Friday, October 20, 2017

Open Policy + Advocacy at MozFest 2017

It's been a difficult year. Hacks, breaches, foreign interference in national elections, nationalism and racism rearing their ugly heads on the global stage, just to name a few challenges. And while MozFest doesn't try to solve all of these problems, we are focusing this year's Policy and Advocacy related sessions on building a better digital future for all.

In previous years the MozFest "spaces" have been organized around programmatic areas of work that Mozilla and our partners focused on. This year, we've organized around our Internet Health Issues. This means the Policy and Advocacy sessions will be interspersed throughout the building. The team has a great new scheduling app to help guide you through the week; to find the Open Policy & Advocacy sessions, click on the three lines on the lower right which pops up all the spaces and tracks:

Don't forget to click "apply" in the upper right, or it won't filter properly!



  • Decentralization and Dignity against Digital Colonialism: a debate with the World Wide Web Foundation and others about control and freedom not of the individual, but of entire populations and regions by tech companies.
  • Just Numbers: a workshop with the ACLU and others to introduce how police and law enforcement collects data from citizens through surveillance equipment, followed by a discussion on how to analyze open records and government datasets. 
  • Mozilla -- A role model for modern diplomacy: a discussion with Open Labs Hackerspace about how technology affects diplomacy and policy-making around the world.
  • Where did the internet go? Fighting shutdowns around School Exams: A discussion with Access Now about governments who use school exams as a pretext for clamping down on free expression to block, filter, jam or other wise obstruct access to the internet.
  • Will the Open Internet Survive?: a conversation with tech policy experts about different approaches to net neutrality legislation in the US, EU, India, and Brazil.
  • The Big Open -- Joining Forces on the Quest for the Free and Open: A mapping session with Wikimedia, Creative Commons, and Mozilla to show where our communities are joining forces, and where the opportunities still exist.


  • Defiance in the Digital Age: a hands-on session to explore creative approaches to social justice advocacy under oppressive societies in unique cultural contexts, and the role of digital platforms in forging these efforts.
  • Enforcing Net Neutrality Around the World: a discussion with experts representing Europe, the US, West Africa, South Asia, and Latin America about how net neutrality laws are  protected and enforced in practice.
  • Internet Shutdown in The Gambia: a conversation with the Give1Project about the economic and social impacts of internet and telecommunications shutdown, and the human rights violations associated with cutting access to information and communications.
  • Open Ears for Open Access: a discussion with SPARC to celebrate global Open Access Week, the Open Access movement, and issues around inclusion, access, and equity in scholarship and academia.


  •  Copyright on data?!?! Whiskey Foxtrot Tango?!: a talk with Wikimedia and friends about how the current EU copyright reform proposes to limit access to data, and a brainstorm about possible future actions to counter this proposal.
  • Copyright Battle: a role-play session with real tug-of-war! to show the current state of the EU copyright reform proposal, and the various stakeholders.
  • Solving the Social Challenges of Artificial Intelligence: Where do we go from here?: A roundtable discussion with Tech Policy Fellows about how AI systems are impacting our day-to-day, where the AI field is headed, and how we can support this conversation worldwide.
  • // Visualising Human Rights: a hands-on session using a dataset from The Centre for Human Rights and Policy Studies to where participants will learn to analyze and create data visualization products that can be used in future advocacy work.
  • Bath bombs and digital rights: a conversation about the collaboration with Access Now and Lush, and how they created the Error 404 bath bomb to amplify the #KeepItOn campaign and raised money to support grassroots digital rights organizations around the world.


  • Blocked! How (and why) to check which websites your ISP is blocking: a hands-on workshop looking at Open Rights Group's website with a discussion about why websites might be blocked, and how to report incorrect blocks to ISPs.
  • Information and Consent: how do we create real data control?: a discussion with data science experts about the challenges citizens have to control the sharing of their personal data within existing data protection laws. 
  • The Right to Privacy in India: A Look at Digital Identification and Aadhaar: a panel with leaders that shines light on the implications of the Right to Privacy judgement on the Aadhaar project, and where the welfare of 1.2 billion citizens goes from here.
  • Our Data Bodies: a conversation with Our Data Bodies exploring how data-driven systems impact the ability of marginalized communities to access basic human needs, and how those communities have been responding.
  •  Towards a Pan-African Culture of Freedom of Expression Online: a discussion with Paradigm Initiative Nigeria, Digital Freedom Fund, and Web Foundation about freedom of expression online in Africa.
  • Data in politics: why privacy matters for free and fair elections: an exploration of hard and soft regulations for online political advertising, privacy protections for voters, and how monitors the effect of information during elections.


