Data security in crisis situations

Shout out to Baron Oldenburg and Eleanor Saitta for feedback on this post!

Information is flying around fast and loose as you try to help people in need. Anyone who has capacity to help has been added to a spreadsheet tracking needs. If you’re in the thick of it, this piece isn’t for you yet. But even in those moments, be careful about who you share sensitive data with – there are big ramifications later if you get it wrong.

But when you can come back and slow down a little bit to think about the longer-term ramifications of data, you should come back and investigate this. Because while getting people the immediate help they need as quickly as possible is more important than keeping their data safe, the long term impacts of a data leak could put people already in harm’s way further in harm’s way. Example: collecting immigration status when determining which shelters will work for which folk could open you up to a subpoena or backdoor that leaks the data.

So far, I don’t know of any data breaches from community-led crisis response, but it’s frankly a second disaster waiting to happen. People offer admin access to EVERYONE involved in order to feel equitable. People are then scared to remove admin access to things because they don’t want to upset anyone. This leaves a very large attack surface for something to go wrong even beyond the flaws of the tool itself. So limit how many administrators you have, and have a regular cadence to check in on who has access as an admin and otherwise. Set up an impersonal rubric to remove access (“hasn’t accessed this data in x days” or “we’ll only have 3 admins, and we talk monthly about who is best in those roles” are two examples). 

To limit the impact of a data breach, collecting ONLY necessary data is the best way to design. You don’t need to be collecting demographic data unless you’re running an equitability study later. Example: address and risk level shouldn’t be cross referenced unless absolutely vital. 

Do not use one shared login for vital or administrative accounts. Most tools worth their salt will allow you to have multiple accounts log in for the same view, so set people up with individual accounts so the account access can be managed. Any person with a shared login will be able to change it for everyone else. 

Retrofitting later is a pain, but is worth the pain. If you’re in a place where you can migrate to a new tool for a longer-term vision, I’d recommend mapping out tool options against group considerations. I do a grid with rows for technical options, and columns for things I care about. Things like longevity of data, alignment of the org with your group’s politics, who the data is visible to, if the data can be sold to external parties, relationship with law enforcement, etc. I then indicate how aligned with my goals each option is, and discuss the resulting grid with the rest of the tech team. Here’s an example grid for picking which messaging platform to use with each other:

If you’re able to turn on multifactor authentication (MFA), that’s another point where you can limit who the admins are. Doing this can slow some things down and be at odds with people being able to take the day off, but it’s another vector along which security can be tightened up as things slow down in the response. 

As an individual thing, Google Advanced Protection is worth turning on if you’re using Google tools. If you’ve got a workspace domain that’s being used in the response, all the admins should have it on, even if you’re just using people’s personal ad hoc accounts for most of the response work. We’re generally in favor of keeping data in Workspace even for many sensitive NGOs in complex situations because it keeps it off of individual devices and out of chats/email where it’s hard or impossible to purge, update, or track access. This of course presumes you have good connectivity, but so do most of these tools.

If you do have to have shared accounts for some things, using a password safe that gives you shared vaults can let folks log in without having direct access to the password if they’re willing to install the plugin — mostly for third party logistics or data feeds or whatever, not for the primary collaboration tools.

What else should folks be doing?

Spontaneous Unaffiliated Volunteers

Anytime there’s a crisis, there’s a flood of people showing up to help. They’re called “spontaneous unaffiliated volunteers” (SUVs) in crisis response circles, and they’re generally considered a chaos amplifier. They’re mostly seen as getting in the way, of being untrained and untasked, and often as not being willing to be trained or tasked.

And at the same time, the amount of work to be done is huge, and there are never enough hands. These folks have dropped everything in their lives because their hearts have been broken open, and they are here to help.

So how to manage this?

When people show up, they are either there to help, or there to “help.” They are either there to serve others, even if it means digging the latrine pit; or they are there to feel better about themselves. Discerning this early on in your intake flow is vital. One way I’ve seen to do this so far is to give someone a task that is not very important (but still engaging) and see what they do with it. If they deliver on it and ask for more, they’re good to go and you can give them more visible things. If they dawdle, take lots of selfies, and ask for other work; redirect them to things that keep them out of the way like sorting and keeping things tidy. They’ll usually phase themselves out.

