S1E43 - Elle on Threat Modeling
Live Like the World is Dying · Strangers in a Tangled Wilderness
Show Notes
Episode Notes
Episode summary
Margaret talks with Elle, an anarchist and security professional, about different threat modeling approaches and analyzing different kinds of threats. They explore physical threats, digital security, communications, surveillance,and general OpSec mentalities for how to navigate the panopticon and do stuff in the world without people knowing about it...if you're in Czarist Russia of course.
Guest Info
Elle can be found on twitter @ellearmageddon.
Host and Publisher
The host Margaret Killjoy can be found on twitter @magpiekilljoy or instagram at @margaretkilljoy.
This show is published by Strangers in A Tangled Wilderness. We can be found at www.tangledwilderness.org, or on Twitter @TangledWild and Instagram @Tangled_Wilderness. You can support the show on Patreon at www.patreon.com/strangersinatangledwilderness.
Show Links
Transcript
Live Like the World is Dying: Elle on Threat Modeling
Margaret 00:15 Hello, and welcome to Live Like The World Is Dying, your podcast for what feels like the end times. I'm your host, Margaret killjoy. And with me at the exact moment is my dog, who has just jumped up to try and talk into the microphone and bite my arm. And, I use 'she' and 'they' pronouns. And this week, I'm going to be talking to my friend Elle, who is a, an anarchist security professional. And we're going to be talking about threat modeling. And we're going to be talking about how to figure out what people are trying to do to you and who's trying to do it and how to deal with different people trying to do different things. Like, what is the threat model around the fact that while I'm trying to record a podcast, my dog is biting my arm? And I am currently choosing to respond by trying to play it for humor and leaving it in rather than cutting it out and re recording. This podcast is a proud member of the Channel Zero network of anarchists podcasts. And here's a jingle from another show on the network.
Jingle
Margaret 02:00 Okay, if you could introduce yourself, I guess, with your name and your pronouns, and then maybe what you do as relates to the stuff that we're going to be talking about today.
Elle 02:10 Yeah, cool. Hi, I'm Elle. My pronouns are they/them. I am a queer, autistic, anarchist security practitioner. I do security for a living now that I've spent over the last decade, working with activist groups and NGOs, just kind of anybody who's got an interesting threat model to help them figure out what they can do to make themselves a little a little safer and a little more secure.
Margaret 02:43 So that word threat model. That's actually kind of what I want to have you on today to talk about is, it's this word that we we hear a lot, and sometimes we throw into sentences when we want to sound really smart, or maybe I do that. But what does it mean, what is threat modeling? And why is it relevant?
Elle 03:02 Yeah, I actually, I really love that question. Because I think that we a lot of people do use the term threat modeling without really knowing what they mean by it. And so to me, threat modeling is having an understanding of your own life in your own context, and who poses a realistic risk to you, and what you can do to keep yourself safe from them. So whether that's, you know, protecting communications that you have from, you know, state surveillance, or whether it's keeping yourself safe from an abusive ex, your threat model is going to vary based on your own life experiences and what you need to protect yourself from and who those people actually are and what they're capable of doing.
Margaret 03:52 Are you trying to say there's not like one solution to all problems that we would just apply?
Elle 03:58 You know, I love...
Margaret 03:58 I don't understand.
Elle 04:00 I know that everybody really, really loves the phrase "Use signal. Use TOR," and you know, thinks that that is the solution to all of life's problems. But it actually turns out that, no, you do have to have both an idea of what it is that you're trying to protect, whether it's yourself or something like your communications and who you're trying to protect it from, and how they can how they can actually start working towards gaining access to whatever it is that you're trying to defend.
Margaret 04:31 One of the things that when I think about threat modeling that I think about is this idea of...because the levels of security that you take for something often limit your ability to accomplish different things. Like in Dungeons and Dragons, if you were plate armor, you're less able to be a dexterous rogue and stealth around. And so I think about threat modeling, maybe as like learning to balance....I'm kind of asking this, am I correct in this? Balancing what you're trying to accomplish with who's trying to stop you? Because like, you could just use TOR, for everything. And then also like use links the little like Lynx [misspoke "Tails"] USB keychain and never use a regular computer and never communicate with anyone and then never accomplish anything. But, it seems like that might not work.
Elle 05:17 Yeah, I mean, the idea, the idea is to prevent whoever your adversaries are from keeping you from doing whatever you're trying to accomplish. Right? So if the security precautions that you're taking to prevent your adversaries from preventing you from doing a thing are also preventing you from doing the thing, then it doesn't matter, because your adversaries have just won, right? So there, there definitely is a need, you know, to be aware of risks that you're taking and decide which ones make sense, which ones don't make sense. And kind of look at it from from a dynamic of "Okay, is this something that is in my, you know, acceptable risk model? Is this a risk I'm willing to take? Are there things that I can do to, you know, do harm reduction and minimize the risk? Or at least like, make it less? Where are those trade offs? What, what is the maximum amount of safety or security that I can do for myself, while still achieving whatever it is that I'm trying to achieve?"
