Surveying Vulnerable Populations: A Case Study of Civil Society Organizations

TL;DR

This paper surveys the security and privacy challenges faced by civil society organizations (CSOs), highlighting their vulnerabilities, the unique needs of their employees, and methodological issues in studying this population.

Contribution

It provides a case study of surveying CSO employees, discusses methodological challenges, and offers insights to improve future research on CSO security and privacy.

Findings

Identified specific security threats perceived by CSO employees

Highlighted methodological issues in survey design for vulnerable populations

Provided recommendations for future research approaches

Abstract

Compared to organizations in other sectors, civil society organizations (CSOs) are particularly vulnerable to security and privacy threats, as they lack adequate resources and expertise to defend themselves. At the same time, their security needs and practices have not gained much attention among researchers, and existing solutions designed for the average users do not consider the contexts in which CSO employees operate. As part of our preliminary work, we conducted an anonymous online survey with 102 CSO employees to collect information about their perceived risks of different security and privacy threats, and their self-reported mitigation strategies. The design of our preliminary survey accounted for the unique requirements of our target population by establishing trust with respondents, using anonymity-preserving incentive strategies, and distributing the survey with the help of a trusted intermediary. However, by carefully examining our methods and the feedback received from respondents, we uncovered several issues with our methodology, including the length of the survey, the framing of the questions, and the design of the recruitment email. We hope that the discussion presented in this paper will inform and assist researchers and practitioners working on understanding and improving the security and privacy of CSOs.