Skip to content
Clawdemy

Lesson: Your starting point: write down what you're protecting and from whom

Aisha read the previous lesson on Tuesday evening, with a cup of tea, after the kids were in bed. By the end she could name three worries about the new school AI tool: surveillance, storage and leak risk, vendor lock-in. They were no longer a cloud. They were a list.

The next morning, in the staff parking lot before first period, she realized something the list had not done yet. The three worries were generic. They applied to anyone using any AI tool. They did not yet apply to her, in her job, with her students, in her district. The worries had a shape but no address.

This lesson gives them an address. By the end, you will have written one paragraph in your own words naming what you are protecting and from whom you are protecting it. The paragraph is short. It is also the foundation everything else in this track stacks on.

The smallest possible starting point

Section titled “The smallest possible starting point”

Most privacy guides hand you a checklist. The checklist is meant to be reassuring (look how thorough!) and instead is paralyzing (look how thorough). The Surveillance Self-Defense team at the Electronic Frontier Foundation, who have been writing about personal security for non-technical readers for years, take the opposite approach. They open with a deliberately simple frame:

Trying to protect all your data from everything all the time is impractical and exhausting. But, have no fear! Security is a process, and through thoughtful planning, you can put together a plan that’s best for you.

The plan they recommend is built around six questions. We will use just the first two in this lesson. Phase 6 of this track will return to the full six and weave them into the personal privacy plan you take with you out of the track. Right now, two is enough.

The two:

  1. What do I want to protect? EFF’s term for this is your assets. In a personal-security context, this usually means specific kinds of information, the devices that hold it, and the accounts that gate it.
  2. Who do I want to protect it from? EFF’s term for the party on the other side is your adversary. The adversary may be a person, a company, an institution, or a category of incident.

Two questions. One paragraph. That is the whole exercise.

What “what” means, concretely

Section titled “What “what” means, concretely”

When Aisha sat down to answer “what do I want to protect,” her first instinct was the same as most people’s first instinct: my data. That answer is true. It is also useless.

“My data” is the cloud version of the answer. The list version is more specific: student names. Parent phone numbers. The wording I use in progress reports, because that wording is mine professionally and reveals my judgment of children to anyone who reads it. The login I share with the district AI tool, because if that login is compromised, every conversation I have had in the tool is too.

Notice the move. Aisha named three categories (information about other people in her care; her own professional voice; a credential), then named a specific instance of each. The categories make the list mentally tractable. The specifics make the list actionable.

The EFF guide says it this way:

An “asset” is something you value and want to protect. In the context of digital security, an asset is usually some kind of information. For example it could be your emails, contact lists, direct messages, location, or other documents. Your devices themselves may also be assets.

For most readers of this track, the assets that go into the AI-tool seed paragraph fall into a small number of buckets:

  • Information about other people who trust you. Students, patients, clients, sources, family members, congregants, employees, suppliers. Anyone whose information you handle because they have entrusted you with it.
  • Information about you that you have reason to keep close. Health status, immigration status, legal exposure, professional drafts before they are ready, opinions you hold but have not published, conversations you are working through.
  • Credentials and access. Logins, account recovery info, professional credentials whose loss would harm your work, family accounts whose compromise would harm people you love.
  • Original work in progress. Anything not yet finished or published whose premature exposure would cost you something concrete: revenue, reputation, a competitive position, the trust of a person who agreed to be quoted.

You will not have something in every bucket. You may have most of yours in one. The buckets exist to make sure you do not miss a category you would have named if reminded.

What “from whom” means, concretely

Section titled “What “from whom” means, concretely”

The second question is harder because it sounds adversarial in a way that is uncomfortable. Most readers do not have a personal enemy. The word “adversary” makes it sound like you should. EFF’s framing is broader and more useful:

A person or entity that poses a threat to your assets is an “adversary.” Examples of potential adversaries are your boss, law enforcement, your former partner, your business competition, your government, or a hacker on a public network. It could even include people you would otherwise trust who might accidentally compromise your assets by being careless with their own security plans.