Margaret 06:26 Do you actually ever like, chart it out on like, an X,Y axis where you get like, this is the point where you start getting diminishing returns? I'm just imagining it. I've never done that.
Elle 06:37 In, in the abstract, yes, because that's part of how autism brain works for me. But in a, like actually taking pen to paper context, not really. But that's, you know, at least partially, because of that's something that autism brain just does for me. So I think it could actually be a super reasonable thing to do, for people whose brains don't auto filter that for them. But but I'm, I guess, lucky enough to be neurodivergent, and have like, you know, like, we always we joke in tech, "It's not a bug, it's a feature." And I feel like, you know, autism is kind of both sometimes. In some cases, it's totally a bug and and others, it's absolutely a feature. And this is one of the areas where it happens to be a feature, at least for me.
Margaret 07:35 That makes sense. I, I kind of view my ADHD as a feature, in that, it allows me to hyper focus on topics and then move on and then not come back to them. Or also, which is what I do now for work with podcasting, and a lot of my writing. It makes it hard to write long books, I gotta admit,
Elle 07:56 Yeah, I work with a bunch of people with varying neuro types. And it's really interesting, like, at least at least in my own team, I think that you know, the, the folks who are more towards the autism spectrum disorder side of of the house are more focused on things like application security, and kind of things that require sort of sustained hyper focus. And then folks with ADHD make just absolutely amazing, like incident responders and do really, really well in interrupt driven are interrupts heavy contexts,
Margaret 08:38 Or sprinters.
Elle 08:40 It's wild to me, because I'm just like, yes, this makes perfect sense. And obviously, like, these different tasks are better suited to different neuro types. But I've also never worked with a manager who actually thought about things in that way before.
Margaret 08:53 Right.
Elle 08:54 And so it's actually kind of cool to be to be in a position where I can be like, "Hey, like, Does this sound interesting to you? Would you rather focus on this kind of work?" And kind of get that that with people.
Margaret 09:06 That makes sense that's.... i I'm glad that you're able to do that. I'm glad that people that you work with are able to have that you know, experience because it is it's hard to it's hard to work within....obviously the topic of today is...to working in the workplace is a neurodivergent person, but it I mean it affects so many of us you know, like almost whatever you do for work the the different ways your brain work are always struggling against it. So.
Elle 09:32 Yeah, I don't know. It just it makes sense to me to like do your best to structure your life in a way that is more conducive to your neurotype.
Margaret 09:44 Yeah.
Elle 09:45 You know, if you can.
Margaret 09:49 I don't even realize exactly how age ADHD I was until I tried to work within a normal workforce. I built my entire life around, not needing to live in one place or do one thing for sustained periods of time. But okay, but back to the threat modeling.
Margaret 10:07 The first time I heard of, I don't know if it's the first time I heard a threat modeling or not, I don't actually know when I first started hearing that word. But the first time I heard about you, in the context of it was a couple years back, you had some kind of maybe it was tweets or something about how people were assuming that they should use, for example, the more activist focused email service Rise Up, versus whether they should just use Gmail. And I believe that you were making the case that for a lot of things, Gmail would actually be safer, because even though they don't care about you, they have a lot more resources to throw at the problem of keeping governments from reading their emails. That might be a terrible paraphrasing of what you said. But this, this is how I was introduced to this concept of threat modeling. If you wanted to talk about that example, and tell me how I got it all wrong.
Elle 10:07 Yeah.
Elle 10:58 Yeah. Um, so you didn't actually get it all wrong. And I think that the thing that I would add to that is that if you are engaging in some form of hypersensitive communication, email is not the mechanism that you want to do that. And so when I say things like, "Oh, you know, it probably actually makes sense to use Gmail instead of Rise Up," I mean, you know, contexts where you're maybe communicating with a lawyer and your communications are privileged, right?it's a lot harder to crack Gmail security than it is to crack something like Rise Up security, just by virtue of the volume of resources available to each of those organizations. And so where you specifically have this case where, you know, there's, there's some degree of legal protection for whatever that means, making sure that you're not leveraging something where your communications can be accessed without your knowledge or consent by a third party, and then used in a way that is conducive to parallel construction.
Margaret 12:19 So what is parallel construction?
