security research, software archaeology, geek of all trades
495 stories
·
7 followers

I Thought I Understood What White Privilege Was Until I Married a Black Man

1 Comment and 3 Shares

For the first 37 years of my life, I considered myself largely exempt from the blind spots of white privilege. Intellectually, I knew the definition of the phrase: White privilege is the inherent advantages that come with being white. But I assumed I knew better than to let those advantages hinder my progressive way of life. I had worked in New York City media for years, leaving a big job in magazines to become director of creative engagement for Hillary Clinton’s 2016 presidential campaign. I helped to organize the Women’s March. I started my social impact agency Invisible Hand to assist companies like Instagram and organizations like Planned Parenthood as they put good work into the world. I was your favorite progressive's favorite progressive.

Then, I met Jordan. He was so handsome, I thought I might die. He was sharp and charismatic and when he smiled it looked like he was lit from within. I cringe to say that I loved him immediately, but here's the thing: I pretty much did. We did not take it slow. In fact, we shoehorned a decade’s worth of life into our first 24 months together. We moved in together, started companies, got pregnant, miscarried, renovated an apartment and got pregnant again, only to spend the last trimester of the pregnancy living apart while I pursued a fellowship in a different city. In the beginning, when we fought — which we did, kind of a lot — I chalked it up to the stress of cramming all of that life into such a short span of time. But before long, I started to realize something bigger was at play: He is a Black man raised in the south. I am a white woman raised in Alaska. My whiteness, and my white privilege, really got in the way.

Of course I knew that Jordan and I would have cultural differences. On our first date, he asked me if he was the first Black man I’d dated (he was not), and told me that his relationships had spanned the map, too. We discussed how we thought our families would react, and the role our upbringings had played in our identities. I kind of thought we had it covered. We did not. Almost immediately, I began to understand my white privilege and unconscious bias in new, upsetting ways.

Just a few examples:

Last winter, Jordan and I were driving on a highway in New York headed upstate to look at real estate, when I casually mentioned that our license plates were about to expire. He got so angry with me that I worried he would crash the car.

“Do you realize that if a cop pulls us over for expired tags, I could be killed?” he said.

I had not realized.

Then, just this weekend, while driving the same stretch of highway, he mentioned that we were in the same borough where Eric Garner was murdered.

I mean, I really had not realized.

Then there was the time I pushed him to negotiate for a higher salary, thinking that the problem with his offer lay in his negotiating skills and not realizing that black men are serially underpaid, considerably more so than white women. And black women have it even worse.

I fought for pay equity my entire career. This, I had not realized.

Or the time we spent New Year’s with friends, in Malibu, California, and I gave him a hard time for isolating himself in our room with his iPad instead of joining group activities. He finally said, “You don’t get it. Y’all white people move through the world like the way it is for you is the way it is for everybody. I’m trying to tell you that it’s not. People treat me differently here. They cross the street when they see me coming. Stop trying to get me to go on your hike.”

I had not realized.

Or every single time we fight and I say, “When you start yelling, I stop listening,” without realizing that what I hear as a yell is just how they talk in his family, and that half the time I think I’m fighting with Jordan he isn’t even mad. I’m not used to that tone because I never had to yell in order to be heard: The world was always listening. But instead of moderating my reaction, my impulse is to ask him to speak differently—hey, husband, change your tone to make me feel more comfortable. Make yourself familiar to me, please. Come over to my side of the road.

To be raised white in America is to be told in countless small ways that how you live is correct.

I have too many stories like this, and the moral of them is always the same: It does not matter how many marches I have planned or how many progressive candidates I have campaigned for or how many times I have chanted Black Lives Matter in the streets: I am rife with internalized racism and unconscious bias. And to all of the non-Black folks reading this, we need to get clear on something: So are you.

To be raised white in America is to be told in countless small ways that how you live is correct. It means having your image and your values reflected back at you — in the education you received, the toys you were sold, the ideals of beauty you were given. Over time, this message imbeds itself so deeply in us that we can no longer recognize it as the false narrative that it is. We lose our sense of culpability, misunderstanding racial inequality as something to empathize with instead of something that we created and are uniquely required to solve.

This spring, when Dominique "Rem'mie" Fells, Breonna Taylor and George Floyd were murdered, a fog rose up in our house. As protests raged across the country, I wondered what we would tell our daughter, now two years old, about the people marching down our street. Just weeks before, we were teaching her to wear a mask when leaving the house. Now, we were adjusting our rituals, adding, “Goodnight Protestors! We love you!” to the rounds of blessings we wished upon the city each night at bedtime. During the days, I did what I normally do when our country takes a hit: I got down to business, working with fellow activists to fight for policy change and advising companies and friends about how to get involved in the hard work of making systematic change. It wasn’t feeling like enough.

