We're thrilled that you are reading this, because it means you're taking a step toward equipping your students to protect themselves and the people around them, while they work on the web. We put together this README to let you know what's in the curriculum, how it all fits together, and how to use it.

What’s in this curriculum?

In our research we’ve learned that many programs lack the space and time to allow for in-depth security coursework, because it competes with many other important education priorities, such as those required in their accreditation process. We know most programs don’t have the capacity to accommodate a full digital security course, and when they do, it’s usually not mandatory. We therefore use short modules on various topics to help educators integrate lessons into ongoing coursework, to ensure these materials can be used in a realistic timeline.

The curriculum outlined here includes contemporary digital security issues in journalism pertaining to risk assessment, how communication systems work, government and law enforcement surveillance policy and practices, communication security, authentication practices and more. While these lessons include a variety of examples from work in newsrooms, these lessons also apply to safer navigation of the web and computing more broadly.

We have deliberately structured all modules so that they can reasonably be used in either online or in-person courses.

Our lessons are intended to encourage critical thinking about risk management. We make decisions about risk all the time — deciding whether it’s necessary to lock a door behind us, for example. It’s our hope that this will make students more confident in developing appropriate safety measures during their reporting.

Some topics are more advanced than others. While we offer recommendations on how to introduce these topics in sequence, much like other coursework, the modules may be restructured to account for the needs of your course.

What have we chosen not to include in this curriculum?

There are a number of topics we have chosen not to include primarily because they go beyond the scope of the intersection between digital security and newsrooms. For example, we considered but ultimately chose not to cover…

• Computing 101: We are aware that some courses require computing fundamentals (e.g., file structure) before getting into concepts surrounding digital security. Because they are not specific to digital security and apply across a much broader spectrum of issues covered in J-schools, we do not cover these fundamentals here.
• Cybercrime: We’ve chosen to only focus on cybercrime to the extent that it impacts newsrooms.
• Threat groups: Because we take a risk management-based approach, the curriculum focuses on types of attacks and surveillance techniques. While a number of specific groups (e.g., hacker collectives) are worthy of discussion in their own right, we focus on capabilities that we know affect newsrooms.
• Physical safety: As a digital security curriculum, we focus on physical threats only to the extent that they interact with digital security (e.g., when visiting a protest). To provide more in-depth training to student journalists on physical safety we would encourage taking a look at other excellent resources, particularly the Journalist Safety Curricula maintained by the James W. Foley Legacy Foundation.
• Legal systems beyond the United States: This curriculum is inspired by our own research with U.S. journalism programs, and we cannot speak to the risks to journalists with distinctive legal systems.

We also have chosen not to include some materials.

• Evaluative materials: Recognizing each program has very different learning requirements and approaches to evaluation, we have not included evaluative materials such as test questions or rubrics. However, if there is enough interest in suggestions for evaluative materials we are open to working with instructors to develop them.

While these topics are not currently covered, we are always open to suggestions on expanding these materials to make them more useful to journalism instructors of all backgrounds.

How do I use it?

In our list of modules, take a close look at the modules that are most appropriate for your students and most closely tied to your existing lesson plans. Modules include suggestions for the lesson, but may be reconfigured for your needs. We currently have over a dozen modules addressing various aspects of digital security. Unless otherwise noted, this curriculum is Creative Commons-friendly (CC-BY 4.0). With attribution, use or modify it as needed! We also ask that you let us know how how you've integrated the curriculum into your work so that we can better understand its impact and improve the materials.

We recommend identifying the modules most useful for your course, we also have one stand-alone module, “Digital Security 101,” which briefly introduces many of the concepts in more intensive modules. This route provides less time to consider the concepts carefully, and less “hands on” time for activities. Note, if you do choose to reconfigure a module substantially, be mindful that it still fits with any subsequent lessons.