Elle 12:20 Parallel construction is a legal term where you obtain information in a way that is not admissible in court, and then use that information to reconstruct a timeline or reconstruct a mechanism of access to get to that information in an admissible way.
Margaret 12:39 So like every cop show
Elle 12:41 Right, so like, with parallel construction around emails, for example, if you're emailing back and forth with your lawyer, and your lawyer is like, "Alright, like, be straight with me. Because I need to know if you've actually done this crime so that I can understand how best to defend you." And you're like, "Yeah, dude, I totally did that crime," which you should never admit to in writing anyway, because, again, email is not the format that you want to have this conversation in. But like, if you're gonna admit to having done crimes in email, for some reason, how easy it is for someone else to access that admission is important. Because if somebody can access this email admission of you having done the crimes where you're, you know, describing in detail, what crimes you did, when with who, then it starts, like, it gets a lot easier to be like, "Oh, well, obviously, we need to subpoena this person's phone records. And we should see, you know, we should use geolocation tracking of their device to figure out who they were in proximity to and who else was involved in this," and it can, it can be really easy to like, establish a timeline and get kind of the roadmap to all of the evidence that they would need to, to put you in jail. So it's, it's probably worth kind of thinking about how easy it is to access that that information. And again, don't don't admit to doing crimes in email, email is not the format that you want to use for admitting to having done crimes. But if you're going to, it's probably worth making sure that, you know, the the email providers that you are choosing are equipped with both robust security controls, and probably also like a really good legal team. Right? So if...like Rise Up isn't going to comply with the subpoena to the like, to the best of their ability, they're not going to do that, but it's a lot easier to sue Rise Up than it is to sue Google.
Margaret 14:51 Right.
Elle 14:51 And it's a lot easier to to break Rise Up's security mechanisms than it is to break Google's, just by virtue of how much time and effort each of those entities is able to commit to securing email. Please don't commit to doing crimes in email, just please just don't. Don't do it in writing. Don't do it.
Margaret 15:15 Okay, let me change my evening plans. Hold on let me finish sending this email..
Elle 15:23 No!
Margaret 15:25 Well, I mean, I guess like the one of the reasons that I thought so much about that example, and why it kind of stuck with me years later was just thinking about what people decide they're safe, because they did some basic security stuff. And I don't know if that counts under threat modeling. But it's like something I think about a lot is about people being like, "I don't understand, we left our cell phones at home and went on a walk in the woods," which is one of the safest ways anyone could possibly have a conversation. "How could anyone possibly have known this thing?" And I'm like, wait, you, you told someone you know, or like, like, not to make people more paranoid, but like...
Elle 16:06 Or maybe, maybe you left your cell phone at home, but kept your smartwatch on you, because you wanted to close, you know, you wanted to get your steps for the day while you were having this conversation, right?
Margaret 16:19 Because otherwise, does it even count if I'm not wearing my [smartwatch].
Elle 16:21 Right, exactly. And like, we joke, and we laugh, but like, it is actually something that people don't think about. And like, maybe you left your phones at home, and you went for a walk in the woods, but you took public transit together to get there and were captured on a bunch of surveillance cameras. Like there's, there's a lot of, especially if you've actually been targeted for surveillance, which is very rare, because it's very resource intensive. But you know, there there are alternate ways to track people. And it does depend on things like whether or not you've got additional tech on you, whether or not you were captured on cameras. And you know, whether whether or not your voices were picked up by ShotSpotter, as you were walking to wherever the woods were like, there's just there's we live in a panopticon. I don't say that so that people are paranoid about it, I say it because it's a lot easier to think about, where, when and how you want to phrase things.
Margaret 17:27 Yeah.
Elle 17:28 In a way that you know, still facilitates communications still facilitates achieving whatever it is that you're trying to accomplish, but sets you sets you up to be as safe as possible in doing it. And I think that especially in anarchist circles, just... and honestly also in security circles, there's a lot of of like, dogmatic adherence to security ritual, that may or may not actually make sense based on both, you, who your actual adversaries are, and what their realistic capabilities are.
Margaret 18:06 And what they're trying to actually accomplish I feel like is...Okay, one of the threat models that I like...I encourage people sometimes to carry firearms, right in very specific contexts. And it feels like a security... Oh, you had a good word for it that you just used...ritual of security theater, I don't remember...a firearm often feels like that,
Elle 18:30 Right.
Margaret 18:31 In a way where you're like," Oh, I'm safe now, right, because I'm carrying a firearm." And, for example, I didn't carry a firearm for a very long time. Because for a long time, my threat model, the people who messed with me, were cops. And if a cop is going to mess with me, I do not want to have a firearm on me, because it will potentially escalate a situation in a very bad way. Whereas when I came out and started, you know, when I started getting harassed more for being a scary transwoman, and less for being an anarchist, or a hitchhiker, or whatever, you know, now my threat model is transphobes, who wants to do me harm. And in a civilian-civilian context, I prefer I feel safer. And I believe I am safer in most situations armed in that case. But every time I leave the house, I have to think about "What is my threat model?" And then in a similar way, sorry, it's just me thinking about the threat model of firearms, but it's the main example that I think of, is that often people's threat model in terms of firearms and safety as themselves, right? And so you just actually need to do the soul searching where you're like,"What's more likely to happen to me today? Am I likely to get really sad, or am I likely to get attacked by fascists?"
Elle 19:57 Yeah. And I think that there is there's an additional question, especially when you're talking about arming yourself, whether it's firearms, or carrying a knife, or whatever, because like, I don't own any firearms, but I do carry a knife a lot of the time. And so like some questions, some additional questions that you have to ask yourself are, "How confident am I in my own ability to use this to harm another person?" Because if you're going to hesitate, you're gonna get fucked up.
Margaret 20:28 Yeah.
Elle 20:28 Like, if you are carrying a weapon, and you pull it out and hesitate in using it, it's gonna get taken away from you, and it's going to be used against you. So that's actually one of the biggest questions that I would say people should be asking themselves when developing a threat model around arming themselves is, "Will I actually use this? How confident am I?" if you're not confident, then it's okay to leave it at home. It's okay to practice more. It's okay to like develop that familiarity before you start using it as an EDC. Sorry an Every Day Carry. And then the you know, the other question is, "How likely am I to get arrested here?" I carry, I carry a knife that I absolutely do know how to use most of the time when I leave the house. But when I'm going to go to a demonstration, because the way that I usually engage in protests or in demonstrations is in an emergency medical response capacity, I carry a medic kit instead. And my medic kit is a clean bag that does not have any sharp objects in it. It doesn't have anything that you know could be construed as a weapon it doesn't have...it doesn't...I don't even have weed gummies which are totally like recreationally legal here, right? I won't even put weed in the medic kit. It's it is very much a...
Margaret 21:52 Well, if you got a federally arrested you'd be in trouble with that maybe.
Elle 21:55 Yeah, sure, I guess. But, like the medic bag is very...nothing goes in this kit ever that I wouldn't want to get arrested carrying. And so there's like EMT shears in there.
Margaret 22:12 Right.
Elle 22:13 But that's that's it in terms of like...
Margaret 22:16 Those are scary you know...the blunted tips.
Elle 22:21 I know, the blunted tips and the like safety, whatever on them. It's just...it's it is something to think about is "Where am I going...What...Who am I likely to encounter? And like what are the trade offs here?"
Margaret 22:37 I remember once going to a demonstration a very long time ago where our like, big plan was to get in through all of the crazy militarized downtown in this one city and, and the big plan is we're gonna set up a Food Not Bombs inside the security line of the police, you know. And so we picked one person, I think I was the sacrificial person, who had to carry a knife, because we had to get the folding tables that we're gonna put the food on off of the top of the minivan. And we had to do it very quickly, and they were tied on. And so I think I brought the knife and then left it in the car and the car sped off. And then we fed people and they had spent ten million dollars protecting the city from 30 people feeding people Food Not Bombs.
Elle 23:20 Amazing.
Margaret 23:22 But, but yeah, I mean, whereas every other day in my life, especially back then when I was a hitchhiker, I absolutely carried a knife.
Elle 23:30 Yeah.
Margaret 23:31 You know, for multiple purposes. Yeah, okay, so then it feels like...I like rooting it in the self defense stuff because I think about that a lot and for me it maybe then makes sense to sort of build up and out from there as to say like...you know, if someone's threat model is my ex-partner's new partner is trying to hack me or my abusive ex is trying to hack me or something, that's just such a different threat model than...
Elle 24:04 Yeah, it is.
Margaret 24:05 Than the local police are trying to get me versus the federal police are trying to get me versus a foreign country is trying to get me you know, and I and it feels like sometimes those things are like contradictory to each other about what isn't isn't the best maybe.
Elle 24:19 They are, because each of those each of those entities is going to have different mechanisms for getting to you and so you know, an abusive partner or abusive ex is more likely to have physical access to you, and your devices, than you know, a foreign entity is, right? Because there's there's proximity to think about, and so you know, you might want to have....Actually the....Okay, so the abusive ex versus the cops, right. A lot of us now have have phones where the mechanism for accessing them is either a password, or some kind of biometric identifier. So like a fingerprint, or you know, face ID or whatever. And there's this very dogmatic adherence to "Oh, well, passwords are better." But passwords might actually not be better. Because if somebody has regular proximity to you, they may be able to watch you enter your password and get enough information to guess it. And if you're, if you're not using a biometric identifier, in those use cases, then what can happen is they can guess your password, or watch, you type it in enough time so that they get a good feeling for what it is. And they can then access your phone without your knowledge while you're sleeping. Right?
