#RSAC: How to Hack Society
The method, procedures, and practices used by cybersecurity professionals have relevance beyond just the technology sphere; they can also be used to hack society.
That’s the view espoused by Bruce Schneier, security technologist, researcher, and lecturer at the Harvard Kennedy School, during a keynote session at the RSA Conference in San Francisco.
“This is the big idea: we here in our community have developed some very effective techniques to deal with code and technology,” Schneier said. “Can our expertise in IT security transfer to broader social systems like the tax code, or the systems we use to choose our elected officials or the market economy?”
Schneier argued that the hacker mindset, that is, an approach to thinking about how things fail and how to make things fail, has broader implications than just computer security. He suggested that the cybersecurity procedural mindset is valuable in a broader context and can be used to help secure the systems that make up society.
“As the world looks more like a computer, our security skills become more applicable,” he said.
That said, Schneier noted that he didn’t want to imply that technology can fix everything, but rather there is perhaps a way to blend technology and policy in a new way that can improve human communities.
The Hacking Mindset
Using a hacking mindset to impact society isn’t an entirely new idea. Schneier remarked that NSA whistleblower Edward Snowden wrote in his memoir that the US intelligence community hacked the Constitution in order to justify mass surveillance.
“We can argue whether that’s true or not, but everyone here intuitively knows what he means by that,” Schneier said.
Another example of how the hacking mindset is already in use is within the advertising industry. Schneier argued that advertising is a hack of humans’ cognitive systems to help influence choices.
Political forces are already using hacking type technique for propaganda as well.
“Authoritarian regimes are vulnerable to information attacks that challenge their monopoly on common political knowledge, and that is why an open internet is so dangerous to an autocracy,” Schneier said. “Democracies are vulnerable to information attacks that turned common political knowledge into contested political knowledge.”
Schneier suggested that there are several ways modern cybersecurity practices can be used to hack society for good purposes.
In cybersecurity, having transparency and visibility is a foundational idea that is a useful concept for society in general.
“We have other solutions in our tech tool kit like defense in-depth, compartmentalization, isolation, sandboxing, audit, incident response, and patching,” he said. “We never actually solve a security problem, we iterate, so is there some way to iterate law to have extensible law, where we implement some rapid feedback in our laws and regulations.”
A key challenge that Schneier sees today is that we don’t have policy institutions with footprints to match the technology that society uses. For example, he noted that Facebook is global, yet it’s only regulated nationally by specific governments.
“Our problems tend to be social problems masquerading as tech problems and tech solutions masquerading the social solutions,” Schneier said. “We need to better integrate tech and policy.”