Systematic change is critical. Better schools. A functioning justice system and an end to police brutality. Reparations. But until white women like myself do the work to examine our role in this racist system, and to repair the collateral damage we have caused, Black people in this country will never truly be liberated. Systems, hearts and minds — that’s the combo.

Until white women like myself do the work, Black people in this country will never be liberated.

Recently, with my husband’s blessing, I took to Instagram, outlining ways in which my own bias and internalized racism had hurt our partnership. I hoped that by spelling it out, it would help my family and friends start the work of examining their own culpability.

It is hard work. It is embarrassing and shameful, and every time I post, I fear that this latest confession could be the one that will expose me as irredeemable — too privileged to be deserving of the man I love, too far gone to be a suitable mother to my black daughter.

This content is imported from Instagram. You may be able to find the same content in another format, or you may be able to find more information, at their web site.

But every time I do, I get a message from a white friend saying something like, “I drove with expired tags just yesterday,” or, “I had no idea about the pay gap.” I’ve worried about centering myself in these stories (something white women are awfully prone to do), but my Black friends and family have been broadly generous, saying they are grateful not to have to do the work to break down clearly the things they live with every day (even though, as one said, “It’s like racism 101 up in your feed, but if this is what the people need, please dear god, give it to them.”). If I can redirect some of the labor — or even the trolls — that too often gets sent in their direction, well, that’s a good day's work for me.

I am the mother of a black daughter.

I am the wife of a black man.

If I want to be worthy of them — and I do — I have to at least start here.

Will you join me?

Genevieve Roth is the founder of Invisible Hand, a social impact and culture change agency based in New York. Previously, she was a Shorenstein Fellow at the Harvard Kennedy School, served as the creative engagement director for the 2016 Hillary Clinton presidential campaign and as an executive director of special projects at Glamour Magazine. She is a born and raised Alaskan, which she feels is important for you to know. You can connect with her on Instagram. Genevieve donated the fee for this essay to Black Lives Matter.

This content is created and maintained by a third party, and imported onto this page to help users provide their email addresses. You may be able to find more information about this and similar content at piano.io

This commenting section is created and maintained by a third party, and imported onto this page. You may be able to find more information on their web site.

Read the whole story
zwol
6 days ago
reply
Pittsburgh, PA
Share this story
Delete
1 public comment
acdha
6 days ago
reply
“I am rife with internalized racism and unconscious bias. And to all of the non-Black folks reading this, we need to get clear on something: So are you.”
Washington, DC

New Research: "Privacy Threats in Intimate Relationships"

1 Share

I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships."

Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. Many common assumptions about privacy are upended in the context of these relationships, and many otherwise effective protective measures fail when applied to intimate threats. Those closest to us know the answers to our secret questions, have access to our devices, and can exercise coercive power over us. We survey a range of intimate relationships and describe their common features. Based on these features, we explore implications for both technical privacy design and policy, and offer design recommendations for ameliorating intimate privacy risks.

This is an important issue that has gotten much too little attention in the cybersecurity community.

Read the whole story
zwol
36 days ago
reply
Pittsburgh, PA
Share this story
Delete

The FBI is mad because it keeps getting into locked iPhones without Apple’s help

2 Shares

The debate over encryption continues to drag on without end.

In recent months, the discourse has largely swung away from encrypted smartphones to focus instead on end-to-end encrypted messaging. But a recent press conference by the heads of the Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) showed that the debate over device encryption isn’t dead, it was merely resting. And it just won’t go away.

At the presser, Attorney General William Barr and FBI Director Chris Wray announced that after months of work, FBI technicians had succeeded in unlocking the two iPhones used by the Saudi military officer who carried out a terrorist shooting at the Pensacola Naval Air Station in Florida in December 2019. The shooter died in the attack, which was quickly claimed by Al Qaeda in the Arabian Peninsula.

Early this year — a solid month after the shooting — Barr had asked Apple to help unlock the phones (one of which was damaged by a bullet), which were older iPhone 5 and 7 models. Apple provided “gigabytes of information” to investigators, including “iCloud backups, account information and transactional data for multiple accounts,” but drew the line at assisting with the devices. The situation threatened to revive the 2016 “Apple versus FBI” showdown over another locked iPhone following the San Bernardino terror attack.

