EFF Leader: Security Decisions Are Different When Women Are In The Room

Women in cybersecurity are stuck fighting the assumption that the technical work is being done by men, but entering the field is still worth it, according to one expert.

Electronic Frontier Foundation (EFF) Director of Cybersecurity Eva Galperin said women will have their technical credentials questioned or doubted throughout their career, with bystanders assuming that their male colleague or spouse is the one with subject area expertise. But putting up with the naysayers is worth it to be in the room when wide-reaching privacy and security decisions are being made.

"When you don't have that diversity of experience and opinion, you get people thinking that the kind of harassment that women get online is an edge case as opposed to … more than half of your users," Galperin said Thursday during a keynote address at CyberStarts Boston, hosted by Kaspersky Lab.

[Related: VAR vCore Unveils Women In Technology Scholarship, Aims To Expand Gender Diversity In IT And At vCore As Well]

Sponsored post

Most of the people running social media platforms are well intentioned and interested in protecting people, Galerpin said, but just aren't sure how to go about doing that. Too often, Galperin said, only middle-class white men are in the room when major privacy, security or user protection decisions are being made, resulting in tools that predominantly address risks faced by that demographic group.

"The reason why we need women in the room … is that somebody has to push back on that," Galperin said. "We have to be in the room when it happens, and we have to speak out."

The problems for women stem from certain aspects of hacker culture that seem to invite a particular kind of casual misogyny, Galperin said. Specifically, she said beliefs in the hacker community that bending the rules is fine, anything you can get away with is alright and that it's better to ask for forgiveness than permission - have resulted in their romantic partners being subjected to spying or worse.

Galperin said someone she had previously collaborated with on research ended up sexually assaulting a lot of women, women with considerably less technical skill than he had, and then threatened to compromise their accounts or devices when they attempted to report him. In response, Galperin offered earlier this year on Twitter to provide full forensic analysis for anyone who found themselves in this situation.

The response has been overwhelming, Galperin said, with more than 16,000 retweets and still – months later – she's receiving between six and 12 messages each day from sexual assault victims who subsequently received digital threats from their abusers. Galperin said she's focused on helping victims figure out where they are or aren't exposed and what might or might not be compromised.

"They don't have to actually do the work. They don't have to compromise any accounts," Galperin said of abusers. "They just have to make the victim worried about what they might do next."

Galperin worked with other NGO leaders in 2016 to compose a whitepaper recommending principles for content moderation that balances out allowing as much speech as possible on a platform with protecting vulnerable populations and not enabling state propaganda or information warfare.

From a security and privacy standpoint, Galperin said users should be given as much power as possible to decide for themselves what they're going to see and who they're going to see it from. Additionally, Galperin advised against making communication or messages from strangers the default since it typically results in a disproportionate amount of harassment for women.

"Empower your users to decide what they're seeing," Galperin said. "Thinking about your defaults is also extremely important."

Galperin provided advice for both male allies as well as women attempting to break into the cybersecurity industry. Well-meaning white men should mentor colleagues from other demographics, Galperin said, doing joint talks and research, highlighting their work during presentations, helping them put together talks for conferences, and providing them with job leads and advice.

"If everybody else could break into that cookie jar of opportunity, it would really improve things," Galperin said.

As for women getting started in the industry, Galperin said niceness is a trap that specifically keeps women and people of color down since they end up focusing on appeasing the people in charge rather than looking out and standing up for themselves. It's okay if certain people don't like you, Galperin said, or if someone accuses you of being difficult to work with.

"Stand up for yourself," Galperin said, "and don't be afraid of what people are going to say behind your back."