Bruce Schneier takes his pitch for public-interest security to RSA Conference

New, full-day Public-Interest Technologist track at the RSA Conference to focus on security pro bono work.

private public hybrid cloud technology sign

It's time for tech to grow a conscience.

That's Bruce Schneier's message at this year’s RSA Conference. Just as lawyers are expected to engage in pro bono work if they want to make partner at a major law firm, so too should security professionals be expected to spend time helping secure vulnerable groups, such as non-profits, human rights workers, journalists and other voices of conscience in society. Schneier, an internationally recognized security technologist, will explore this idea during an all-day track at RSA on Thursday, March 7.

"I would like to see an ecosystem where if you are going to be a senior manager in cybersecurity, you will have been expected to do some work in the public interest," Schneier tells CSO.

Working in public-interest technology will also give security folks perspective outside of the enterprise, and in the long run result in better government policy. Just as an attorney who does pro bono work defending illegal immigrants is better-informed to help reform our national immigration policy, Schneier argues, so too will security folks who spend time defending human rights workers be better informed to develop national encryption and surveillance policy.

"These skills, once you get them, will be valued by future employers," he says. "If you take two years off and go do cybersecurity for Greenpeace, you're going to have a ton of experience that's super valuable."

But what exactly is a public-interest technologist, and how will they make money?

What is a public-interest technologist?

Before Watergate, public-interest law did not exist. The widespread misconduct by lawyers in the Nixon administration, however, spurred a push for legal ethics by the American Bar Association. It also started a culture shift toward public-interest law--doing pro bono work simply because it was the right thing to do and the responsibility of a lawyer to consider as part of their practice.

Public-interest technologists "combine their technological expertise with a public-interest focus, either by working on tech policy, working on a tech project with a public benefit, or working as a more traditional technologist for an organization with a public-interest focus," Schneier writes at his Public-Interest Technology Resources blog.

Examples of prominent public interest technologists include Chris Soghoian (formerly at the ACLU, now on staff in Senator Ron Wyden's office), Ed Felten (former chief technologist at the Federal Trade Commission, now at Princeton), and Latanya Sweeney (former CTO at the FTC, now at Harvard).

Spending time as a public-interest technologist can do great things both for society and your career, but finding ways to make a living while doing so can be a challenge, Schneier admits.

How do public-interest technologists make money?

ACLU lawyers don't make a lot of money, but any time there is a job opening they get a mountain of applications, according to Schneier. Given similar opportunities for security folk to engage in pro bono work, people will take them, Schneier says.

Apple security engineer Jon Callas did just that. In the middle of a decades-long and--by any measure--distinguished career, Callas recently left his position at Apple to take a two-year technology fellowship working at the ACLU.

"When I told my coworkers at Apple and my boss found out, he said, 'I was going to try to talk you out of whatever you were doing, but given it's the ACLU, I guess this is really important'," Callas tells CSO.

Not everyone needs to go work for the ACLU, he points out. Go work for under-resourced NGOs in sub-Saharan Africa, or your local school district or hospital, or go to your state house and help legislators better understand technology issues. Any and all of these are real contributions to society and enrich both the employee and employer when they return to their corporate job.

Silicon Valley behemoths with large security teams can certainly afford to let folks take the occasional sabbatical. "It wouldn't be a burden to them," Callas says. "We're really not talking about more than a handful of a percent of people. I could imagine it could work in any good-sized company that had a few tens of people that they would want to set it up for."

An end to "move fast and break things"

For a generation, information technology has moved fast and broken things. Now it's time to start picking up the pieces. Since neither government nor industry appears to have incentives to do much about the mess they've made, public-interest technologists need to step forward to lead the way.

That begins with a cultural shift. It happened with public interest law in the 1970s post-Watergate, and it can happen now with public interest tech today. "Today 20 percent of Harvard Law graduates go into public-interest law, and last year Harvard Law School had a soul-searching seminar because that percentage was so low," Schneier says. "But in computer science that rate is basically zero."

For his part, Callas plans to use his two years at the ACLU to work on issues of surveillance by both government and industry, and what that means for our civil rights, even our humanity. "The most important thing that I am dealing with is the surveillance problem," Callas says. "We're creating a bunch of things that are creating a surveillance society. Should we be allowed to have anything that is private?"

"What is the core of being a person and what is intrinsically yours that other people should not be able to take away from you?"

Copyright © 2019 IDG Communications, Inc.

The 10 most powerful cybersecurity companies