After the government went to federal court to try to dragoon Apple into doing investigators’ job for them, the dispute ended anticlimactically when the government got into the phone itself after purchasing an exploit from an outside vendor the government refused to identify. The Pensacola case culminated much the same way, except that the FBI apparently used an in-house solution instead of a third party’s exploit.

You’d think the FBI’s success at a tricky task (remember, one of the phones had been shot) would be good news for the Bureau. Yet an unmistakable note of bitterness tinged the laudatory remarks at the press conference for the technicians who made it happen. Despite the Bureau’s impressive achievement, and despite the gobs of data Apple had provided, Barr and Wray devoted much of their remarks to maligning Apple, with Wray going so far as to say the government “received effectively no help” from the company.

This diversion tactic worked: in news stories covering the press conference, headline after headline after headline highlighted the FBI’s slam against Apple instead of focusing on what the press conference was nominally about: the fact that federal law enforcement agencies can get into locked iPhones without Apple’s assistance.

That should be the headline news, because it’s important. That inconvenient truth undercuts the agencies’ longstanding claim that they’re helpless in the face of Apple’s encryption and thus the company should be legally forced to weaken its device encryption for law enforcement access. No wonder Wray and Barr are so mad that their employees keep being good at their jobs.

By reviving the old blame-Apple routine, the two officials managed to evade a number of questions that their press conference left unanswered. What exactly are the FBI’s capabilities when it comes to accessing locked, encrypted smartphones? Wray claimed the technique developed by FBI technicians is “of pretty limited application” beyond the Pensacola iPhones. How limited? What other phone-cracking techniques does the FBI have, and which handset models and which mobile OS versions do those techniques reliably work on? In what kinds of cases, for what kinds of crimes, are these tools being used?

We also don’t know what’s changed internally at the Bureau since that damning 2018 Inspector General postmortem on the San Bernardino affair. Whatever happened with the FBI’s plans, announced in the IG report, to lower the barrier within the agency to using national security tools and techniques in criminal cases? Did that change come to pass, and did it play a role in the Pensacola success? Is the FBI cracking into criminal suspects’ phones using classified techniques from the national security context that might not pass muster in a court proceeding (were their use to be acknowledged at all)?

Further, how do the FBI’s in-house capabilities complement the larger ecosystem of tools and techniques for law enforcement to access locked phones? Those include third-party vendors GrayShift and Cellebrite’s devices, which, in addition to the FBI, count numerous U.S. state and local police departments and federal immigration authorities among their clients. When plugged into a locked phone, these devices can bypass the phone’s encryption to yield up its contents, and (in the case of GrayShift) can plant spyware on an iPhone to log its passcode when police trick a phone’s owner into entering it. These devices work on very recent iPhone models: Cellebrite claims it can unlock any iPhone for law enforcement, and the FBI has unlocked an iPhone 11 Pro Max using GrayShift’s GrayKey device.

In addition to Cellebrite and GrayShift, which have a well-established U.S. customer base, the ecosystem of third-party phone-hacking companies includes entities that market remote-access phone-hacking software to governments around the world. Perhaps the most notorious example is the Israel-based NSO Group, whose Pegasus software has been used by foreign governments against dissidents, journalists, lawyers and human rights activists. The company’s U.S. arm has attempted to market Pegasus domestically to American police departments under another name. Which third-party vendors are supplying phone-hacking solutions to the FBI, and at what price?

Finally, who else besides the FBI will be the beneficiary of the technique that worked on the Pensacola phones? Does the FBI share the vendor tools it purchases, or its own home-rolled ones, with other agencies (federal, state, tribal or local)? Which tools, which agencies and for what kinds of cases? Even if it doesn’t share the techniques directly, will it use them to unlock phones for other agencies, as it did for a state prosecutor soon after purchasing the exploit for the San Bernardino iPhone?

We have little idea of the answers to any of these questions, because the FBI’s capabilities are a closely held secret. What advances and breakthroughs it has achieved, and which vendors it has paid, we (who provide the taxpayer dollars to fund this work) aren’t allowed to know. And the agency refuses to answer questions about encryption’s impact on its investigations even from members of Congress, who can be privy to confidential information denied to the general public.

The only public information coming out of the FBI’s phone-hacking black box is nothingburgers like the recent press conference. At an event all about the FBI’s phone-hacking capabilities, Director Wray and AG Barr cunningly managed to deflect the press’s attention onto Apple, dodging any difficult questions, such as what the FBI’s abilities mean for Americans’ privacy, civil liberties and data security, or even basic questions like how much the Pensacola phone-cracking operation cost.