• Prerequisites: Some modules build on one another, and we therefore recommend presenting them in order. You can check to ensure you’ve already covered foundational topics before jumping into a more specific module.
• Estimated time required: A rough estimate how long the entirety of the module (including instruction and discussion time) may take if conducted with the suggested outline.
• Learning objectives
• Why it matters
• Homework: Most modules include suggested assignments before and sometimes following in-class lessons.
• Sample slides: While we anticipate instructors will curate their slides for their students, we have provided some samples to inspire you to get started. Like all of our materials, unless otherwise noted they are Creative Commons licensed, and may therefore be customized and shared with attribution.
• In-class activities
• Suggested discussion questions

Our digital security curriculum modules

We have two pathways: A digital security course with several modules — allowing you to also pick modules you'd like to focus on — or the stand-alone introductory module.

For the first pathway, the digital security course, some topics build on more foundational concepts (particularly threat modeling). We therefore recommend paying close attention to the prerequisite modules and presenting them in order. For the second pathway, Digital Security 101 can be presented on its own.

All modules can be found at our U.S. Journalism School Digital Security Curriculum landing page.

Complementary resources to support your course

The modules do not require any assigned readings, nor other types of media, but if you are looking for recommendations to add to your existing digital security coursework, we have some opinions!

Candidates for assigned reading

• (~$30.00) Information Security Essentials A Guide for Reporters, Editors, and Newsroom Leaders, by Susan E. McGregor
• (Free, or ~$28.00 for physical copy) The End of Trust, by the Electronic Frontier Foundation and McSweeney's
• (~$26.00) Journalism After Snowden: The future of the free press in the surveillance state, Emily Bell and Taylor Owen (Eds), with Smitha Khorana and Jennifer R. Henrichsen. (Specifically chapters "The Snowden Effect on the NSA and Reporting" and "Digital Threats Against Journalists")
• (~$30.00) Active Measures: The Secret History of Disinformation and Political Warfare, by Thomas Rid
• (~$19.95) How the Internet Really Works, by ARTICLE 19
• (~$17.99) The Panama Papers: Breaking the Story of How the Rich and Powerful Hide Their Money by Frederik Obermaier and Bastian Obermayer
• (~$69.99) Digital Whistleblowing Platforms in Journalism, by Philip di Salvo
• (~$16.99) Influence: The Psychology of Persuasion, by Robert Cialdini. Note: As a text many professionals look to, this book best complements the social engineering module.

Theory reading candidates

• (Free) Bentham, Deleuze and Beyond: An Overview of Surveillance Theories from the Panopticon to Participation, by Maša Galič, Tjerk Timan & Bert-Jaap Koops
• (Free) Privacy as Contextual Integrity, by Helen Nissenbaum
• (Free) I tweet honestly, I tweet passionately: Twitter users, context collapse, and the imagined audience, by Alice E. Marwick & danah boyd
• ($25.95) Dark Matters On the Surveillance of Blackness, by Simone Browne

Film candidates

Do you remember when teachers would roll in a tube television, pop in a VHS, and that was a day of class? There might be times you want to do that. To that end, we have a "watch list" to complement your digital security coursework.

• Citizenfour (2014). A documentary film directed by Laura Poitras, following Edward Snowden, as he evaded U.S. extradition following disclosures to news organizations about the NSA's mass surveillance programs.
• The Vula Connection (2014). A documentary following Tim Jenkin, an activist who developed encrypted communications networks on behalf of the banned anti-Apartheid movement in South Africa.
• The Lives of Others (2006). This film is about surveillance of East Berlin residents by the Stasi, East Germany's secret police.
• The Conversation (1974). This film follows the life of a surveillance expert whose investigation reveals a potential murder.
• Hackers (1995). This film revolves around a group of teenage hackers, one of whom is framed in a corporate extortion plot. The entire film is set to the tune of electronic music and nonstop computer-generated digital landscapes, to accompany the expert hacking montages.
• Field of Vision: The Surrender (2016). A short (~33 minute) documentary film examining Stephen Kim, a State Department intelligence analyst who went to prison, charged under the Espionage Act after speaking to a reporter.

