LAS VEGAS – As a whole the security community is doing a better job at bridging the gap between security and humanity, compelling technologists to help combat human rights violations and promote privacy but there’s still a lot more work to be done. Thankfully, according to experts, it's never been easier to get involved.
A group of security advocates including Bruce Schneier, a renowned security technologist and a Fellow at Harvard Kennedy School, Camille Francois, the Chief Innovation Officer at data visualization company Graphika, and Eva Galperin, the Director of Cybersecurity at the Electronic Frontier Foundation, addressed the security community’s challenges and achievements in a panel here at the Black Hat Conference, “Hacking for the Greater Good: Empowering Technologists to Strengthen Digital Society,” Wednesday morning.
The need for hacking for good isn’t going away, Schneier said, adding that the cyclical nature of the industry - researchers publishing papers on strengthening then subsequently breaking systems – is by default an act of public interest tech; it's something that’s deeply embedded in our culture and something we need more of.
Schneier gave credit to the New York Times’ Kashmir Hill and Francois to Motherboard and Citizen Lab, the research laboratory based that's part of the Munk School of Global Affairs at the University of Toronto, for advancing the public's perception around hacking for the greater good.
Schneier also called out some older government institutions that have been dragged into this out of sheer demand. He pointed out how the Federal Trade Commission has staff technologists now whose sole job is to look into security considerations that affect consumers. He also made a point to laud Chris Soghoian, the researcher and activist who formerly worked for the American Civil Liberties Union but since 2017 has worked as the Senator Ron Wyden’s Senior Advisor for Privacy.
Galperin, who spent the beginning of the panel recapping some of the EFF’s major human rights fights of late - cracking down on automated license plate reader programs, combating spouseware and stalkerware, and concerns around LTE IMSI-catchers - said that while the stakes are higher than ever, it’s also never been easier to get involved.
“Holding the hand of people who have been abused and harassed by governments, that stuff doesn’t require a degree in computer science,” Galperin said, “it requires reading, learning, and cultural sensitivity. You don’t need my permission to become a technologist, there are no gatekeepers, you can do it yourself.”
Galperin pointed out that privacy advocates are continuing to fight the same battles they thought they had already won, like the recently reinvigorated encryption/backdoor debate and Section 230 of the Communications Decency Act.
“It is possible we will end up with people throwing their hands up, saying we’re tired, we’re burnt out, we just want to code, why are you making this so hard? That’s my doomsday scenario. I may not have to change the world but everybody has to do something, use their power to lift somebody else up, ask who’s being left out of this conversation. What is my company doing in the world and how can I stop myself from making a dystopia?” Galperin said.
Francois said she thinks the community is doing a slightly better job but that its partly because there are a lot more revolving doors now, adding that there are a lot more positions in academia for technologists who want to collaborate with attorneys and policy makers than there used to be.
While the security community’s interest around artificial intelligence has certainly been piqued over the past several years Schneier worries it will distract from the big change in how computers are changing the world and having a direct impact on human lives.
“It’s that notion that computers are going to touch objects, control thermostats… moving beyond data to flesh and steel,” Schneier said. When it’s about actual, physical stuff, it should be about direct physical agency, automation, and intelligence, he added.
“You mean the computer will shut off the person’s heart? That’s way different than deleting a spreadsheet.”