Margaret 25:46 Right.
Elle 25:47 And sometimes just knowing whether or not your your adversary has access to your phone is actually a really useful thing. Because you know how much information they do or don't have.
Margaret 26:01 Yeah. No that's...
Elle 26:03 And so it really is just about about trade offs and harm reduction.
Margaret 26:08 That never would have occurred to me before. I mean, it would occur to me if someone's trying to break into my devices, but I have also fallen into the all Biometrics is bad, right? Because it's the password, you can't change because the police can compel you to open things with biometrics, but they can't necessarily compel you...is more complicated to be compelled to enter a password.
Elle 26:31 I mean, like, it's only as complicated as a baton.
Margaret 26:34 Yeah, there's that XKCD comic about this. Have you seen it?
Elle 26:37 Yes. Yes, I have. And it is it is an accurate....We like in security, we call it you know, the Rubber Hose method, right? It we....
Margaret 26:46 The implication here for anyone hasn't read it is that they can beat you up and get you to give them their [password].
Elle 26:50 Right people, people will usually if they're hit enough times give up their password. So you know, I would say yeah, you should disable biometric locks, if you're going to go out to a demonstration, right? Which is something that I do. I actually do disable face ID if I'm taking my phone to a demo. But it...you may want to use it as your everyday mechanism, especially if you're living in a situation where knowing whether or not your abuser has access to your device is likely to make a difference in whether you have enough time to escape.
Margaret 27:30 Right. These axioms or these these beliefs we all have about this as the way to do security,the you know...I mean, it's funny, because you brought up earlier like use Signal use Tor, I am a big advocate of like, I just use Signal for all my communication, but I also don't talk about crime pretty much it in general anyway. You know. So it's more like just like bonus that it can't be read. I don't know.
Elle 27:57 Yeah. I mean, again, it depends, right? Because Signal...Signal has gotten way more usable. I've been, I've been using Signal for a decade, you know, since it was still Redphone and TextSecure. And in the early days, I used to joke that it was so secure, sometimes your intended recipients don't even get the messages.
Margaret 28:21 That's how I feel about GPG or PGP or whatever the fuck.
Elle 28:24 Oh, those those....
Margaret 28:27 Sorry, didn't mean to derail you.
Elle 28:27 Let's not even get started there. But so like Signal again, has gotten much better, and is way more reliable in terms of delivery than it used to be. But I used to, I used to say like, "Hey, if it's if it's really, really critical that your message reach your recipient, Signal actually might not be the way to do it." Because if you need if you if you're trying to send a time sensitive message with you know guarantee that it actually gets received, because Signal used to be, you know, kind of sketchy on or unreliable on on delivery, it might not have been the best choice at the time. One of the other things that I think that people, you know, think...don't think about necessarily is that Signal is still widely viewed as a specific security tool. And that's, that's good in a lot of cases. But if you live somewhere, for example, like Belarus, where it's not generally considered legal to encrypt things, then the presence of Signal on your device is enough in and of itself to get you thrown in prison.
Margaret 29:53 Right.
Elle 29:53 And so sometimes having a mechanism like, you know, Facebook secret messages might seem like a really, really sketchy thing to do. But if your threat model is you can't have security tools on your phone, but you still want to be able to send encrypted messages or ephemeral messages, then that actually might be the best way to kind of fly under the radar. So yeah, it again just really comes down to thinking about what it is that you're trying to protect? From who? And under what circumstances?
Margaret 30:32 Yeah, I know, I like this. I mean, obviously, of course, you've thought about this thing that you think about. I'm like, I'm just like, kind of like, blown away thinking about these things. Although, okay, one of these, like security things that I kind of want to push back on, and actually, this is a little bit sketchy to push back on, the knife thing. To go back to a knife. I am. I have talked to a lot of people who have gotten themselves out of very bad situations by drawing a weapon without then using it, which is illegal. It is totally illegal.
Elle 31:03 Yes
Margaret 31:03 I would never advocate that anyone threaten anyone with a weapon. But, I know people who have committed this crime in order to...even I mean, sometimes it's in situations where it'd be legal to stab somebody,like...
Elle 31:16 Sure.
Margaret 31:16 One of the strangest laws in the United States is that, theoretically, if I fear for my life, I can draw a gun.... And not if I fear for my life, if I am, if my life is literally being threatened, physically, if I'm being attacked, I can I can legally draw a firearm and shoot someone, I can legally pull a knife and stab someone to defend myself. I cannot pull a gun and say "Back the fuck off." And not only is it illegal, but it also is a security axiom, I guess that you would never want to do that. Because as you pointed out, if you hesitate now the person has the advantage, they have more information than they used to. But I still know a lot of hitchhikers who have gotten out of really bad situations by saying, "Let me the fuck out of the car."
Elle 32:05 Sure.
Margaret 32:06 Ya know?.
Elle 32:06 Absolutely. It's not....Sometimes escalating tactically can be a de-escalation. Right?
Margaret 32:17 Right.
Elle 32:18 Sometimes pulling out a weapon or revealing that you have one is enough to make you no longer worth attacking. But you never know how someone's going to respond when you do that, right?
Margaret 32:33 Totally
Elle 32:33 So you never know whether it's going to cause them to go "Oh shit, I don't want to get stabbed or I don't want to get shot," and stop or whether it's going to trigger you know a more aggressive response. So it doesn't mean that you know, you, if you pull a weapon you have to use it.
Margaret 32:52 Right.
Elle 32:53 But if you're going to carry one then you do need to be confident that you will use it.
Margaret 32:58 No, that that I do agree with that. Absolutely.
Elle 33:00 And I think that is an important distinction, and I you know I also think that...not 'I think', using a gun and using a knife are two very different things. For a lot of people, pulling the trigger on a gun is going to be easier than stabbing someone.
Margaret 33:20 Yeah that's true.
Elle 33:21 Because of the proximity to the person and because of how deeply personal stabbing someone actually is versus how detached you can be and still pull the trigger.
Margaret 33:35 Yeah.
Elle 33:36 Like I would...it sounds...it feels weird to say but I would actually advocate most people carry a gun instead of a knife for that reason, and also because if you're, if you're worried about being physically attacked, you know you have more range of distance where you can use something like a gun than you do with a knife. You have to be, you have to be in close quarters to to effectively use a knife unless you're like really good at throwing them for some reason and even I wouldn't, cause if you miss...now your adversary has a knife.
Margaret 34:14 I know yeah. Unless you miss by a lot. I mean actually I guess if you hit they have a knife now too.
Elle 34:22 True.
Margaret 34:23 I have never really considered whether or not throwing knives are effective self-defense weapons and I don't want to opine too hard on this show.
Elle 34:31 I advise against it.
Margaret 34:32 Yeah. Okay, so to go back to threat modeling about more operational security type stuff. You're clearly not saying these are best practices, but you're instead it seems like you're advocating of "This as the means by which you might determine your best practices."
Elle 34:49 Yes.
Margaret 34:49 Do you have a...do you have a a tool or do you have like a like, "Hey, here's some steps you can take." I mean, we all know you've said like, "Think about your enemy," and such like that, but Is there a more...Can you can you walk me through that?
Elle 35:04 I mean, like, gosh, it really depends on who your adversary is, right?
Elle 35:10 Like, if you're if you're thinking about an abusive partner, that's obviously going to vary based on things like, you know, is your abusive partner, someone who has access to weapons? Are they someone who is really tech savvy? Or are they not. At...The things that you have to think about are going to just depend on the skills and tools that they have access to? Is your abusive partner or your abusive ex a cop? Because that changes some things.
Margaret 35:10 Yeah, fair enough.
Margaret 35:20 Yeah.
Elle 35:27 So like, most people, if they actually have a real and present kind of persistent threat in their life, also have a pretty good idea of what that threat is capable of, or what that threat actor or is capable of. And so it, it's it, I think, it winds up being fairly easy to start thinking about things in terms of like, "Okay, how is this person going to come after me? How, what, what tools do they have? What skills do they have? What ability do they have to kind of attack me or harm me?" But I think that, you know, as we start getting away from that really, really, personal threat model of like the intimate partner violence threat model, for example, and start thinking about more abstract threat models, like "I'm an anarchist living in a state," because no state is particularly fond of us.
Margaret 36:50 Whaaaat?!
Elle 36:51 I know it's wild, because like, you know, we just want to abolish the State and States, like want to not be abolished, and I just don't understand how, how they would dislike us for any reason..
Margaret 37:03 Yeah, it's like when I meet someone new, and I'm like, "Hey, have you ever thought about being abolished?" They're usually like, "Yeah, totally have a beer."
Elle 37:10 Right. No, it's...
Margaret 37:11 Yes.
Elle 37:11 For sure. Um, but when it comes to when it comes to thinking about, you know, the anarchist threat model, I think that a lot of us have this idea of like, "Oh, the FBI is spying on me personally." And the likelihood of the FBI specifically spying on 'you' personally is like, actually pretty slim. But...
