In two sessions at Black Hat 2019, security luminary Bruce Schneier, currently a fellow at the Harvard Kennedy School, made the argument for the need for the role public interest technologist and offered suggestions to address ways to get more individuals prepared for it, and to create more roles that demand the background.
His chief argument: In an increasingly digital world where technology touches so many facets of life, it is time for the role of public interest technologist to be created. More technically-educated individuals must to come forward to do the work necessary to ensure government policies that regulate or touch on technology are informed by trained, technical-minded professionals.
“Almost no policymakers debating issues understand technology,” argued Schneier in his solo session, titled "Information Security in the Public Interest."
How did we get here? Schneier laid out the foundation for the current landscape by explaining how policy and technology, for the most part, did not interact for many years. Now, with technology intertwined in almost everything we do, human rights and privacy are imperiled as private corporations can make decisions about how their technology is used and access. Depending on the corporation, these corporate-driven decisions can have widespread consequences, often with little legal precedent behind them. The internet, he noted, was never designed with security-centric public policy in mind.
“If Google makes a decision about censorship, that is more effective than any law prohibiting access to information,” said Schneier. “It is no longer acceptable for tech and policy to be in different worlds.”
Schneier said part of the answer is for society to create and embrace the role of a public interest technologist. The people in this role will help inform policymakers by serving as staff members in government, for example, helping lawmakers make informed decisions about policy relating to security and technology. He said he sees a need for more staff-level jobs of this kind in government and non-government organizations.
In a talk a day earlier, Schneier, along with Eva Galperin, director of cybersecurity at Electronic Frontier Foundation, and Camille Francois, chief innovation officer at Graphika made the case for more public advocacy work among technically-skilled security professionals.
Titled "Hacking for the Greater Good: Empowering Technologists to Strengthen Digital Society," the group urged attendees to seek opportunities for ethical hacking and work that is in the sphere of public interest.
“When we are talking about security, it’s usually for states or corporations,” said Galperin. “We don’t spend a lot of time talking security for individuals. But the security needs of the LGBTQ community, or abused spouses, or people of color, might be different than the end-user [that] the product was designed with in mind.”
Security professionals interested in advocacy should seek opportunities to make a difference locally, within their own communities, the group noted. Those who are engaged in technology work for human rights organizations should be praised more often, said Schneier.
“China versus Amnesty International is not a fair fight,” he said. “We can help make it a fairer fight.”