Won't Somebody Please Think of the Journalists?

Tuesday, January 31, 2017 - 1:00pm1:30pm

Tom Lowenthal, Staff Technologist, Committee to Protect Journalists

Abstract: 

When researching security/privacy and developing tools, it is tempting to focus on the abstract technical merits of a problem. In practice, attacks are not graded for difficulty, only success. Why spend the time and expense of a zero-day exploit which bypasses ASLR to achieve remote code execution when spearphishing is so effective? The biggest barriers to widespread computer security are not technical. Wide deployment of privacy-preserving tools and trustworthy computers isn't limited by cutting-edge challenges in cryptography or formal methods. The obstacles are getting everyday tools to implement secure development best-practices, incorporate end-to-end crypto, and offer multi-factor authentication. The problem is fighting an endless public relations war about whether we should have to invent the impossible to create back-doors or design tools which protect their users except when the user is trying to do something bad.

Here's the trick: think and talk about journalists. Talking about journalism as a first-class use case changes the mental calculus. It allows for focus on the real technical challenges of developing safe systems, and bypasses poorly-thought-out objections. Even better, thinking about the needs of journalists as first class users helps make design choices which better protect all users.

BibTeX
@conference {202506,
author = {Tom Lowenthal},
title = {Won{\textquoteright}t Somebody Please Think of the Journalists?},
year = {2017},
address = {Oakland, CA},
publisher = {{USENIX} Association},
}