  •  Tech for Good: How do we get more technologists working in the public interest?: a discussion led by experts on how to build the community of technologists working in the public interest, and how to create career paths for their work.
  • Tech Policy Fluxx: a hands-on workshop to create a game in the style of the card game Fluxx, where the rules and win conditions change as you play the cards, around internet health issues and about tech policy.


  • Threatened Voices: Activating a Database of Threats Against Digital Activists: a demo of the Threatened Voices database to teach participants how to use the data and visualization tools for research and activism.
  • Ranking Digital Rights Corporate Accountability Index: a review of RDR's Corporate Accountability Index which viewed 22 of the world's most powerful telcos, internet and mobile companies.
  • Speaker Series: experts from around the world share their stories and insight into today's pressing issues. See the full list here.
  • Fringe events: this year, Mozilla Festival has a full list of sessions and activities happening during the week in the lead up to the celebratory weekend. These include:

Wednesday, October 18, 2017

Lean Data Practices for Civil Society Organizations

In the last few months, we've heard reports of crippling hacks of organizations that put their communities at risk. The fact is, civil society organizations (NGOs) that collect data to inform, educate, and activate communities are under attack. And this means our communities are under attack.

After listening to quite a few leaders in the civil society space, I learned that safe data collection and storage practices are rarely baked into the sense of responsibility we feel towards our communities. We know data is important, but we don't always think about how dangerous it can be to hold onto data we don't need. And we're not always thinking about our responsibility to the communities we serve from a digital security perspective.

So with Mozilla's Legal Team, I created Lean Data Practices for Civil Society Organizations, a framework for advocacy organizations to think about their data practices. In this day and age of hacks, breaches, and phishing attacks, how can we make it safe for people to join and participate in the resistance? How can we build trust and reduce risk to create a culture of safety for all?

Lean Data Practices encourage 3 main practices:
  1. Stay Lean
  2. Build in Security
  3. Engage Your Membership
More details on the website

1. Stay Lean

Staying lean starts with asking yourself, do I need this data to provide the value I’m trying to deliver to members?
  • If you don’t need a piece of data, don’t collect it.
  • If you need a piece of data, keep it for only as long as necessary and anonymize the data before you store it.
If you already have a lot of data, it's important to know what you have. There are explicit pieces of information we collect -- like names, email addresses, and zipcodes -- but did you know you might be collecting IP addresses too? How does collecting this piece of data contribute to your theory of change? And when do you delete data?

For example, at Mozilla we often delete data when we know we'll no longer need it. Email addresses that haven't interacted with content we've sent might get one reminder, but usually we delete them from our list 12 months after the last interaction. In other cases, around specific time-bound campaigns, if we've collected any information we'll often delete it within 120 days of the end of the campaign.

2. Build in Security

What protections have you put around the data you’ve collected?
  • Limit access to the data to those who truly need access.
  • Encrypt it while you’re moving it.
  • Know where you store your data and think about how best to protect that data.
At Netroots Nation, where I gave a workshop on the Lean Data Practices, I asked the participants how many people at their organizations had access to the data -- we're talking about the lists of names, email addresses, zipcodes, and other personally identifiable information (PII). In some organizations with about 30 people, ALL of the staff had access to those lists! At other organizations, even the volunteers had access to the full list of data.

But does everyone who has access to the data NEED access?
    Sometimes breaches happen. Still, it's worth having your teams -- especially those who access data -- to go through a security training to understand how to encrypt data, and how/where to escalate an issue if they notice a breach. And it's good practice to notify your membership if there is a breach -- do you have a process for sharing this information that will help your membership understand what happened, and how to protect themselves?

    What happens if a third-party vendor is breached? What responsibility do they have to share their data if subpoenaed by the government? These types of questions can also help guide what 3rd-party vendors you decide to work with in the beginning as well.

    3. Engage Your Membership

    Is the way you're collecting, using, and disclosing data clear to your members? Things like in-context notices, a privacy policy, and transparency reports can be helpful in informing your members on how you collect and use data. Members who can choose what data to disclose, and how to control their privacy settings can be very useful towards building trust.

    This sort of trust can help build and foster long-lasting relationships between members and organizations. Members join lists and donate to causes because they want to make a positive change in the world. Showing them that you're respecting their privacy while letting them contribute to a better world creates a wonderful, symbiotic relationship.


    Putting Lean Data into Practice

    If you have a lot of data, it's easy to get overwhelmed about where to start. It might help to choose one person on your team to focus on this for a little while -- a Data Steward. You can dive into the details a little more at the Lean Data Practices website. But maybe most importantly, have a discussion with your team about your responsibility to your members and communities, and make that a priority too.