Profile picture
, 20 tweets, 5 min read
My Authors
Read all threads
"A tale of two cybers - how threat reporting by cybersecurity firms systematically underrepresents threats to civil society," in Journal of Information Technology & Politics by @LenMaschmeyer, @RonDeibert, and @jonrlindsay, reveals a serious problem with infosec research.

1/
The authors document how our dominant narrative of cybersecurity - that it's about cyberterrorists using tech to leverage asymmetric attacks against nations and powerful companies - has skewed how we investigate and report on security incidents.

tandfonline.com/doi/full/10.10…

2/
What's more, since the majority of reporting comes from commercial firms hoping to sell security services to corporations in the global north, "threat reports" are absurdly skewed towards corporate espionage, frauds, and attacks on powerful governments.

3/
But this is completely skewed. Considered by both volume and consequences, the commonest form of hack-attack is corporations and governments attacking poorly resourced civil society groups - it's not David felling Goliath, it's Goliath slaughtering armies of Davids.

4/
"The original cyberwar narrative had things precisely backwards. The information revolution does not portend a new anarchy rife with destructive disruption but rather the encroaching hierarchy of the surveillance state."

5/
"Cyberspace may create asymmetric advantages, but they are advantages of the strong to monitor and enforce the behavior of the weak."

6/
But embattled civil society groups do not procure expensive threat-mitigation contracts from commercial cybersecurity firms, so they are omitted from published case-studies in favor of the rare instance in which companies or governments are the victims, not the aggressors.

7/
This skews the entire cybersecurity narrative: from the scholarship to the news-media's reportage to fictional portrayals, giving us the sense of an invisible threat landscape in which tech acts as a force-multiplier for otherwise lost causes.

8/
But the problem isn't just one of distorted perceptions. Our false conception of cybersecurity threats leads us to develop defenses that benefit the habitual aggressors at the expense of mitigations for their preferred victims.

9/
The authors go to great lengths to quantify this selection bias, and make a very compelling case. More significant are the case studies, which come from the work of the Univerity of Toronto's @citizenlab (with which two of the three authors are affiliated).

10/
Citizen Lab is the most prominent and successful entity when it comes to researching and mitigating threats to journalists, human rights orgs, and other civil society groups who are targeted by powerful corporations and governments, using military-style cyberweapons.

11/
These weapons are so cheap and readily available for the powerful that they are used in INCREDIBLY petty ways.

12/
For example, the Saudi government used the NSO Group's Pegasus malware against Omar Abdulaziz, a Canadian university student who ran a comedic Youtube channel that mocked the Saudi state.

NSO's Pegasus was also implicated in the murder and dismemberment of Jamal Khashoggi.

13/
There is seemingly no pretence so slight, no critic so minor, that the rich and powerful don't sometimes target them with the same weapons that nation-states use to attack each others' national security apparatus.

14/
The authors make a compelling case that this asymmetry feeds on itself. Not only do we have an enormous array of powerful weapons for rich and powerful people (who are supposedly under constant assault from weirdly threatening pipsqueaks)...

15/
...But we have almost NOTHING for the victims of this aggression to use to defend themselves.

Ron Deibert, who runs Citizen Lab, wrote a powerful afterword for ATTACK SURFACE, the forthcoming Little Brother novel.

read.macmillan.com/promo/attacksu…

16/
Attack Surface is about a cybersecurity contractor who can no longer rationalize away her work building cyberweapons to attack dissident movements for corrupt and powerful dictators.

17/
She returns from Eastern Europe to Oakland, only to find the weapons she developed being wielded against the social justice movements her friends have founded, and has to reckon with the full consequences of her actions.

18/
In his afterword, Deibert wrote, "I hope you will be inspired by this book in the same way I have. I hope, like me, it encourages you to question the technologies that you depend on, that you carry with you wherever you go."

19/
"Like Masha, I hope you find a way to turn them to your advantage by knowing them from the inside-out in the way she does.

"Above all, I hope you become inspired to use them to create a better world than the one in which we now live."

eof/
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with Cory Doctorow #BLM

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @doctorow see all

Profile picture
Cory Doctorow #BLM
@doctorow
Writing in @techreview, @samuelwoolley and Jacob Gursky take a deep dive into the data-gathering in the apps from the Trump and Biden campaigns. It's quite a study in contrasts!

technologyreview.com/2020/06/21/100…

1/
The Trump campaign is like Cambridge Analytica Mark II: invasive even by the standards of 2020, with Bluetooth access so your movements can be tracked by sleazy data-brokers, as well as endless-scroll propaganda channels to feed white nationalists' grievance complexes.

2/
It's a feature-for-feature clone of the app used by Indian PM Modi, another authoritarian strongman with serious genocidal ambitions, and Modi has used the app to create regional propaganda clubs and feed them everything they need to push his narrative, to the brink of war.

3/
Read 15 tweets
Profile picture
Cory Doctorow #BLM
@doctorow
This morning, my attention snagged hard on @danieljthomason's Software Engineer D&D Classes ("Ever suspected that software development is more like a big, poorly structured RPG than anyone admits at interviews? You're going to enjoy this, then...")

dthomason.com/Software_Engin…

1/
After thinking about it, I realized that the explanation is right there in the strapline: it's not merely that software development is nerdy and D&D is nerdy so they go together.

2/
It's really a kind of backhanded critique of the software INDUSTRY, with its back-breaking, human-destroying work schedules defined by arbitrary demands for extra work, a ginned-up sense of urgency...

3/
Read 8 tweets
Profile picture
Cory Doctorow #BLM
@doctorow
It's hard to imagine a more timely moment for the publication of @ptcherneva's "The Case for a Job Guarantee," a slim and sprightly book that makes the plainest, most straightforward case yet for ending involuntary employment.

politybooks.com/bookdetail/?is…

1/
The Jobs Guarantee is not a new idea - it came within a whisker being part of FDR's New Deal - but with unemployment at levels to rival (or exceed) the Great Depression, and with countries minting trillions to cushion the pandemic, it's an idea whose time has come.

2/
Tcherneva's argument has several strands:

* Unemployment is really terrible, and exacts a huge toll on unemployed people, their families and society. This is both a human tragedy and a massive economic drain.

3/
Read 16 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!