I'm Looking to Hire a Strategist to Help Figure Out Public-Interest Tech

I am in search of a strategic thought partner: a person who can work closely with me over the next 9 to 12 months in assessing what's needed to advance the practice, integration, and adoption of public-interest technology.

All of the details are in the RFP. The selected strategist will work closely with me on a number of clear deliverables. This is a contract position that could possibly become a salaried position in a subsequent phase, and under a different agreement.

I'm working with the team at Yancey Consulting, who will follow up with all proposers and manage the process. Please email Lisa Yancey at lisa@yanceyconsulting.com.

Posted on September 18, 2019 at 12:52 PM • 22 Comments

Comments

WarrenSeptember 18, 2019 2:26 PM

A little surprised you're using Dropbox with a security-related blog ... but I digress

Looks like a pretty interesting role

tfbSeptember 18, 2019 3:50 PM

I looked at this out of curiosity (I already knew I would not be the right person and am also not looking), and ... the heatsinks my buzzword deflectors are now glowing bright orange from the thermal effects of deflecting all the cruft. Is this serious?

1&1~=UmmSeptember 18, 2019 9:01 PM

Hmm,

One of the reasons I stopped doing sub-contracting is the junk that used to get handed down by people from the "creative industries" in the US.

When you read their RFP's you would find almost the same thing as section 3.1. (which by the way would probably fail in an EU Court).

Thus I would advise anyone to think carefully on sentances 3/4/5 in section 3.1 and what the implications are.

meSeptember 19, 2019 9:09 AM

@Tatütata (and others)
dropbox will block new files that has many downloads.
i think it's a security feature (security against what it's not totally clear to me)

we discovered this during a ctf, we hosted some files on dropbox and as soon as the ctf started (and people started downloading the file) it was blocked.
uploading again using the same account or a new one led to the same result.
this is not blocking by hash (kind of antivirus detection that block some file) but is more somenthing like "if there are more than ix downloads in y time frame block".
i don't know the implementation details but i think that a cloud platform that doesn't allows you to share files is useless.

Bruce SchneierSeptember 19, 2019 11:12 AM

@Warren:

"A little surprised you're using Dropbox with a security-related blog ... but I digress"

It's a public document, so it hardly matters where it's hosted.

Bruce SchneierSeptember 19, 2019 11:15 AM

@ftb:

"I looked at this out of curiosity (I already knew I would not be the right person and am also not looking), and ... the heatsinks my buzzword deflectors are now glowing bright orange from the thermal effects of deflecting all the cruft. Is this serious?"

Ha. Yes, it's pretty buzzwordy.

I am taking an arms length approach to this process. I would have written it very differently. But since the point is for me to find someone who isn't like me, and doesn't think like me, an RFP that reads differently from what I would write seems like a plus.

Bruce SchneierSeptember 19, 2019 11:16 AM

BTW, I deleted a bunch of comments about the Dropbox link not working -- because now it does.

Bong-Smoking Primitive Monkey-Brained SpookSeptember 19, 2019 12:20 PM

Is it a full time job, boss? I mean do I have to quit my current position, or can this be done on a part-time sort of engagement? I maybe able to do it pro bono, depending on the time commitment you require. 3-4 hours a week?

Impossibly StupidSeptember 19, 2019 12:22 PM

Schneier envisions an active ecosystem where a robust field of technologists grounded by public-interest principles are sought by academics and universities, tech companies, public-interest organizations, political think tanks, and policy officials seeking to hire these technologists to inform their work.

This failure of HR is what I have mentioned a number of times on this blog, Bruce, and it's somewhat ironic that the hiring process you're following to find a strategist isn't approaching things differently. I felt the same way when I applied for a job at the EFF; I was actually so disappointed in the experience that I stopped donating to them. As a member of their board, you should be using your role there to improve their approach, too.

You may think you need a dedicated strategist to work things out, but I say you really just need to engage with people more. Either on this blog (to the extent you can intersect the discussion with security), or start another blog as an offshoot of your public-interest tech site. Those of us with an interest in the subject would be eager to discuss these topics, rather than pouring their thoughts into an involved RFC that few people will read.

@1&1~=Umm

When you read their RFP's you would find almost the same thing as section 3.1. (which by the way would probably fail in an EU Court).

Meh. It's essentially a standard disclaimer that anyone should expect to see with an application process of this type. If you don't like it, don't participate. I mean, most jobs are so poorly presented that it's clear that it isn't even worth writing a cover letter to go with my resume. When it comes to public-interest jobs, I have absolutely no problem if along the way someone will "use without limitation any or all of the ideas" I present in order to make the world a better place. But then neither am I going to do a lot of work to dump them out fully formed ahead of time in an RFP . . .

WaelSeptember 19, 2019 12:24 PM

It's a public document, so it hardly matters where it's hosted.

Confidentiality-wise, yes; integrity-wise, perhaps. I guess that's the reason you used the word "hardly" :)

AndersSeptember 19, 2019 1:04 PM

@Bruce

"BTW, I deleted a bunch of comments about the Dropbox link not working -- because now it does."

Actually, not. Without Javascript turned on this document
is not downloadable and is only partly visible.

We, information security people usually keep NoScript turned
on and don't allow Javascript to run if EXPLICITLY needed.

Sorry, but it's utmost overkill to require Javascript to
download simple PDF file over a HTTP/HTTPS protocol.

