Step 1 - Initial Contact and Assessing Need

Credits Daniel O'Clunaigh, Carol Waters, Ali Ravi, Lindsay Beck, Chris Doten, Nick Sera-Leyva Last Updated 2016-03

This multi-part resource details the basics of the event planning process, built from the documented experience of several experienced trainers - among these steps are gathering inputs, analyzing these inputs, and their subsequent impact on the design, preparation and orientation of a training event.

Secure Communication Considerations

Ideally, you will be able to carry out a needs assessment, either with the training participants themselves or a member of their representing organization, in order to gather necessary information for the best possible design of the event. Of course, it is important to bear in mind that the channels you use initially for communication (e.g. email, telephone or Skype) may not be secure, and your contacts may not be comfortable sharing certain information over these channels.

This is very difficult for trainers to gauge without previous knowledge of the local contacts’ situation and context. If you have a contact in common with whom you can have more reliably secure communications, you may need to depend on this more secure channel to gather information about the candidate training context.

Awareness, or lack thereof, of how safely initial communications can be conducted goes both ways: be aware that local groups may not be able to accurately gauge the safety of their communications with you. Sometimes the likelihood of risk is underestimated; at other times, wildly overestimated. Either way, trainers need to navigate this issue carefully and respectfully, with a Do No Harm approach that respects the reported need, context, and experience of both local contacts and potential trainees.

A form of secure communication that may reduce, but not guarantee, the safety of communications with a local contact (assuming that their device has not been compromised) is encrypted chat with OTR or Cryptocat. These are two of the easier communication tools to set up and use without advanced technical skills. In any case, it’s important to always provide contacts with an “opt-out” of handing over sensitive information at any point.

Establishing Trust and Transparency

Initial communication with local contacts and/or potential participants is an ideal moment to introduce yourself (if this is consistent with your own security protocols) and begin to establish a relationship of trust and transparency. For this reason, it’s also best to avoid talk of sensitive issues at this point. If it is possible to do so in a secure manner, be transparent with participants from the very beginning regarding aspects of yourself and your work which may be of interest or relevant, and also regarding what can be realistically expected of you (for example, in terms of technical support or tool-specific expertise).

It is also important to be clear about the source of funding for the event, particularly if there is an “information retention policy” imposed in some way by the funder (for example, does the funder demand any information about participants and if so, what?). This is best addressed while participants still have a choice to opt-out of the training.

If there is an intermediary organization that is organizing the training and will be dealing with this information, it may be wise to prompt them to make such details clear to potential participants at the point during which they are invited.

Conducting Needs Assessment(s)

An important aspect of the training planning process is the means through which you plan to gather the data points needed for the design of an effective training agenda. Knowledge of how potential participants are using technology, how they are communicating with each other (if at all) and with others, and what prior digital safety or security knowledge they may have has a significant impact on the scope and complexity of content that will be covered during the training.

The information that you wish to gather about potential participants in an initial needs assessment survey will depend largely on context; however, certain minimums might include:
  • Basic device use habits (day-to-day tasks, devices, operating systems, services).
  • Pre-existing technical knowledge, digital security related or otherwise.
  • Contextual, cultural and social background information.
  • Information about their work profiles (journalists, bloggers, human rights defenders, etc.?)
  • Perceived or observed threats, digital security related or otherwise.
  • Information about any past attacks, digital or physical (for your own operational security, and for agenda planning).

Additional Resources