Prophet” Listen to or read transcript.

● (Optional) Tahmina Ansari. First Draft. “This Muslim journalist embraced social media until it ‘ruined’ his life”

Week 9: Disinformation & Harassment

6/26 Assignments Due (by Sunday, 11:59PM Pacific):

● Team Evaluation 1 [Individual]

6/27 Week 9A:

● Briefings

6/29 Week 9B:

● Briefings

Week 10:

7/4 Holiday

7/6 Week 10A: Clinic Core Hours / Team Check-in

“Clinic Core Hours” refers to the required student attendance of official class meeting hours that will be reserved for instruction specific to partner needs, feedback and guidance from the teaching team, and ad-hoc lectures. Each team member will provide a ~5 minute update on the progress of their assigned partner work.

Week 11:

7/11 Week 11A: Clinic Core Hours / Team Check-in

7/13 Week 11B: Clinic Core Hours / Team Check-in

Week 12:

7/18 Week 12A: Clinic Core Hours / Team Check-in

7/20 Week 12B: Clinic Core Hours / Team Check-in

Week 13:

7/24 Assignments Due (by (by Sunday, 11:59PM Pacific):

Final Partner Report (for Teaching Team Review) [Team]

7/25 Week 13A: Physical and Electronic Security demo

7/27 Week 13B: Cell Phone cybersecurity

Week 14: Wrap-up & Project Presentations

7/31 Assignments Due (by Tuesday, 11:59PM Pacific):

● Project Presentations to the class [Team]

8/1 Assignments Due (by Friday, 6:00PM Pacific):

● Team Evaluation 2 [Individual]

8/3 Week 14A:

Presentation to Client

Course policies


This is a 3-unit, 14-week class. Coursework will primarily focus on partner-facing projects while weekly lectures will be used to inform and engage with students’ hands-on experiences. Students are expected to work an average of 10 hours per week on this course; however, the distribution of this workload may fluctuate based on the availability and needs of the partner.


Assignments will largely be evaluated on the following rubric that emphasizes (1) sound rationale in assessments, recommendations, and reflections, (2) “partner-ready” work products which reflect professional quality, and (3) completing the instructions of the assignment or the requirements agreed upon work plan with the partner.

General Grading Rubric*


0 points

5 points

10 points


Does not meet partner needs, introduces serious harms to partner, shows limited or inappropriate consideration for context

Addresses most of partner needs, some oversight of potential harms to partner, mostly appropriate for given context.

All partner needs are met, feasible & effective rationale that addresses all major threats, appropriate for given context.


Hard to understand, full of jargon, serious writing/format errors present, tone / design unsuitable for its audience

Writing is mostly understandable; minor writing/format errors (typos), mostly appropriate tone / design

“Partner-ready,” clear and concise writing, almost no writing/formatting errors, appropriate tone & design for its audience


Some requirements in assignment or work plan not met; no insights or connections to readings/lectures; for group work: no evidence of group work

Most requirements met, some evidence for connections with readings/lectures; for group work: some evidence of group work

All requirements met, with clear, thoughtful insights and multiple cited connections to relevant readings/lectures; for group work: full evidence of strong, equitable collaboration

*Note: Students taking the course for P/NP or S/U are expected to participate in classes and complete all work to the same level of quality as students taking the course for a letter grade.


1. Partner Deliverables - 60%

The largest portion of graded evaluation will be based upon your team’s work and support for its assigned partner. These deliverables may include assessments, recommendations, and guides, each tailored towards the partner’s needs. Each team will also deliver a final report summarizing work performed with their partner.

2. Individual Assignments - 10%

Two individual assignments will be given:

Current Event Discussion Lead (5%): Each student will sign up to lead one 15 minute discussion at the beginning of most lectures. Students will be expected to locate and share about a recent, current event relevant to the day’s lecture topic. Topic leaders will emphasize interesting or relevant points while other students are expected to ask questions and comment.

Contextual Briefs (5%): Each student is expected to share findings of their contextual research in one 10 + 5 minute presentation (no more than 10 minutes of content saving at least 5 minutes for Q&A) during the first half of the semester. Students will share relevant, up-to-date, sourced information on one or more PESTLE factors and, importantly, provide an analysis on those factors’ impact on their partner’s security. Briefers will emphasize why their research is relevant to their partner organization while other students are expected to ask questions and comment.

3. Team Case Study - 10%

We want students to be able to discuss and share their experience in the course with others, including future employers. We also want our partners to remain confidential and protected. This being said, each student team will submit a write-up of work performed and takeaways with sensitive information removed. The teaching team will review to ensure your experience is captured in an effective & safe manner.

4. Participation - 10%

We consider “participation” in two major components: participating in regular class discussions and participating in team & partner meetings outside of class hours.

a. You are expected to attend each official class meeting and contribute substantially to class discussions. The teaching team should be notified in advance of absences from class meetings (including Clinic Core Hours). You do not need to share the reason for the absence. Not showing up to team check-ins will also negatively impact this grade.

b. As a rule, two people from your team must attend any partner meeting or call. While you may not be able to attend every team meeting and partner engagement outside of normal class hours, you are expected to attend and contribute to your team’s effort as often as possible.

5. Team Evaluations - 10%

Throughout the course, you will submit confidential evaluation forms which ask you to evaluate the contributions of each team member including yourself. Your final course grade will be adjusted, higher or lower, if you are contributing more or less than those within your group. If there are difficulties with any team member, discuss the matter within your team and seek resolution. If you cannot resolve the problem, immediately contact any faculty member, so that we can make an appointment to discuss the situation individually or with the entire group as needed.

Late assignments.

As we want to respect the time of our partners and ensure a high level of quality control (the teaching team will review deliverables before it reaches the partner), we expect students to adhere to timelines and due dates. Each day an assignment is late will result in a letter grade deduction. Recognizing that emergencies arise and partners may require schedule adjustments, exceptions will be made on a case-by-case basis.

Code of Conduct.

Each student enrolled in the course must agree in writing to the Citizen Clinic’s Code of Conduct (to be distributed) for maintaining a safe and secure learning experience and partner relationship. This Code of Conduct will be respected by all students, the teaching team, and CLTC staff and it is the responsibility of all personnel to report possible violations of the Code of Conduct to the teaching team.

Additionally, we expect all students to abide by the Berkeley Student Code of Conduct (see and act with honesty, integrity, and respect for others. (See also The consequences for failing to act within these standards may include failing an assignment, a referral to the Center for Student Conduct and Community Standards, a failed grade in the course, and even immediate expulsion. A note on plagiarism: even in the scope of providing a partner with a walkthrough for securing a certain account or system, you are expected not to copy material from another guide, website, article or book (word-for-word or paraphrased) without citing the source - it’s a small community and we should give credit where it is due. Other examples of unacceptable conduct include turning in deliverables created by students not currently in the course, work found on the Internet, or created by a commercial service.

Disability Accommodation.

If you need disability-related accommodations in this class, if you have emergency medical information you wish to share with us, or if you need special arrangements in case the building must be evacuated, please inform us as soon as possible.

Last updated