Inside Cybersecurity

July 2, 2022

Daily News

Wanted: ‘Public-interest technologists’ to inform raging debates on cybersecurity policy

By Charlie Mitchell / August 12, 2019

LAS VEGAS. Technologists are the missing voice in cyber policy debates on issues ranging from encryption to supply-chain security, says Bruce Schneier of Harvard Law’s Berkman Klein Center for Internet and Society, who made several presentations here calling for development of a robust “public- interest technologist” community to help shape laws and rules for this technology century.

As an example, he pointed to a “25-year debate on ‘going dark,’” or whether government should be able to access encrypted communications, and said, “It’s a scare term. We’ll never get the policy right if the policy makers get the technology wrong.”

“Here’s the issue,” Schneier said, “none of the policy makers have the technology chops to discuss it.” The separate worlds of technology and policy “was okay in 1959,” but now “technology makes de facto policy – and the policy is always catching up.”

“What I’m calling for is public-interest technologists” who can help policy makers reach informed decisions at the beginning and throughout the policy-making process, he said.

Schneier spoke before a packed ballroom at the Def Con conference here on Saturday, and also discussed the need for public-interest technologists on a panel at Black Hat earlier in the week. “China versus Amnesty International is not a fair fight,” he said at Black Hat. “We can help make it a fairer fight. You won’t get paid as much, it’s hard work and working with small budgets.”

On encryption – an issue often framed to pit privacy against law enforcement and national security concerns – Schneier on Saturday said “there’s a lot of politics here [but] there’s some actual technology to talk about.” Ideas such as trusted third parties holding keys to encrypted data or “better or worse back doors” should be the subject of informed debate, he said.

As for his own view, Schneier said, “A lot of the debate on back doors is skewed because companies back-door for lots of reasons. … In the long term, once the internet starts killing people [amid omnipresent Internet of Things connectivity], it all changes” and “end-to-end strong encryption of devices will be essential.”

Schneier said the burgeoning supply-chain security debate “desperately needs technologists.”

“We all know chips have dozens of passports,” he said. “We all know you have to trust the shipping mechanisms, you have to trust everyone and you can’t trust anyone. You could build a ‘U.S. iPhone’ but it would cost 10 times as much and no one would buy it.”

That leaves the question, he said, “can we secure the system with insecure parts? This is where technologists must get involved.”

From “5G security versus surveillance,” through artificial intelligence robotics and IoT issues, “they all need technologists in the debate,” Schneier said. Further, he said, “It’s not just doing it on the side,” it requires people addressing these issues on a full-time basis, which in turn requires funding for positions in government, nongovernmental organizations, universities and at private companies. And, he said, the white-hat hacker community must help to “force diversity” into the equation.

“There are examples” of such public-interest technologist positions in various sectors, he said, “but still not a lot. We need to scale it, all of this should be a normal, common and viable career path.” – Charlie Mitchell (cmitchell@iwpnews.com)