Podcast candidates

• Darknet Diaries: Short, well-narrated and researched stories about hackers and digital attacks. Most episodes are about an hour long, and generally come out every two or three weeks.
• Lawfare podcast: Lawfare is a go-to blog for legal and policy commentary on the intersection between national security and technology from experts in the U.S. and abroad. A typical episode is about an hour long, and it's common for the podcast to have at least a few episodes every week.
• Security Now: Security Now offers technical deep dives for and by security practitioners, with an eye to recent information security news. While some of the concepts are "inside baseball" to the security space, the hosts often explain the details for beginning practitioners. Most episodes are around two hours, and new episodes come out each week.
• Cyber, by Vice Motherboard: Cyber is all about hacking, surveillance, and security news. Because Motherboard produces a regular stream of original stories themselves, the journalists also unpack stories you might not have heard elsewhere. There is a new episode each week, and they typically run about half hour.
• SANS Internet Storm Center: SANS is a cooperative for information security, and offers the Internet Storm Center as one way to quickly gather updates for security professionals. To that end, it can be pretty technical, and unfortunately does not spend much time slowing down for beginners, but it is an extremely efficient at providing pointers about what the industry is concerned about today. Each episode is about five minutes, and comes out nearly every day.
• The Layer 8 Podcast. The Layer 8 Conference focuses on social engineering and intelligence gathering techniques, and is also home to a podcast that brings on dozens of professionals who talk through these issues with fascinating stories. Each episode varies in length but is typically between 30-60 minutes, and when their season is active, each episode comes out weekly.

Organizations to reach out to for speakers

• Freedom of the Press Foundation: https://freedom.press/contact/
• Electronic Frontier Foundation: https://www.eff.org/about/contact
• Center for Democracy and Technology: https://cdt.org/contact/
• Access Now: https://www.accessnow.org/contact-access-now/

Other digital security resources for your reference

• Before getting started, instructors should consider reviewing some related beginner-friendly newsroom security training material, organized with help from OpenNews and dozens of journalists and security experts working in media. Some parts are slightly out of date, but it is still a great resource to review: securitytraining.opennews.org
• Freedom of the Press Foundation keeps up-to-date security guides and blogs about contemporary issues in journalist security: https://freedom.press/training
• Electronic Frontier Foundation provides the Security Education Companion for instructors who are diving into digital security: https://sec.eff.org
• Electronic Frontier Foundation's Surveillance Self-Defense guides are helpful for step-by-step resources as well: https://ssd.eff.org/
• Consumer Reports maintains an excellent tool for creating custom security recommendations based on a brief questionnaire about your needs: Security Planner
• Global Investigative Journalism Network maintains this lengthy meta-list of digital security resources: https://gijn.org/digital-security/
• Pen America runs a great resource for learning about harassment of journalists and how to address it: Online Harassment Field Manual

Last thing to think about

Like any course, assessing students’ prior knowledge before choosing where to start is critical. But when discussing personal security, it’s important to recognize that some of these topics pertain to difficult situations students have experienced themselves. Some of these topics feel benign, while some feel challenging or even traumatic, such as experiences of harassment and doxxing. This means approaching these topics with mindfulness toward students’ interpretations, and in a safe environment.

Likewise, maybe these topics are very personal to you. We are here to support you along the way.

Contact and feedback

Educators in the field are ultimately the best judge of what works, and what doesn’t. We welcome your thoughts on what we can do to make these materials most useful to you, and how we can better support you.

For feedback or questions, reach out to anyone on our digital security team (Harlo, Olivia, David, Martin) or contact us at freedom.press/contact.

If you'd like to receive regular updates on the curriculum and suggestions for integrating the latest in digital security news into your coursework, we also have a monthly newsletter on the curriculum. Subscribe here: https://freedom.press/training/jschool-newsletter/

• Freedom of the Press Foundation Digital Security Team