By donating their security expertise, infosec professionals are supporting non-profits, advocacy groups, and communities in-need.
Cybersecurity Help- Victims of abusive relationships are all-too-familiar with stalkerware — spyware sometimes used by abusers to track their victims’ conversations and locations. Eva Galperin, who heads the Threat Labs at the Electronic Frontier Foundation (EFF) has been pressing antivirus companies to treat stalkerware as a serious problem for some time.
Now she’s finally seeing progress. Last week, EFF and nine other organizations united to launch the new Coalition Against Stalkerware, which aims to spread awareness and help affected victims.
“Our goal is to have a definition, standards for detection, and to get AV companies to change the norms of how this software is treated,” says Galperin.
This is just one of the ways Galperin has used her security knowledge to assist vulnerable populations. She is an outspoken advocate for using security for altruistic purposes. To put it simply: hacking for the greater good.
“Hacking is curiosity,” she says. “It is the act of taking things apart and seeing how they work. Ideally this is followed by putting something back together so it can work better. [That] can apply to a product – but it can also apply to societal issues. It does not need to be confined to an office.”
Security professionals are needed and should feel called on to use their experience to help others and impact larger societal issues — especially now, she says. This is essential, she says, due to the ubiquity of technology in nearly every aspect of our lives.
“These are particularly interesting political times,” says Galperin. “Everyone reads the paper and gets upset about some kind of news involving technology. Digital technology is at the center of our lives. Almost every issue now has some sort of information component.”
Galperin has been giving regular presentations on the topic of security for the greater good at events like Black Hat with security luminary Bruce Schneier, who describes himself as a “public-interest technologist, working at the intersection of security, technology, and people.” Their goal is to spread a message on the need for more involvement from technology and security professionals in charitable work, as well as more influence on policy development.
Policy Development, Not Just Product Development
Schneier cites stalkerware as an example of this need. Currently, product design in a vacuum does not consider broader implications that can ultimately lead to harm.
“If your software developers are all white men, you might not get a product that reflects the rest of the population,” he says. “It goes very deep. They are just building tech toys, not systems with social implications.”