Margaret 37:34 Me?
Elle 37:35 Well...
Margaret 37:37 No, no, I want to go back to thinking about it's slim, it's totally slim.
Elle 37:41 Look...But like, there's there is a lot like, we know that, you know, State surveillance dragnet exists, right, we know that, you know, plaintext text messages, for example, are likely to be caught both by, you know, Cell Site Simulators, which are in really, really popular use by law enforcement agencies.
Margaret 38:08 Which is something that sets up and pretends to be a cell tower. So it takes all the data that is transmitted over it. And it's sometimes used set up at demonstrations.
Elle 38:16 Yes. So they, they both kind of convinced your phone into thinking that they are the nearest cell tower, and then actually pass your communications on to the next, like the nearest cell tower. So your communications do go through, they're just being logged by this entity in the middle. That's, you know, not great. But using something...
Margaret 38:38 Unless you're the Feds.
Elle 38:39 I mean, even if you...
Margaret 38:41 You just have to think about it from their point of. Hahah.
Elle 38:42 Even if you are the Feds, that's actually too much data for you to do anything useful with, you know?
Margaret 38:50 Okay, I'll stop interuppting you. Haha.
Elle 38:51 Like, it's just...but if you're if you are a person who is a person of interest who's in this group, where a cell site simulator has been deployed or whatever, then then that you know, is something that you do have to be concerned about and you know, even if you're not a person of interest if you're like texting your friend about like, "All right, we do crime in 15 minutes," like I don't know, it's maybe not a great idea. Don't write it down if you're doing crime. Don't do crime. But more importantly don't don't create evidence that you're planning to do crime, because now you've done two crimes which is the crime itself and conspiracy to commit a crime
Margaret 39:31 Be straight. Follow the law. That's the motto here.
Elle 39:35 Yes. Oh, sorry. I just like I don't know, autism brain involuntarily pictured, like an alternate universe in which in where which I am straight, and law abiding. And I'm just I'm very...
Margaret 39:52 Sounds terrible. I'm sorry.
Elle 39:53 Right. Sounds like a very boring....
Margaret 39:55 Sorry to put that image in your head.
Elle 39:56 I mean, I would never break laws.
Margaret 39:58 No.
Elle 39:59 Ever Never ever. I have not broken any laws I will not break any laws. No, I think that...
Margaret 40:08 The new "In Minecraft" is "In Czarist Russia." Instead of saying "In Minecraft," because it's totally blown. It's only okay to commit crimes "In Czarist Russia."
Elle 40:19 Interesting.
Margaret 40:23 All right. We don't have to go with that. I don't know why i got really goofy.
Elle 40:27 I might be to Eastern European Jewish for that one.
Margaret 40:31 Oh God. Oh, my God, now I just feel terrible.
Elle 40:34 It's It's fine. It's fine.
Margaret 40:36 Well, that was barely a crime by east...
Elle 40:40 I mean it wasn't necessarily a crime, but like my family actually emigrated to the US during the first set of pogroms.
Margaret 40:51 Yeah.
Elle 40:52 So like, pre Bolshevik Revolution.
Margaret 40:57 Yeah.
Elle 40:59 But yeah, anyway.
Margaret 41:02 Okay, well, I meant taking crimes like, I basically think that, you know, attacking the authorities in Czarist Russia is a more acceptable action is what I'm trying to say, I really don't have to try and sell you on this plan.
Elle 41:16 I'm willing to trust your judgment here.
Margaret 41:19 That's a terrible plan, but I appreciate you, okay. Either way, we shouldn't text people about the crimes that we're doing.
Elle 41:26 We should not text people about the crimes that we're planning on doing. But, if you are going to try to coordinate timelines, you might want to do that using some form of encrypted messenger so that whatever is logged by a cell site simulator, if it is in existence is not possible by the people who are then retrieving those logs. And you know, and another reason to use encrypted messengers, where you can is that you don't necessarily want your cell provider to have that unencrypted message block. And so if you're sending SMS, then your cell, your cell provider, as the processor of that data has access to an unencrypted or plain text version of whatever text message you're sending, where if you're using something like Signal or WhatsApp, or Wicker, or Wire or any of the other, like, multitude of encrypted messengers that you could theoretically be using, then it's it's also not going directly through your your provider, which I think is an interesting distinction. Because, you know, we we know, from, I mean, we kind of sort of already knew, but we know for a fact, from the Snowden Papers, that cell providers will absolutely turn over your data to the government if they're asked for it. And so minimizing the amount of data that they have about you to turn over to the government is generally a good practice. Especially if you can do it in a way that isn't going to be a bunch of red flags.