As the recent PR spectacle demonstrated, a press conference isn’t oversight. And instead of exerting its oversight power, mandating more transparency, or requiring an accounting and cost/benefit analysis of the FBI’s phone-hacking expenditures — instead of demanding a straight and conclusive answer to the eternal question of whether, in light of the agency’s continually-evolving capabilities, there’s really any need to force smartphone makers to weaken their device encryption — Congress is instead coming up with dangerous legislation such as the EARN IT Act, which risks undermining encryption right when a population forced by COVID-19 to do everything online from home can least afford it.

The bestcase scenario now is that the federal agency that proved its untrustworthiness by lying to the Foreign Intelligence Surveillance Court can crack into our smartphones, but maybe not all of them; that maybe it isn’t sharing its toys with state and local police departments (which are rife with domestic abusers who’d love to get access to their victims’ phones); that unlike third-party vendor devices, maybe the FBI’s tools won’t end up on eBay where criminals can buy them; and that hopefully it hasn’t paid taxpayer money to the spyware company whose best-known government customer murdered and dismembered a journalist.

The worst-case scenario would be that, between in-house and third-party tools, pretty much any law enforcement agency can now reliably crack into everybody’s phones, and yet nevertheless this turns out to be the year they finally get their legislative victory over encryption anyway. I can’t wait to see what else 2020 has in store.

Read the whole story
zwol
49 days ago
reply
Pittsburgh, PA
Share this story
Delete

Noted Philosophers Reconsider Their Key Insights After a Month of Social Distancing

1 Comment and 4 Shares

Sartre

1944: Hell is other people.

April 2020: All this time, I thought the problem was viewing myself through the lens of others’ subjectivities. Now I come to find that the problem has always been me. Take away other people, and all I do is play video games and eat Sara Lee frozen desserts. Hell is knowing this: I’m never going to refinish those goddamn kitchen cabinets, and I have no one to blame but myself.

- - -

Arendt

1963: Evil is not interesting, but instead stems from vacuity and stupidity; evil is banal.

April 2020: Ditto what I said there, but also, every single thing is not interesting. From this Hannah Arendt-shaped divot that’s formed in my couch, I hereby declare the banality of everything.

- - -

Plato

Ca. 360 B.C.E.: The human soul is a charioteer trying to drive, simultaneously, one bad horse and one noble one.

April 2020: This holds up for like a week. The noble horse asks your elderly neighbor if he needs help with anything. (He doesn’t.) The bad horse charts a rough looting strategy for the inevitable riot phase of the crisis. But numbness sets in quickly. Pretty soon your noble horse is just compulsively refreshing your state’s infection and fatality webpage. Your bad horse is too lazy to pick up the binoculars for a better peek through your other neighbor’s bedroom window. The human soul is a charioteer sleeping 14 hours a night but still napping 4 times a day.

- - -

Descartes

1637: I think, therefore I am.

April 2020: I was so lonely and disoriented, I started doubting the reality of everything, even myself. But if I didn’t exist, then how could I already have over a dozen subscribers on Spotify? I started a podcast this month, therefore I am.

- - -

Heidegger

1927: The human essence, Dasein, can only fully comprehend the meaning of its life when faced with the certainty of its death.

April 2020: Hoo boy, was I wrong. When faced with the certainty of death, people freeze dozens of gallons of milk. They make jokes complaining about their “coworkers” (who are really just their children and pets, because, working from home, get it?). They record parody performances of “One Day More.” I mean, don’t get me wrong, it’s adorable, I love it, but we’re not exactly achieving hard-won glimpses into the meaning of existence.

- - -

Nietzsche

1883: In the absence of God and conventional morality, the übermensch creates his own moral code.

April 2020: Oh my God, people, if I’ve said it once I’ve said it a thousand times: 5/8ths of a college degree and a plane ticket to a warm beach town do not make you the übermensch. Just follow the CDC guidelines, for Christ’s sake — that’s our new secular morality. And yeah, I said “oh my God” and “for Christ’s sake.” Deal with it.

- - -

Confucius

Ca. 500 BCE: Courteous, respectful support of one’s parents and elders is the foundation of civilized society.

April 2020: Nope. Your parents have chosen this moment to revive their teenage sense of invincibility, and for some reason they go to Costco like twice a day. The only way to get through to these dum-dums is to lose your shit. Just shriek at them until the ringing in their ears paralyzes them, and they have no choice but to stay home. Filial piety, my ass.

- - -

Kierkegaard

1844: Angst, the constant anxiety that is a defining feature of the human condition, stems from our consciousness of the unfettered freedom to choose.

April 2020: Great point, former me! Turns out when you have no choices, all your anxiety just melts away like snow in spring, or like glaciers in any season. That’s why this past month has been so existentially carefree!

- - -

Smith

1776: The invisible hand of the market will ensure that each self-interested economic act performed by an individual will ultimately benefit society as a whole.

April 2020: Shoot, y’all, in my day we didn’t even know about viruses, so how could I have foreseen a ventilator and mask shortage? My bad. If it’s any comfort, I tried to be a rational actor in a logical, self-regulating market, and now I’ve been out of toilet paper for three weeks. So let’s call it even?

- - -

Plato again

Ca. 375 B.C.E.: Society would be best ruled by a class of philosopher kings.

April 2020: Still kinda feeling it.

Read the whole story
zwol
59 days ago
reply
Pittsburgh, PA
Share this story
Delete
1 public comment
hannahdraper
60 days ago
reply
Plato again
Ca. 375 B.C.E.: Society would be best ruled by a class of philosopher kings.

April 2020: Still kinda feeling it.
Washington, DC

iOS XML Bug

3 Comments and 5 Shares

This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary:

What a crazy bug, and Siguza's explanation is very cogent. Basically, it comes down to this:

  • XML is terrible.
  • iOS uses XML for Plists, and Plists are used everywhere in iOS (and MacOS).
  • iOS's sandboxing system depends upon three different XML parsers, which interpret slightly invalid XML input in slightly different ways.

So Siguza's exploit ­-- which granted an app full access to the entire file system, and more ­- uses malformed XML comments constructed in a way that one of iOS's XML parsers sees its declaration of entitlements one way, and another XML parser sees it another way. The XML parser used to check whether an application should be allowed to launch doesn't see the fishy entitlements because it thinks they're inside a comment. The XML parser used to determine whether an already running application has permission to do things that require entitlements sees the fishy entitlements and grants permission.

This is fixed in the new iOS release, 13.5 beta 3.

Comment:

Implementing 4 different parsers is just asking for trouble, and the "fix" is of the crappiest sort, bolting on more crap to check they're doing the right thing in this single case. None of this is encouraging.

More commentary. Hacker News thread.

Read the whole story
zwol
65 days ago
reply
The bug itself is unremarkable—two parsers for a complex serialization format, subtly different error recovery behavior, and that lets you sneak something past security enforcement.

The “fix” is disheartening: they added *another* parser and another layer of checks. This is exactly the opposite of what they should have done. It papers over this bug and almost surely introduces more bugs elsewhere. I expect better from Apple.
Pittsburgh, PA
acdha
65 days ago
I’d love to know the reasoning behind that. I can imagine some impediments leading to that but it certainly felt like a shock at the end.
Share this story
Delete

Netflix Posts Dozens of Their Educational Programs on YouTube for Free

3 Shares

In the Before Times, Netflix let teachers stream their programming in the classroom. With schools not in sessions due to the Covid-19 pandemic, Netflix has decided to put some of their educational programming on YouTube for free (full playlist here). For instance, they’ve put all 8 episodes of David Attenborough’s nature series Our Planet online in their entirety. Here’s the first episode:

The Our Planet website also has tons of educational information for schools and kids.

13th is a feature-length documentary by Ava DuVernay about how racial inequality in America drives our high incarceration rates:

13th is currently rated 97% on Rotten Tomatoes and NY Times reviewer Manohla Dargis called it “powerful, infuriating and at times overwhelming”. Here’s a discussion guide.

Eight full episodes of the first season of Abstract: The Art of Design are also available on YouTube (discussion guide). Here’s the episode featuring illustrator Christoph Niemann:

Several episodes of Vox’s series Explained are included, like this one on the racial wealth gap:

Also included are The White Helmets & Period. End of Sentence. (which each won an Oscar for Best Documentary Short Subject) as well as Knock Down The House, the documentary on the 2018 Congressional campaigns of four women (including Alexandria Ocasio-Cortez). See the full list of included shows and the full playlist on YouTube.

Tags: 13th   Abstract   Ava DuVernay   Christoph Niemann   David Attenborough   education   Manohla Dargis   movies   Netflix   Our Planet   video
Read the whole story
zwol
83 days ago
reply
Pittsburgh, PA
Share this story
Delete
Next Page of Stories