What are other ways to discern between these groups?

Arc of disaster response

There’s this standard graph of needs versus resources that emergency managers use.

A chart with two lines. X axis is time, Y axis is level. A red line indicates need, which starts flat, then quickly rises and then slowly dips before restabilizing. A blue line indicates resources, and also starts off steady but dips quickly after a crisis point. It rises until it is over the dipping need line, then restabilizes alongside the need line.

It indicates that needs for an area are usually pretty steady, but when a disaster strikes, needs rise. Needs rise because some resources are destroyed and because people are distressed and injured (needing more resources than usual). 

It also indicates that access to resources diminishes but then sees a huge surge in delivery, which then falls off. Access to resources fall when the infrastructure to maintain (like refrigerators) and gain (like a grocery store) might be out of commission, but then rise as external resources flow into the area, and then level off again as infrastructure is regained and external attention wanes. 

This is also aligned with what I’m theorizing is the arc of engagement. In this, frontline populations (hey that’s you!) are ALWAYS the first to respond. As official response comes in, frontline populations can take a bit of a breather, but then step up again for the transition from official response to the new normal. 

This also leads to some tensions – official response, while well practiced and educated in how to do response in general, do NOT know about the specifics of your region or your community’s needs. There are some time periods where you will need to show up and advocate for your unique situation, even if people providing you much needed resources struggle to listen. We are writing them a guide in HOW to listen, but YMMV. 

The place you come in best while official responders are here are in last mile logistics and data. They will be deploying to large parking lots and trying to get people to go there to pick up resources and detail damage. You can gather that information from your at risk neighbors and coordinate with all your neighbors about which resources to prioritize, then bring that to the official responders.

Pablo

I was going to have lunch with Pablo and Janot in two weeks.

I met Pablo through John Crowley, as a part of the Boston area humanitarian and disaster response gang. He was instantaneously one of my favorite people – intense, warm, and utterly fixated on making things Better. He had somehow landed a gig with the International Red Cross Red Crescent teaching about climate science and probability through game mechanics.

He taught me that I didn’t need to be so serious in my approaches. He taught me people are willing to be vulnerable if you provide them some scaffolding and simply ask them to dive in, assuring them that uncertainty is a part of all that we do and that not knowing how to play the game couldn’t prevent you from playing it.

He helped me, the anxious, risk-averse, hermit that I am, not only take risks, but ask others to do so as well, and to make the whole thing playful. Of COURSE you strike out sometimes, that’s how probability works. Of COURSE it’s not a reflection on your moral character when you strike out in a game or on a project, that just means you’re trying new things.

He died unexpectedly weekend before last. There are now nearly 500 of us in a wide-ranging international WhatsApp group trading stories of how he touched us and changed the world for the better.

For me, there are four main times that stand out.

Continue reading

Ketamine Assisted Psychotherapy (KAP) for the scientifically inclined

As mentioned in this post back in April, I’ve been doing Ketamine Assisted Psychotherapy, or KAP. While it started as a way to address birthing parent trauma, it has rapidly turned into a powerful tool for me. My anxiety levels are way lower, I’m having difficult conversations at home and at work with more confidence, and I feel more engaged in life in general. You can even tell my how much more often I’m blogging that I’m feeling myself again. This is so effective for me that I wanted to share my setup as a person mostly invested in science, as the KAP practice tends to be quite woo.

Continue reading

A subtweet from a small town queer

So, I help produce an art and music campout that happens in California every summer. I’m on the People team (dealing with conflict, consent violations, etc) and am a general coordinator for the overall event. I’ve done this on and off for about 5 years of the 18 years it’s been running. And after this year, I have to say: are the straights and younguns ok? This entire entry is a subtweet to both straight people and young people who seem to think they can’t be in community with their exes.

Continue reading

Calling artists and authors to help with a response zine!

