โ Proximity/adjacency to law enforcement
โ Oft-unfettered access to data
โ Lack of industry regulatory oversight/licensing, few limits, gray areas
โ Zero or near-zero discussions about the ethics of data collection or the work of infosec
We seem to have no idea how we sound to regular folks if we talked about this stuff in ways that would allow them to make analogies about our work. It's all jargon, and never has to be explained.
I have been shocked by the disconnect we have as infosec pros to regular people.
I stepped outside corporate infosec bubble to work at an activist nonprofit which fights government use of mass surveillance, and a devastatingly large amount of the research we've done in various spaces has horrified me.
It has become very clear that the disconnect is so profound, that we as tech workers, especially those who are at massive companies, are unaware of our how work directly impacts human beings, and what part we play in aiding & abetting suffering. Infosec is no exception.
It's very easy for an infosec person to, say, slam the TSA for 'security theater' which leads to little measurable improvement in security in exchange for our right to be free from unreasonable search & seizure.
Yet those same people in the same breath,
...would ardently defend their own work which produces much the same result.
Infosec likely has much worse outcome metrics than the TSA yet breaches continue, seemingly unabated.
Is there justification for the massive data collection apparatus in existence at every Fortune 1000 if we ultimately fail to operationalize the data, fail to attribute the harms, fail to stop further intrusions, and just overall fail?
When the TSA forces our bodies through invasive search techniques for the stated purpose of security, we are rightfully offended at this very visible intrusion to our bodies, and call it a violation of our civil liberties.
Yet we do not apply the same standard to ourselves. Why?
The stakes currently aren't as high as a plane crashing out of the sky**, so it'd be great if we could both increase recognition of our roles as powerful actors and strongly couple that with a culture of responsible use of that power.
BTW this isn't commentary on the pros who posted these comments. This is literally the standard culture of the industry & all of what was said in that thread is reflective of everyday life. We have access, we like it, we use it to defeat bad guys, and we are firmly the good guys.
People believe there isn't room for discussion on these things because we're the good guys, and any harms resulting from our initial data collection has nothing to do with us! We didn't do that! Someone else did. Our intentions were pure. In this way, we remain morally distanced.
โข โข โข
Missing some Tweet in this thread? You can try to
force a refresh
Storytime: Prior to starting my current role, I interviewed with a major financial corporation about a director of insider threat role.
1/๐งต
The man I initially interviewed with seemed like a decent man. The conversation had zero red flags, and it sounded like a really cool job with cool tech. He seemed like a 'good boss'.
I didn't know his background at the time.
2/
Turns out that dude was formerly CISO at major federal law enforcement agencies known for some pretty atrocious behaviors, and the prospect of running an insider threat program at this organization seemed like a bad idea. I did lots of research into those types of programs
3/
NEW: You've never heard of them, yet thereโs a good chance that "A6" knows an immense amount about you.
The company is one of many that purchases vast reams of location data, tracking hundreds of millions of people around the world by exploiting a poorly understood fact:
Countless common smartphone apps are constantly harvesting your location and relaying it to advertisers, typically without your knowledge or informed consent, relying on disclosures buried in the legalese of the sprawling ToS that the companies involved count on you never reading
Once your location is beamed to an advertiser, there is currently no law in the US prohibiting the further sale and resale of that information to firms like Anomaly Six, which are free to sell it to their private sector and governmental clientele
โOverall, our observations suggest while Appleโs changes make tracking individual users more difficult, they motivate a counter-movement & reinforce existing market power of gatekeeper companies w/ access to lg. troves of 1st party dataโ
โMaking the privacy properties of apps transparent through large-scale analysis remains a difficult target for independent researchers, and a key obstacle to meaningful, accountable and verifiable privacy protectionsโ
2/
The researchers also said that Apple isn't required to follow [their own policies on data collection] in many cases, making it possible for Apple to further add to the stockpile of data it collects. ๐คก
3/
DeSantis is the one to watch. Heโs dangerous. His press secโs resume is incongruent with FL politics for good reason. This is both a show of power and consolidation: Heโs demonstrating successful strongman politics using culture wars as proxy for elevation to a national stage.
Heโs declared a preemptive โCold Warโ btwn FL & GA (using language reserved for country-level conflicts to attack neighboring state), shouts about masks, enacted Donโt Say Gay, fights against CRT, speaks out against trans rights, etc.
He knows the more he does this, the more eyes will be on him.
Discussion abt American brainwashing of children re: historical events is much broader than โcritical race theoryโ, avoidance of which is simply another way to implant false narratives into the minds of our most vulnerable & lay foundation for compliance among future generations
No one needed to use a nuke. America was the first and only country to do so. Now we stand on a pulpit & command others not to after using Hiroshima and Nagasaki as an example of what happens when you challenge American might. The promotion of American exceptionalism is harmful.
I love my country. But letโs not pretend bias isnโt detrimental to analysis, leading to all the wrong conclusions about the world.
When bias is promoted as a factual history, you end up with an entire nation of people whose ignorance of history can easily be used against them.