Enigma Interviews preview: Eva Galperin and Alex Stamos
Stories about “biohackers” inserting malware into human DNA may make news feeds—and convince aspiring science fiction authors around the world to reconfigure their narrative arcs—but these aren’t yet risks that real users are facing today.
We’re taking a different tack with the Enigma Interviews, which we designed to address pressing security and privacy issues through conversations with experts across various industries and roles.
At the first Enigma Interviews event, which The Parallax will co-host with Usenix, New Context, Javelin Strategy and Research, and Avast (which also sponsors this site) at 7 p.m. PST on Wednesday, August 23, in San Francisco, I’ll moderate a fireside chat with Alex Stamos, Facebook’s chief security officer, and Eva Galperin, the Electronic Frontier Foundation’s director of cybersecurity. Our focus: the tension between the security-for-all that large companies must create and manage to protect their average users, and the protection that high-profile hacking targets among their users need.
While visualizing the average Facebook user could be as easy as taking a selfie, pinpointing and protecting real online targets isn’t exactly straightforward. They include domestic-violence survivors, political activists and dissidents, investigative journalists and, quite broadly, women.
Protecting large groups whose individuals have overlapping but distinct security needs is no easy task. How then does Facebook, which has 2 billion users, approach the challenge? Providing ways to guard against account recovery phishing attacks is one way. Encouraging users to review (and opt into) a wide range of security settings, including two-factor authentication, is another.
It’s worth noting that offering and mandating security features are distinct approaches. No mainstream service, including Facebook, has yet to default to using two-factor authentication or end-to-end encryption, both widely recommended by security experts to protect against hacks and privacy intrusions.
I’ll dig deeper into these topics with Eva and Alex next week. Here are the types of questions I’m planning to ask:
- How should an organization identify an at-risk group of users and its security needs? And at what point should it focus on addressing them?
- What should an organization do when a user intentionally puts another at risk? When one user doxes another, for example, how should it weigh security vs. rights?
- How does online security relate to real-world safety? How have (and can) tool advances impact that relationship?
- Which past security mistakes are influencing current designs and decisions?
- What happens when platform popularity trumps security?
- How much user information does a company need to provide them with effective security?
- What are your biggest, most urgent security concerns?
- Where do you stand on the use of metadata for identifying targets by governments? How much metadata collection by vendors is too much?
- What trends are you seeing in requests from the Department of Justice under the new administration?
I’ll also be asking questions from the live audience and people watching the livestream. You can start submitting questions today to Enigma on Twitter or The Parallax on Facebook using the hashtag #EnigmaIntvw.