Next step would be installing download manager to get one PDF
file. Where are we heading?

h2odragonSeptember 19, 2019 4:48 PM

I will submit to you that none of us are bright enough to know what truly in the public interest, in the long run. Therefore the best way to ensure that technologies best serve the public interest is to ensure that no technological opportunity is reserved for a privileged elite. If we're going to have autonomous weapons, let's make sure they're available to everybody.

Clive RobinsonSeptember 19, 2019 8:37 PM

@ me, TatüTata, Bruce,

dropbox will block new files that has many downloads. i think it's a security feature (security against what it's not totally clear to me)

I can't say for certain but you would need something like this to stop dropbox being used as the control server that can not be blocked for a botnet.

These days if you are a bot herder you are going to have problems, because even Microsoft has got a judge to approve the take over of a domain name. Which makes the likelyhood of your hard one bots extreamly vulnerable.

Quite some years ago now I posted on this blog how you could use a third party service to provide an unblockable control channel. Such that you could set up a search method on Google that would enable you to get at via Googles Cache a set of commands that you could randomly post to any open blog which back then many were open as well as effectively unmoderated. The joy of it was nobody was going to block Google at their firewall back then, and the random blog you used would not see any traffic from the bots only Google doing its normal spidery thing with it's robots. You could further dress the actual control message up as a fake signiture or something similar at the bottom of an otherwise relavant blog post. Likewise you could use a changing name in ways that would make Googles life quite difficult in blocking the control messages.

I mentioned at the time that you could use other third party systems. After all Twitter, facebook and similar social networking and other search engines were available. I did not mention that you could use the likes of another site that would not be blocked like say LinkedIn to do the control network.

What I mentioned but did not describe then --nor will I now--
was how you could use another idea to do a decoupled data transfer from a bot to the herder but in a way that would not directly link the herder to their bots.

Obviously dropbox does not want to be a temporary data store for bot herders either which might explain other parts of the behaviours you saw.

The possabilities for using "services that can not be blocked" are multiple, especially when it decouples the two parties in the likes of Googles cache.

As we have seen before the idea of using an Email service like gmail as a way to pass secret messages via partial edits is vulnerable because the two parties are not "decoupled".

As a third party public service like Google or Dropbox, trying to think hinky and then stop such behaviours is quite a challenge, especially when you have to be sufficiently "light handed" such that ordinary users are not deterred from using the service.

bartlettSeptember 20, 2019 7:51 AM

I hope that smart, talented people start to do this kind of "public interest" work. Someone needs to do it, and the corporations aren't going to, it's not in their (short-term) interest. The U.S. government probably also isn't going to, not on their own. They're too sclerotic, and their priorities lie elsewhere. And the EU government, while more right-headed on these topics, has some jurisdiction challenges. And... there isn't anyone else.

Good luck in your search, Bruce.


PatriotSeptember 23, 2019 7:13 AM

@Mr. Schneier

Perhaps reconsider this title "public-interest technologist" because we are certainly not talking about the set of all people on the earth who are members of the "public". We are not talking about people in Mainland China for example. A PIT in the U.S. does not represent them, nor can she. That amounts to about about 1 billion souls who are not in the "public".

PIT mostly talks about a slice of the world's Internet users in Western countries and perhaps Africa. As the Internet fragments, PIT is going to make less and less sense. Does a public-interest technologist represent the bulk of users in Iran? And in Israel too?

There is no single public on the Internet now, only competing groups with vital interests that sometimes directly oppose each other.

I'm a public-interest technologist whose values are based on the U.S. Constitution... that makes sense.

Impossibly StupidSeptember 23, 2019 4:23 PM

@Patriot

I'm a public-interest technologist whose values are based on the U.S. Constitution... that makes sense.

Oh, goodness, no. It doesn't serve the public to enslave a minority and consider them to be 3/5 of a person. It doesn't serve the public to only consider men as being worthy of the right to vote. It doesn't serve the public to impose a winner-take-all governance when 49% of the people oppose the result (or, for some heavily-lobbied issues, upwards of 95%). Even though the Constitution got a lot of things right, it is still a document of political power, and should not be used as the basis for what is in the interest of the general public. The same holds true for doctrines of religious power.

But there is one system of thinking that is true not only in the US, but in Mainland China, Iran, and Israel. And any other place you care to mention. It's Science. People who deny it and favor pre-scientific ideas do so at their own peril, and often with deadly consequences to the public's interest (I'm especially looking at you, antivaxxers). Move beyond being a "Patriot" if you really want to pursue public-interest technology.

PatriotSeptember 24, 2019 5:33 AM

@Impossibly Stupid

Thank you for your comments. The tenor of your response is itself an answer to my concerns about Mr.Schneier's terminology.

He is not selling comfort food, and he cannot really tell the full story either. If he did the latter, very few would listen. In the current climate of hostility, one must be careful.

So, "public-interest technologist"... sounds good to me.

Chuck PergielSeptember 27, 2019 5:21 PM

Try to log on to Dropbox using my Google account and it tells me dropbox wants access to my list of contacts. ??? I suspect all my confidential information is already out there somewhere, but it's annoying that they would ask for this. I said no.

AlexOctober 15, 2019 11:29 AM

It might be worth specifically getting in touch with Newspeak House in the UK - its purpose is in part to enable and improve this type of work.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.