KJ Technique, Fully Remote (session 2)


#1

@ei8fdb @belenbarrospena @saptaks @veronika.nad,

Shall we schedule another remote KJ ? I feel the result is valuable and eager to process more interviews :slight_smile:

Would it be ok with you to prepare the post its in advance? That is, each of us takes one interview and slice it into postit in advance. And then we meet and sort the post-its together. The advantage of doing this would be to have a shorter affinity sorting session and our minds would be rested and sharp.

What do you think?

P.S. A transcription was completed today and has great material, I’m can’t wait to slice it into tiny postits !


KJ Technique, Fully Remote (session 3)
#2

Shall we schedule another remote KJ ? I feel the result is valuable and eager to process more interviews

Yep, would you like to suggest a date?

Would it be ok with you to prepare the post its in advance? That is, each of us takes one interview and slice it into postit in advance.

Yes, this would be perfectly fine.


#3

April 23rd, 24th morning, 27th, 28th, 29th, 30th work for me.

Cool, I’ll post-it (or is there a better word for it ?-) interview number 3.


#4

We might be able to do 29th. @ei8fdb Thoughts?


#5

Yep, I think that’s doable. We’ll need some good Internet and a beer. :wink:

Also, yes good idea. We can get the interviews post-it-ised beforehand.

I’ll put a page in the wiki for it.


#6

@belenbarrospena @ei8fdb I prepared a board with groups and postits from the previous session. It appears empty but if you zoom out you will see that it’s just because there is room for new categories and the existing postits were pushed to the right.

If you send me a text file with the content of the postits, one per line, for the interview you chose, I will move them to postits in this whiteboard so we can sort them together tomorrow.

Do you think that can work?


#7

I have good news: p3 is sliced into postits. And not so good news. The software is no good.

We need to look for an alternative and since the format of the file is not too difficult to parse and manipulate, moving to something else should not be too much of a problem.

Unless you have a better idea, I propose we re-schedule todays KJ session.

import json
import sys

d = json.load(open(sys.argv[1]))
lines = open(sys.argv[2]).read().split('\n')
i = 8000
base_y = 0
base_x = int(sys.argv[3])
shift = 0
for line in lines:
    if not line:
        continue
    d['cards'].append({
        "id": "card%05d" % i,
        "colour": "yellow",
        "rot": "0.0",
        "x": base_x + shift,
        "y": base_y + shift,
        "text": line,
        "sticker": None,
    })
    i += 1
    shift += 1
    
print json.dumps(d)

called with the json export of the previous board, the following text file and 200 to place the new postits

p3: We investigate topics to expose corruption and wrongdoing.
p3: The org. staff is in four countries.
p3: The network of journalists are spread around the world.
p3: The best investigative journalists in each country.
p3: We tap into a network of journalists for collaborative investigations.
p3: We collaborate with media org. around the world.
p3: A leak over 1TB and millions of documents.
p3: All journalists in the org. have access to all documents.
p3: A leak implicating more than one hundred countries.
p3: Hand made tools based on Free Software
p3: Journalists work remotely, in the cloud, on non classified docs.
p3: Intranet social network
p3: Intranet search engine
p3: Intranet data visualization
p3: SecureDrop is a mailbox that you have open for people to send you leaks
p3: SecureDrop is used in media organizations.
p3: SecureDrop is used by network of journalists.
p3: SecureDrop is about sending documents.
p3: The SecureDrop chat is not used.
p3: Signal and whatsapp are used to chat.
p3: The main use of SecureDrop is files.
p3: We are not getting much from SecureDrop
p3: We get stuff by other means than SecureDrop
p3: One SVS and a single person checking it
p3: Checking SecureDrop is very technical
p3: Only people who know Tor submit to SecureDrop
p3: SecureDrop is too technical for a civil servant
p3: The problem is not SecureDrop, it is Tor
p3: One international leak in 18 months via SD
p3: A number of nation wide leaks in 18 months via SD
p3: A SD was about national police wrongdoing
p3: A SD was about national corruption
p3: People may not realize the risks when sending documents over email
p3: An org. publishing leaks may not have an online system
p3: An org. publishing leaks should have an online system
p3: SecureDrop was setup withough help from FPF
p3: SecureDrop launch was blocked by technical requirements
p3: The technical provider was unable to meet the technical requirements
p3: A whistleblower asked repeatedly for an online submission system
p3: A whistleblower with a lot of data asked for an online submission system
p3: Postal mail must be complemented with something more technologically advanced
p3: SD was installed by backend developer
p3: SD was installed by an expert on databases
p3: SD installed by FPF was expensive for us, as a non profit
p3: SD installed by the same person for two org.
p3: Gave up establishing a rotation to check SecureDrop
p3: Complains about tails updates
p3: We check SecureDrop less frequently nowadays
p3: A single person checking SD, very tired of it
p3: Plans to have multiple SVS
p3: We hoped to get a super big lead via SD but did not
p3: A person uses SD for a short while after the launch
p3: Sometime documents received via SD are not that sensitive.
p3: Non sensitive SD documents are forwarded via encrypted email
p3: SD never received documents that would require this level of security
p3: Communication with journalist are via encrypted email
p3: Training journalists to use PGP took a long time
p3: Using PGP and 2FA is a requirement for journalists
p3: Journalists say their infosec skills improved working with our org.
p3: The IT guys of the org. was too busy to deal with SD
p3: The person who installed SD became the expert
p3: The person installing tails USB keys is our expert
p3: We should re-structure the SD support internally
p3: The SD servers are close to a staff member who can maintain them
p3: Sometime the SD servers crash and need to be repaired
p3: Whistleblowers are the lifeline of investigative journalists
p3: The SD did not receive leaks
p3: Leaks comes from people who approach us
p3: Leaks comes from partners
p3: SD does not provide what we expected
p3: Encrypted email does not provide what we expected
p3: The leak box must be more accessible
p3: Most of the leaks are not NSA type
p3: The SD process is painful when the result is non sensitive documents
p3: Whistleblowers do not think in terms of documents
p3: The problem with Signal is that it can only be used by a single device
p3: Whistleblowers want to tell something to the journalists, a conversation
p3: Whistleblowers need to be caught, hot in the moment
p3: SD does not all for quick response time with Whistleblowers
p3: Nobody knows what Tor is
p3: I wish we had good security with Chrome and not Tor
p3: HTTPS is not fully anonymous but somewhat
p3: Being focused on documents is wrong, chatting comes first
p3: For sensitive documents that are not classified the cloud is ok
p3: If we assume all documents are classified, the platform is not usable
p3: 2FA is required to access the Intranet
p3: Journalists are not aware of the traces they leave on the net
p3: Whistleblowers are not aware of the traces they leave on the net
p3: Whistleblowers cannot decide the level of protection they need
p3: Whistleblowers could be asked questions to determine their security needs
p3: Whistleblowers know how to send you documents without SD
p3: Whistleblowers with classified documents know it is explosive
p3: Whistleblowers may not realize they put other people at risk
p3: Sources & journalists should be trained to understand the risk they take