Margaret 43:05 Right, like being in Belarus and using Signal.
Elle 43:08 Right. Exactly.
Margaret 43:10 Okay. Also, there's the Russian General who used an unencrypted phone where he then got geo located and blowed up.
Elle 43:23 Yeah.
Margaret 43:24 Also bad threat modeling on that that guy's part, it seems like
Elle 43:28 I it, it certainly seems to...that person certainly seems to have made several poor life choices, not the least of which was being a General in the Russian army.
Margaret 43:41 Yeah, yeah. That, that tracks. So one of the things that we talked about, while we were talking about having this conversation, our pre-conversation conversation was about...I think you brought up this idea that something that feels secret, doesn't mean it is, and
Elle 43:59 Yeah!
Margaret 44:00 I'm wondering if you had more thoughts about that concept? It's not a very good prompt.
Elle 44:05 So like, it's it's a totally reasonable prompt, we say a lot that, you know, security and safety are a feeling. And I think that that actually is true for a lot of us. But there's this idea that, Oh, if you use coded language, for example, then like, you can't get caught. I don't actually think that's true, because we tend to use coded language that's like, pretty easily understandable by other people. Because the purpose of communicating is to communicate.
Margaret 44:42 Yeah.
Elle 44:43 And so usually, if you're like, code language is easy enough to be understood by whoever it is you're trying to communicate with, like, someone else can probably figure it the fuck out too. Especially if you're like, "Hey, man, did you bring the cupcakes," and your friend is like, "Yeah!" And then an explosion goes off shortly thereafter, right? It's like, "Oh, by cupcakes, they meant dynamite." So I, you know, I think that rather than then kind of like relying on this, you know, idea of how spies work or how, how anarchists communicated secretly, you know, pre WTO it's, it's worth thinking about how the surveillance landscape has adapted over time, and thinking a little bit more about what it means to engage in, in the modern panopticon, or the contemporary panopticon, because those capabilities have changed over time. And things like burner phones are a completely different prospect now than they used to be. Actually...
Margaret 45:47 In that they're easier or wose?
Elle 45:49 Oh, there's so much harder to obtain now.
Margaret 45:51 Yeah, okay.
Elle 45:52 It's it is so much easier to correlate devices that have been used in proximity to each other than it used to be. And it's so much easier to, you know, capture people on surveillance cameras than it used to be. I actually wrote a piece for Crimethinc about this some years ago, that that I think kind of still holds up in terms of how difficult it really, really is to procure a burner phone. And in order to do to do that safely, you would have to pay cash somewhere that couldn't capture you on camera doing it, and then make sure that it was never turned on in proximity with your own phone anywhere. And you would have to make sure that it only communicated with other burner phones, because the second it communicates with a phone that's associated to another person, there's a connection between your like theoretical burner phone and that person. And so you can be kind of triangulated back to, especially if you've communicated with multiple people. It just it is so hard to actually obtain a device that is not in any way affiliated with your identity or the identity of any of your comrades. But, we have to start thinking about alternative mechanisms for synchronous communication.
Margaret 47:18 Okay.
Elle 47:18 And, realistically speaking, taking a walk in the woods is still going to be the best way to do it. Another reasonable way to go about having a conversation that needs to remain private is actually to go somewhere that is too loud and too crowded to...for anyone to reasonably overhear or to have your communication recorded. So using using the kind of like, signal to noise ratio in your favor.
Margaret 47:51 Yeah.
Elle 47:52 To help drown out your own signal can be really, really useful. And I think that that's also true of things like using Gmail, right? The signal to noise ratio, if you're not using a tool that's specifically for activists can be very helpful, because there is just so much more traffic happening, that it's easier to blend in.
Margaret 48:18 I mean, that's one reason why I mean, years ago, people were saying that's why non activists should use GPG, the encrypted email service that is terrible, was so attempt to try and be like, if you only ever use it, for the stuff you don't want to be known, then it like flags it as "This stuff you don't want to be known." And so that was like, kind of an argument for my early adoption Signal, because I don't break laws was, you know, just be like," Oh, here's more people using Signal," it's more regularized, and, you know, my my family talks on Signal and like, it helps that like, you know, there's a lot of different very normal legal professions that someone might have that are require encrypted communication. Yeah, no book, like accountants, lawyers. But go ahead.
Elle 49:06 No, no, I was gonna say that, like, it's, it's very common in my field of work for people to prefer to use Signal to communicate, especially if there is, you know, a diversity of phone operating systems in the mix.
Margaret 49:21 Oh, yeah, totally. I mean, it's actually now it's more convenient. You know, when I when I'm on my like, family's SMS loop, it's like, I constantly get messages to say, like, "Brother liked such and