The expanded version: an adversary is any party that could come into possession of your assets in a way that costs you something, regardless of whether that party intends harm. That definition pulls in everyday actors most people do not think of as enemies. For an AI-tool seed paragraph, the relevant adversary list usually includes some combination of:

  • The vendor itself. Not because the vendor is malicious, but because anything you give the vendor is, in some sense, in the vendor’s possession. The lesson 1.1 worries (surveillance, storage and leak risk, vendor lock-in) all sit here.
  • Whoever the vendor shares with. Third parties the vendor hands your data to, business partners, advertising relationships, government legal demands. The vendor’s adversaries become yours by extension.
  • Whoever might breach the vendor. Attackers who get into the vendor’s systems without permission. This is a different category from “the vendor itself”; both should appear.
  • People with shared access. Family members on a shared account, colleagues who log in through the same shared workplace account, a former partner who still has a credential, a contractor whose laptop touches your shared drive. Not adversaries by intent, often adversaries by accident.
  • You, in a moment of inattention. Naming this is honest planning, not self-blame. The most common adversary in most readers’ situations is their own next click: pasting a sensitive thing into the wrong window, sending a draft to the wrong recipient, forgetting which conversation a particular session was in. Knowing this in advance is what lets you slow down at the moments that matter.

You do not need every adversary. You need the ones that actually apply to your situation.

Writing the paragraph

Section titled “Writing the paragraph”

The paragraph itself is short. One Aisha-shaped version:

I want to protect my students’ names and report-card comments, my district login to the AI tool, and any draft progress reports that contain a parent’s contact information. I want to protect them from the vendor’s training pipeline (how my data could be used to shape future versions of the model), from a breach of the vendor’s systems, from anyone with shared access at the district who is not the student’s teacher of record, and from my own habit of leaving tabs open. I am not worried about my district turning the AI tool against me; the worry is that the data trail outlives my control.

Three sentences. The first names assets. The second names adversaries. The third names something subtler: the worry behind the worry. The third sentence is a bonus, not the assignment. Two true sentences always outweigh three sentences that sound complete. If the third one comes naturally when you sit down to write, keep it; the part you will look back on in Phase 6 and recognize as your real motivation often lives there.

Aisha’s paragraph is published here because Aisha is fictional; the worked example is a teaching artifact, not a real plan. Yours will name real assets and real adversaries belonging to real people. Treat it accordingly.

What you can do right now. Write your own version. Keep it to five sentences or fewer. Use your own situation, not a hypothetical. If you are stuck on the first question, name three buckets from the list above, then one specific instance of each. If you are stuck on the second, write down every party whose possession of your assets would cost you something, then cross out the ones whose possession would not actually cost much.

Where to write it (and where not to). Pen and paper, a local-only text file on a device only you use, or an end-to-end-encrypted note app are the right tools. Do not write it in an AI chatbot conversation (the paragraph itself names what is sensitive, so the conversation becomes the very thing you are trying to protect), a shared workspace document, a draft email, a public gist, or a pastebin. Keep the paragraph somewhere only you can read it; this is a planning artifact for you, not for sharing.

The paragraph does not have to be perfect. It has to exist.

Common pitfalls

Section titled “Common pitfalls”

Three patterns most readers fall into on the first pass.

Writing the paragraph as someone else’s threat model. It is tempting to write the paragraph as though you were a journalist, a lawyer, or a public figure, because those are the threat models privacy literature is full of. Yours probably looks different. The teacher’s paragraph is not the journalist’s paragraph; both are valid; only one is yours. Resist the urge to borrow gravity. Your real situation is the right input.

Listing assets you don’t actually have. Some readers list every asset category they have read about, even ones that do not apply to them. If you do not have a former partner with credentials, the former partner does not go on the adversary list. If you do not handle client data, client data does not go on the asset list. A short paragraph that is accurate beats a long paragraph that is aspirational.

Treating the paragraph as final. It is not. The paragraph is a Phase 1 artifact. Phase 2 will show you what an AI tool actually does with your assets along the way; Phase 3 will give you a four-category vocabulary for the threats; Phase 4 will teach you a five-question rubric for reading a vendor’s actual posture; Phase 5 will introduce architectural alternatives. By the time you reach lesson 6.6, you will revise the paragraph with everything you have learned and grow it into a full personal privacy plan. The first paragraph is the seed; the final plan is the harvest. Both are yours.

What’s next

Section titled “What’s next”

Phase 2 opens with a different question: what actually happens, mechanically, when you press Enter in an AI tool? Your seed paragraph tells you what is at stake. Phase 2 starts showing you the path that stake travels. Lesson 2.1 traces the three seconds between your keyboard and the model’s response and names the parties present along the way.

Aisha finished her tea, closed her notebook, walked into her first-period classroom, and made the small adjustment that the seed paragraph had prompted: she put a sticky note on the front of her laptop reading “check what’s in the tab before you paste.” It was not a security policy. It was a self-reminder, written by the person who had just decided what she was protecting and from whom.

The first paragraph is small. It is also where everything else in this track gets its grip.