As some of you know, I have cared about crisis response for a long time. And now, as a side project, as furthered recently at my birthday conference, I’m working on a guide for the formal sector to interact with the informal. I’m also starting work on a zine for informal groups to know what’s up in times of crisis. The informal groups are harder to reach as you don’t know who they are in advance, and so our goal is to make this zine something the formal sector is willing to hand off, something that is findable online, and something that activist groups might seek out themselves in advance.

I’m really excited about it, but it’s also a LOT of work. And I’m not the only person with writing or artistry skills out there, so I’d like to use this as an opportunity to commission some work. There’s a form at the bottom of this blog post to sign up for a section if you’re interested. What follows immediately are short write-ups of areas I think need better words and/or a piece of art to express.

Basics of response

Reviewing in an informal way things about WASH and food safety, plus common sense for physical safety for collapsed buildings (unit 7) etc. Slow is smooth and smooth is fast, it’s worth moving carefully. Would require some independent research to figure out what is being detailed by official sources.

Data safety

You’ll be setting up some basic things immediately – a place to chat (mailing list, Signal group, etc) and a place to store information (wiki, Google Drive, etc). When a crisis first kicks off, data is gathered fast and loose, and access is given to anyone who might be able to help. That is expected and we get it. However, after time wears on and things stabilize a bit, some thought needs to be given to data retention and security, including who has access to what.

Limit how many administrators you have. Use secure-enough tools, limit who has access, send over encrypted channels. Retrofitting is a pain, but is worth the pain. Do your best in the moment, without sacrificing efficacy.

This would be a conversation we have to flesh out details you might be interested in and to highlight what I think is important and reasonable here.

Sustainability & leadership

At odds with a do-acracy, it makes more sense to select each other for leadership positions. Be wary of narcissism, usually indicated by someone wanting full ownership of something. Quiet, competent leaders are great in American cultures. This is something for conversation if you don’t already have a background here.

Self and community care

Support your leaders, IE if they’re a single parent, get them child care support while they coordinate. Taking at least one day off a week is necessary. You cannot go all out indefinitely, and your work will suffer if you try to. Rotation of duties is an excellent way to build resilience of responsibility in your community and to strengthen things by knowledge sharing. Feeding the group is important work. Etc. This would be great for someone passionate about governance structures and self care. Happy to have conversations about this and the sub topics to deepen the thinking here, but if you’re already familiar with self organizing structures, you’ll have a great start.

Documentation

Documentation often seems like the BIGGEST waste of time, but it is SO important. It will help you with handoff to other people (sustainability), it will help you communicate and coordinate with other groups (impact), and it will help you tell your story later (learning). Share outward as much and as often as you can handle, it will help everyone, and they in turn can help you.

A documentarian can be see as an apprentice to a role, writing down what they’ll do as they learn about it. This builds resilience in your group in multiple ways.

Happy to have a conversation about this one, but if you already love libraries and/or wikis, you’re probably set here.

Dealing with money

Eventually, someone will probably want to give you money, or you’ll start running into ways that you’d like to get money to spend on certain things rather than always coordinating material goods directly. Some groups, like Occupy Sandy, just estimate that they’d like 10% to fraud and that it would cost 15% in overhead to track, and so just gave away cash to projects based on donations flowing in. Other groups, like Humanitarian OpenStreetMap Team, ended up forming a 501c3 so they could better accept funds to pay for people’s airline tickets. Each comes with risks and benefits. This would be a conversation with me and some other folks to get you set up on models and information.

Failure modes

Formalizing your group in different ways (often done to deal with the money problem) leads to different types of failure. People who form businesses (disaster capitalism) usually end up failing as a business because they thought their one-off crisis lessons applied everywhere else. Right-wing response groups over optimize for centralizing power, especially when things are going sideways, which leads to bits of the group breaking off to do their own things. Leftist response groups fail to build consensus around the next actions to take and dissolve. A conversation can be had here.

Some tips for interacting successfully with the formal sector

Like it or not, the formal sector is probably going to show up at some point and try to deploy to your area. Here are things to know about how they work and what they expect that can help everything run more smoothly. I’d write the intro to this section, but the subsections can all be conversations if they’re not clear enough already.

