Elisabeth Woldt (CC-BY-NC 2.0)
Digital security should start in the classroom
Why journalism schools?
Mastering digital security is one of the best ways journalists can protect themselves and their sources in the digital age. At Freedom of the Press Foundation, we regularly work with news organizations to lock down their social media accounts, encrypt their communications, and mitigate online harassment.
But the best place to most reliably address this need is within journalism schools, where student reporters are already learning many of the skills they will need in a contemporary newsroom. We know many programs feel underprepared for education of this kind, so we built this curriculum to better support J-schools’ goals for digital security education.
How you can implement at your school
We have created modules responsive to a variety of digital security topics. We offer two pathways for constructing your course: One, larger and customized for your needs, and a second that is a short workshop. Going through the README will help define how the modules below can be used.
We intend for this resource to be used by journalism professors and educators looking for a starting point for digital security education. Ultimately, it’s our hope that by tinkering with these materials, you might take advantage of the parts most useful or inspiring to you, and make this curriculum your own.
Open source and free to use
Unless otherwise noted, this curriculum is Creative Commons-friendly (CC-BY 4.0). With attribution, you can use or modify it as needed. We only ask that you let us know how you use the curriculum, so we can better understand their impact and improve the materials.
We're thrilled that you are reading this, because it means you're taking a step toward equipping your students to protect themselves and the people around them, while they work on the web. We put together this README to let you know what's in the curriculum, how it all fits together, …
This module will not provide an exhaustive look at this topic, but will instead provide the starting point for students to know how to investigate their digital security questions as needed.This lecture and activities will briefly introduce several foundational topics on digital security, including the basics of threat modeling, …
Note that you will not use this module if you are not conducting an extended course on this topic.This (optional) conversation may be used to introduce the broader course. It will begin by examining the importance of the topic, additional prompting about what topics are covered, and will include …
Threat modeling is foundational to thinking through security broadly, and we therefore introduce it before several other more technical topics. We first encourage the use of physical metaphors (e.g., choosing how and where to lock a bicycle) before introducing digital applications to help beginners understand how they may already create …
This module opens by walking through examples of targeted harassment, followed by a self-doxxing activity, an activity to opt-out of a data broker service, and discussion time. Because some students may have personal experience with harassment and doxxing on the web, if this class environment feels safe enough to do …
Because the behavior of telecommunications networks and the internet is so foundational to realistic threat modeling, this section should be used before any subsequent discussion of chat tools designed to protect network-level communication like Signal, or tools that encrypt and tunnel traffic, such as VPNs, or Tor. This section opens …
This module begins with a walkthrough of a few examples of legal requests that have affected news organizations' communications, with emphasis on the underlying authorities and how they might apply more broadly. In the latter half of the lecture, instructors may ask students to investigate a transparency report for a …
This section is intended to quickly introduce chat safety considerations through some examples of tip channels currently supported by newsrooms, followed by discussion time, and finally, hands-on installation of the Signal app. Students may need time to troubleshoot, so we encourage pairing students, and being prepared to help students if …
This module briefly opens with an introduction to the lack of end-to-end encryption in standard cloud and backup services, and closes with an activity to send the instructor a password-protected file over Tresorit Send, an end-to-end encrypted service.Note the Keybase homework assignment will require instructors to sign up for …
This module opens with an introduction to the need for location obfuscation techniques, and what a VPN does. Instructors may then talk through basics of IP addresses, Virtual Private Networks, and the Tor network. Students will be asked to install Tor and navigate to the New York Times SecureDrop .onion …
This module opens with an introduction to common attacks on online accounts, and the need for two-factor authentication. It then moves on to a few activities having students investigate the security of their own passwords, and where they might set up two-factor authentication for their primary email provider. It closes …
This short module opens with an introduction to the problem space (password reuse), followed by introducing password managers, and optionally having students install one and sign up for an email with a randomized password.PrerequisitesThreat modeling(Good to know) Authentication - Part 1Estimated time20-25 minutes (35-40 minutes …
This short module opens with a video of a social engineering professional showing off her skills, then moving on to some psychological principles and tactics underlying social engineering approaches. Next, it includes a brief activity asking students to a consider how a social engineer might get their credit card number. …
This short module opens with a short introduction to malware with a video, followed by slides with a few examples of malware targeting journalists, and finally, opening up to a discussion of how students understand the likelihood of this happening in their work, and what they should do in response. …
This module begins with a short discussion about information hidden in files, and the potential risks tied to file metadata. It follows with a short exercise to have students find the file metadata embedded in a photo, followed by discussion of risk minimization.PrerequisitesThreat modeling(Good to know) Malware …
This module should be short, introducing the problem with a video, and open a discussion with students about full disk encryption and strong password protection.PrerequisitesThreat modelingEstimated time20 minutesObjectivesUpon successful completion of this lesson, students will be able to analyze the risks associated with device …
This section on surveillance tools used by law enforcement is discussion focused, and intends to get students to think critically about the relationship between surveillance, privacy, and transparency. It begins with lecture canvassing a variety of law enforcement surveillance technology, based on research from from the Electronic Frontier Foundation. Afterward, …
This section is intended to be presentation-heavy. It opens with a short video explaining the foreign intelligence surveillance court, followed by another introducing NSA whistleblower Edward Snowden. The legal material can be somewhat dry, so it's especially important to focus on the surveillance capabilities outlined, followed secondarily by the authorities …
Because this is a challenging topic, we strongly recommend the prerequisite modules before getting started. Likewise, it may be most appropriate for students who plan on pursuing journalism professionally.This module opens with a presentation outlining publicly documented examples of compromised sources, and then moves onto an activity requiring students …
This module focuses on how to prepare and what to expect for those traversing the U.S. southern border, centering journalists serving border communities.Unlike most modules in the J-school security curriculum, it begins with a somewhat distinct perspective on risk assessment, adding further emphasis on individual attributes (e.g., nationality) and …
When we imagined materials we have personally found useful, we found inspiration from other projects that are also important resources for instructors:
This resource drew on the experience of countless people at the intersection of digital rights, journalism, and education. We particularly want to thank…
Join our email list to stay up to date on the issues and learn how you can help protect journalists and sources everywhere.