#8

Maybe we can do it the non-fancy way, using a pad. Is moving lines around in a pad is all we need to create the groups?

Here is a pad with all we had during the last session and the p3 interview in addition, separated by a line of -------------------

https://annuel.framapad.org/p/SecureDropKJ2018-04


#9

@ei8fdb I added the lines for the p21 interview to the https://annuel.framapad.org/p/SecureDropKJ2018-04 pad

Which video conference room should we use for our affinity mapping session tomorrow (Friday May 11th, 11am Paris time)?


#10

@ei8fdb when would be a convenient time for you to reschedule this affinity mapping session? It will give us time to slice more interviews :slight_smile:


#11

@veronika.nad since you’re in Paris next week, would you have an hour or two to spare and sort the interviews with me? There are two interviews already nicely sliced, it should be interesting :slight_smile:


#12

yes, we can do that tomorrow ?


#13

Absolutely. It is going to be semi-hollidays here in France, quiet and good for sorting interviews :slight_smile:


#14

okay great ! I’ll try to be there early early early, as unfortunately, for me, this isn’t even a semi-holiday ^^ see you there !


#15

@veronika.nad thanks for a great session :slight_smile: We capped it to one hour and there still are a few phrases to sort but we did most of it. The result is in the pad but also archived on cloud.securedrop.club.

We created two new categories:

  • MAGIC WAND because they belong to an imaginary world and should explicitly be grouped as such
  • ALTERNATIVE TOOLS REPLACING SECUREDROP for when journalists use other tools to replace a feature that SecureDrop already proposes

And renamed a category from BAD THINGS ABOUT JOURNALISTS to THINGS JOURNALISTS COULD IMPROVE. Not just because it is more polite. But also because it was unclear what belongs to this category.

The category COMPLAINTS / FEATURE REQUESTS grows and we also concluded it would make sense to split it.

From a technical standpoint, @veronika.nad and myself had no trouble sorting the lines using the pad. It can go like this:

  • Choose a color that is not already used anywhere in the pad so the lines can quickly be visually recognized.
  • Go to the top,
  • Read the sentence,
  • Cut it
  • Control-f ## to quickly go to the next category
  • Add the sentence as the first line of the most relevant category
  • Go to the top again

Time can be saved by opening the pad in a Tor Browser (otherwise the pad gets confused because connections are from the same machine/IP) and keeping the list of phrases in this window while the other browser window is used to navigate the categories.

15 minutes before the end we discussed in which category the new sentences were inserted. @veronika.nad read the sentences and we discussed the relevance of having the sentence in this category and/or the meaning of the sentence. We moved a dozen sentences from a category to another as a result.

As a conclusion we wonder what the next steps could be. We could slice more SecureDrop user interviews to validate the pad approach actually works for everyone. I’m cautiously optimistic because @veronika.nad does not have a highly technical background and her being comfortable with the pad could be a sign that most people could also find that ok.

What do you think?