Encryption plays an important role in protecting free speech and political organizing. However, if only the most privileged tech workers maintain encryption technology, other communities will be forgotten.
How can the security industry make sure cryptography benefits everyone? Seny Kamara, one of the few Black academic cryptographers in the world, tells Wired we need to focus more on diversity.
Marginalized communities are forgotten by encryption and cryptography
This year’s “invited talk” at the International Association for Cryptologic Research's Crypto conference was delivered by Seny Kamara who focused on how cryptography often ignores the needs of the world’s most marginalized communities.
According to WIRED: “The talk, dubbed Crypto for the People and given on August 19, examined the question of who really benefits from encryption technologies and advances in cryptographic research. It sounded a call to reexamine research priorities that today largely serve the interests of governments and corporations instead of marginalized people, be they racial minorities, immigrants, women, the LGBTQ community, or others.”
Even though encryption, including apps like Signal, can protect activists and journalists, the cryptography community can, and should, do much more. “Kamara pointed out that even the open source community and movements like the cypherpunks largely don't directly work to address these needs,” the article continues. “They are focused on taking power from corporations and developing technologies to defend people from mass government surveillance and digital intrusion, but generally not on developing encryption technologies and new areas of abstract theory that are specifically motivated by the needs of underserved communities.”
So, how can the cryptography community help? Kamara recommends the space become more inclusive. “’I think the only reason we have a hard time imagining what this looks like is because, effectively, we’ve been trained for 40 years to do corporate research. So, we lack the imagination, skills, and knowledge to do research 'for the people,'" Kamara says. "But diversity is crucial for this.’"
- Reconsidering Personal Privacy Perceptions
- Why True End-To-End Encryption is Important for Distributed Apps
- Is the War on Encryption a Fight Between Privacy and Safety?
IoT devices hit by new flaw
We’ve seen chip-based flaws before, and it seems like they’ll keep coming in the future. Just last week, IBM’s X-Force Red hacking team discovered a new vulnerability impacting Intel chips.
As TechHQ writes: “[The team] discovered a vulnerability in a series of IoT chips that can be exploited remotely, leaving billions of industrial, commercial, and medical devices at risk. The discovered security flaw affects Cinterion EHS8 M2M modules developed by French maker Thales.”
Thales has been working with IBM and already issued a patch for the vulnerability. But with so many IoT devices currently in the world, and with more adoption in the future, we should be prepared to see similar flaws. At the beginning of the year, EDN reported over 15 major IoT vulnerabilities in just 2019 alone.
Ultimately, every organization and user should make sure their IoT devices are protected and managed properly.