Have a person the formal sector can talk to

A broker liaison could be someone who has done CERT training or that otherwise has worked within a command structure before. They should be open to understanding where the formal groups are coming from, but firm in what will and won’t be accepted by the community. They will need to be available for lots of informational meetings. This is how the formal sector thinks of these folks. If someone wants to prepare for this in advance, FEMA’s independent study is great.

Flying drones

Drones are a really great way of checking out your area to see what is going on. However, if any planes are up in the air, the drones have to come down. Low flying planes are used to take photography for damage assessments to see where resources should be sent, as well as being used occasionally to deliver supplies, so they’re an important part of response and shouldn’t be interfered with (unless you’re in an adversarial environment).

Rule of thumb

If there is a SERIOUS safety issue, like a hazardous spill, if you cannot cover the entire area from view while holding up your thumb, you are too close.

Where and how your formal sector colleagues can talk with you

Formal entities can (and should!) be held accountable for decisions they make and actions they take. This means all communication has to be audit-able, which means they can’t talk to you on something like Signal. Their systems are also often locked down so they can’t install the latest and greatest new collaboration tool. Being willing to join them where they’re at (if they can get you an account) and/or to find new third places is a key component to opening up communication.

Interested in helping out?

Interested? Here’s a form to fill out to indicate interest! I’d love to see responses in by July 22nd. When estimating, please be kind to yourself, but while I’m making Bay Area money (NOT software engineer money), I also have a kid and stuff. I have worked as a contracting artist before and will limit myself to 2 revision rounds on each thing. You will absolutely be credited in the zine. You’re welcome to reach out to willow dot be el zero zero at gmail if you have any questions or want to see how progress is going.

Swim out of the Fishbowl

This is part of a series on my Santa Perpetua tattoos. You can read the rest in the tattoo category on this blog.

The next one came up about one of my great loves, made manifest in a phase of my life. I have always loved the concept of liminal1 space. I first became aware of it as a concept at the Ann Arbor Film Festival2, spending 3 minutes with the audience watching a minute hand move from just after one marker to just before another on a watch face, the movement so slow it was imperceptible until they showed where it had started. The idea of being between things intrigued me. I cherished it when traveling constantly, always in airports and rarely anywhere at all. It was good to have a name for a space that can be so exhausting when I was between work, before I had realized that work didn’t need to be my identity.

When Reed and I started trying to get pregnant, I realized the roller coaster of waiting, then not knowing, and then of one moment of clarity followed by the same cycle every month might break me. Given how much Santa Perpetua and I had talked about liminal space in previous rounds, I figured it was time to go all-in on that topic.

Willow rides a bike. Towards the top of their left arm is a circle with the numbers 39 40 on it, a city scape above it, and a forest with a ship below it. Blue water color streaks down the arm, with numbers alongside it, down to the wrist. At the wrist is a cute little fish.
Continue reading

Killing ants

This is part of a series on my Santa Perpetua tattoos. You can read the rest in the tattoo category on this blog.

Now that Santa Perpetua and I had started our collaboration and set up for future work, it was time to dig in and really explore some existential angst. The next one was about my political ideology, the tension I feel behind nearly every act I take, and was one of the originating conversations behind Jigsaw Renaissance1. And that is – what is the responsibility of the individual, and what is the responsibility of society? When one is out of alignment with the other, which course corrects, how, and how much? If they’re both doing ok, should more attention and intent be paid to further progressing the individual or society? I tend to lean towards societal progress, but I also deeply respect and acknowledge individual autonomy and inclusion in that as necessary but insufficient.

Tilde and Willow's right thighs are nestled together, with Tilde's tattoo of purples and greens with a mirrored person as posable figure on one side and a more realistic human on the other. Behind the realistic person, water color and shapes. Beyond the model, simpler shapes and more contained colors.

On Willow's thigh, a circle surrounds two children poking at an ant hill. Outside the circle, a child's sillouette looks at plants in orbit. Another small circle holds an ant. There is blue and black water color around it all.
Continue reading