Black Hat 2019: Ethical Hackers Must Protect Digital Human Rights | Threatpost

LAS VEGAS – At a time when technology is being utilized for human-rights abuses, the security space needs to turn its focus to public interest defense technology, security stalwarts urged during Black Hat USA 2019.

Security has long focused on protecting company data and providing cyber-defense for governments, and ignoring a broader issue: Those utilizing the endpoint devices, some of whom may be a target of human rights violations. Society has a responsibility to recognize the importance of protecting these individuals’ rights as well, argued Bruce Schneier, fellow at the Harvard Kennedy School, Eva Galperin, director of cybersecurity at Electronic Frontier Foundation, and Camille Francois, chief innovation officer at Graphika.

“When we talk about security, we have to ask, ‘security for who?’” said Galperin, speaking at a Black Hat session called “Hacking for the Greater Good: Empowering Technologists to Strengthen Digital Society.” “It’s usually for governments or corporations. We don’t talk about security for individuals, particularly individuals who don’t have a lot of spending money.”

Technology abuses are rife, from more generic concerns such as consumer data privacy, to more targeted threats, such as government surveillance of journalists and dissidents, and on highly-personal level, its use in domestic abuse cases.

To fight cases like these, Galperin stressed that the security industry needs ethical hackers and technologists who don’t merely have a degree in computer science, but who also have the creativity and empathy skills that can be applied to looking at cybersecurity in the context of social causes.

“We need someone to hold the hands of people who have been abused or harassed by partners or governments, and that doesn’t require a computer science degree,” said Galperin. “You need to understand your population first and what they need.”

In recent times, technologists have stepped up into this role by increasingly collaborating with journalists and members of the government – for instance, the Federal Trade Commission now has staff technologists  – to help them better understand the cybersecurity threats that are threatening the security of the public interest.

The security industry can also play a larger part in fighting human rights threats through supporting organizations such as the Human Rights Watch, Amnesty International and more, said Schneier:  “We need to help defend organizations that are doing public good – we don’t do enough praising those in IT… working for those around the world being attacked by governments,” he said.

Looking ahead, the dangers that are tied to technology will become paramount, particularly as device dangers begin to have a physical impact. For instance, automation and the Internet of Things (IoT) introduce new threats – connected medical device threats that could harm the body, for instance, or exploits for connected car vulnerabilities.

In these cases, “hacking for the public good” will take on a new meaning when it’s not just about the data, but instead has a physical impact, said Schneider.

“When you look at how computers are affecting the world, the notion that computers are going to touch objects, will drive cars and change thermostats, will make a huge difference in how our industry interacts with the world,” said Schneier. “We’re no longer about data, we’re in flesh and steel now.”

Black Hat USA 2019 has kicked off this week in Las Vegas. For more Threatpost breaking news, stories and videos from Black Hat and DEF CON, click here.