Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists

  /     /     /  
Publicated : 23/11/2024   Category : security


Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists


Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why it’s so important for tech experts to be actively involved in setting public policy.



Veteran security researcher, cryptographer, and author Bruce Schneier is one of the many cybersecurity experts who will be speaking at
Black Hat USA
in Las Vegas this August.
He’s presenting
Information Security in the Public Interest
, a 50-minute Briefing about why it’s so important for public policy discussions to include technologists with practical understanding of how today’s tech can be used and abused.
Schneier has become a vocal advocate for more public-minded technologists, noting in a
recent interview
with Dark Reading that in a major law firm, you are expected to do some percentage of pro bono work. Id love to have the same thing happen in technology.
He recently took time to chat with us via email about what he’s hoping to accomplish at Black Hat USA this year, and why he thinks Black Hat attendees are well-suited to serving the greater good as public-interest technologists.
Q. Hey Bruce, thanks for taking the time to chat. Can you tell us a bit about your recent work? 
A.
Im a security technologist. I
writ
e
,
speak
, work, and
teach
at the intersection of security, technology, and people. My latest book is about the security implications of physically capable computers, with the arresting title of
Click Here to Kill Everybody
. Its a book about technology, but its also a book about public policy; the last two-thirds discusses policy solutions to the technical problems of an Internet-connected world.
Im not optimistic about the solutions, though. I spend four chapters laying out the different government interventions that can improve cybersecurity in the face of some pretty severe market failures. Theyre complex, and involve laws, regulations, international agreements, and judicial action. The subsequent chapter is titled Plan B, because I know that nothing in those four chapters will happen anytime soon. And I dont even think my Plan B ideas will come to pass.
There are a lot of reasons for this, but I think the primary one is that technologists and policy makers dont understand each other. For the most part, they cant understand each other. They speak different languages. They make different assumptions. They approach problem solving differently. Give technologists a problem, and theyll try the best solution they can think of with the idea that if it doesnt work theyll try another -- failure is how you learn. Explain that to a policy maker, and theyll freak. Failure is how you never get to try again.
Solving this requires a fundamental change in how we view tech policy. It requires public-interest technologists. So thats what I have been evangelizing. I
wrote about it
for
IEEE Security & Privacy
magazine. I
spoke about it
at the RSA Conference in March, and I also hosted a
one-day mini-track
where I invited eighteen other public-interest technologists to talk about what they do. I maintain a
public-interest tech
resources page that lists what other people are writing -- and doing -- in this space.
Q. Youve written that having a computer science degree is not a requirement to be an effective public-interest technologist, so what is?
Public-interest tech is the intersection of technology and public policy. Its technologists working in public policy, either in or outside government. Its technologists working on projects that serve the public interest: working at an NGO, or working on socially minded tech tools. And while it requires an understanding of both tech and public policy, everyone doesnt need to have the same balance of those two disciplines -- and everyone certainly doesnt need a CS degree. Whats required is an ability to bridge the two worlds: to understand the policy implications of technology, and the technological implications of policy.
Ive met public-interest technologists who are hard-core hackers, either degreed or not. But Ive also met public-interest technologists who come from a public policy background, or from a social science background. Since effectiveness requires blending expertise from different areas, it matters less which one came first.
Q. Why is Black Hat a place youve chosen to speak about this, and what do you hope to accomplish?
One place where public-interest technologists are needed is security. Networked computers are pervasive in our lives, and the security implications of that are profound. The problems that result require public policy solutions. And just as we cant expect the government to effectively regulate social media when it
cant even understand
how Facebook makes money, we cant expect the government to effectively navigate the complex socio-technical problems resulting from poor cybersecurity.
The Black Hat community is uniquely qualified to learn, understand, and then advocate for effective cybersecurity policy. Theyre cybersecurity experts, but they have a
hacker mindset
. My goal is to show people that they are not only qualified to do this, but that there are paths for them to do it effectively.
Q: Power in the tech industry appears to concentrate along lines of money and privilege, as it does in politics. If we do see more people working as public-interest technologists in some capacity, what should be done to ensure they advocate for policies and solutions which benefit the public at large, without overlooking vulnerable or marginalized groups?
Ha -- welcome to politics. Preventing the already wealthy and powerful from accreting even more wealth and power is one of the oldest problems we have, and its one of those foundational problems that underlies everything else. Technology actually seems to exacerbate this sort of inequality, allowing corporations to amass extraordinary wealth and power at the expense of everyone else. I dont have a solution, but I know that society needs to figure out a solution. And that the solution will involve understanding the technologies involved, and how they can be shaped to decrease inequity across a wide variety of dimensions.
Take algorithmic decision making as an example. Here is a technology that, if deployed correctly, can result in systems that are fair and equitable. But deployed incorrectly, it can both magnify existing bias and create new ones. There has been an enormous amount written about this, both in understanding current harms and in preventing future ones. Figuring out proper government policy around these technologies will require people who understand those technologies.
Q: Can you share a recent example how public interest technologists might be able to help with a policy problem?
Right now, Im thinking a lot about social media and propaganda. Its clear that the same technologies that enable free expression and the rapid exchange of ideas can be weaponized in ways that harm democracy.
I think there is value in thinking of democracy as an 
information

system
, and using information-security techniques to model attacks and defenses. It doesnt lead to an obvious solution -- that would be too easy -- but its a new way to conceptualize the problem and create a
taxonomy
of
countermeasures
. Clearly we cant let surveillance capitalism destroy democracy -- and its up to people who understand both technology and public policy to figure out a way forward.
Its like that across the board. All the major problems of the 21st century are technological at their core, and will require solutions that blend technology and public policy: climate change, synthetic biology, artificial intelligence and robotics, the future of work. These are our problems to solve; we need to get on with it.
For more information about Schneier’s Briefing and other talks, see the
Black Hat USA Briefings page
, which is regularly updated with new content. Black Hat USA returns to the Mandalay Bay in Las Vegas August 3-8, 2019. For more information on what’s happening at the event and how to register, visit the
Black Hat website
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists