Hack to learn: integrating humanities into cybersecurity with Dr. Aaron Mauro

Secure Talk - Aaron Mauro

Justin Beals: Welcome to SecureTalk, everyone, another exciting guest to chat with today. Um, I'm really glad to introduce Dr. Aaron Mauro. He is an associate professor of digital media at Brock University in Ontario, Canada. He teaches in both interactive arts and science and the PhD in interdisciplinary humanities programs on topics relating to digital culture, natural language processing, and app development. One of the reasons we're getting to chat with Aaron today is that he is now the author of two books that study the cultural consequences of cybersecurity. One is “Hacking in the Humanities”, and he has a work that's coming out very soon called “The Language of Cyberattacks”.

Aaron, thank you for joining SecureTalk today. We're really glad to chat with you. 

Aaron Mauro: Yeah, thanks for having me, Justin. I'm really happy to be here.

Justin Beals: Excellent. Well, you know, as a part of that introduction, I really enjoyed reading the books because, as many listeners will know, because it's a story we've told before my degree, my academic career ended at my theater degree.

But obviously, I work in technology sometimes as a Chief Technology Officer or an architect, a developer, a security engineer, and lately as an entrepreneur or founder. And I think a lot of our listeners may not understand fully what even the humanities are or how they impact us. So I was hoping you might help us introduce this field of study as an expert, and maybe what I should start with is maybe you can tell us a little bit about your origin story. You know, how did you start to cross-connect cyber security and the humanities? 

Aaron Mauro: Yeah, it's an interesting thing, and I think a lot of people who are working in security or kind of are, working or observing the security industry are really coming at it from a different range of backgrounds.

And so we kind of all have these stories, but for me, I have to go back to kind of the mid-nineties, the turn of the millennium. I'm an elder millennial, so, like, you know, Y2K was happening just as I was graduating high school, and I kind of came into this like world of fear and paranoia online. The dot.com bubble burst, you know, just kind of adding to the sense of cynicism and kind of gloom and in the midst of all of that, as I'm growing up as a punk kid on the Canadian prairies, you know, I really loved cyberpunk that kind of hacker mystique, you know, as, as kind of cringy as it is, was, was a space of a lot of imagination for me that I was able to escape into and, you know, like William Gibson's, The Sprawl Trilogy and the romance or in particular. Just kind of matched with a lot of the feelings at the time around the early web. There was just kind of this, this quality, of wanting to inhabit this place. It was so exciting and wanting to really kind of build websites. You know, this was like the early days. You might, you know, like Angel Fire and like the nineties and like MySpace and IRC and stuff.

So, you know, like, and I don't think I'm unique in all that. Like there's a whole generation of us who really come into cyber security thinking about, you know, the ways that it touches on how we interact with digital culture and the ways that we're thinking about this. And so we now in the 21st century, you know, we live our lives 24-7 online for better or for worse.

But there was this kind of heady golden day with, you know, Napster and peer-to-peer sharing and getting access to, to all of this new cultural content and as time has gone on, we've seen how, you know, like ebooks and games and movies and just DRM, in general, is on streaming platforms is really shaping the way that we access this stuff.

And so, you know, like I think about the kind of the hacker. Idea, right, as this kind of romantic thing going back to Angelina Jolie and, you know, even I was watching Buffy the Vampire Slayer with my kid over the pandemic and how much acting was really a part of it. So there's that kind of like, you know, idealism and like the neon fun of the nineties kind of culture of surfing around the web, but so much of it was about building, right?. Like we were building websites and we were, you know, on my space and tweaking it and hacking it. That was kind of the flex for the time. But, you know, as we grew, there was this period around like 9/11, you know, like 2001 that some of that really shifted. It was a time when, you know, the economic downturns, You know, around the dot com, but 2008 and I kind of moved into the university and really never left.

But my work around studying the visual culture of security started with 9/11 and kind of move where we're thinking about, you know, Security theater, the ways that it shaped how we interact and the kind of cultural conversations around it, as well as the visual culture around it. And so that was something that I was, I kind of came into, I wrote a pretty substantial summary article around that time around 2011, in fact, around the 10 year anniversary.

And so that was, that was kind of me coming into thinking about security and thinking about culture and as they came together. But when I came into this other discipline, this discipline called digital humanities, it was  that felt very, very similar to that 90s feeling of making the web, right? We were building things.

It was about studying culture and making applications and websites and things. And this became, you know, my work as an educator, as a researcher and a lot of the work that needed to be done was building new curriculum for humanities students and universities, and I did that at Penn State. to start my career in the U S and I, you know, I built a program that had a lot to do with app development.

We were building things all the time. And so we were following the trajectory of Python and working with flask and Django. And so, as an educator, then I took my kind of early interest in hacker culture and the web and that kind of thing and really put it into the curriculum. And I found myself teaching not just app development practices, but security practices as first principles.

So we were talking about data encryption and password management,  sanitizing inputs, you know, managing web app endpoints, cross site scripting, right? And so the OWASP top 10 kind of became like a teaching resource for me. And, you know, after that teaching undergraduates, how to build applications and do it securely, I just, It's really started to follow the cybersecurity industry.

And I realized with a lot of these authors that they were making arguments and claims about how we act online and what digital culture looks like. So some of the authors that, I really valorize, like, you know, Kim Zetter and Kathleen Campanu and Dan Gooden, Sean Lengas, Andy Greenberg, you know, these are, these folks are not really seen in academic circles.

But are really making some of the most consequential arguments and claims about what life is like online these days. And so the work of the book is really about kind of meshing that world and that conversation with some of these academic authors like, you know, Alexander Galloway and Eugene Packer in 2007 wrote a book called The Exploit, which was one of the early ones that really starts to think about hacker culture, Mackenzie Wark in Australia. Now, her important book, “The Hacker Manifesto”, these were really pivotal moments for a lot of us. And then you have, you know, Pecka Himannen, “The Hacker Ethic” and Gabrielle Coleman, “The Hacker Whistleblower Spy”. Uh, which was the great book on Anonymous from 2014, that those kinds of works coming together just felt like a really wide field that needed to be kind of drawn together.

And it really came into that phrase that you used in the introduction around, you know, what is the, the cultural consequences of cybersecurity? Because I think this industry is having increasingly important impacts on, you know, the ways that we behave and, and the kind of lives we live online. 

Justin Beals: Yeah, so amazing. I always really enjoy the cross-connect, you know, how we can conjoin different subject areas to create new information about what's valuable or perception about what's going on in there. And there's certainly a lot of things that resonate to me about this. You know, one is the building of the thing.

We've had a discussion internally as we you. And I think externally as well, as we think about engineers, there was a time we were rapidly trying to get new software engineers, and we had a lot of boot camps and interesting educational tools kind of pop up. But one of the things I kept noticing is that we'd get people that were excited about a job, but they didn't have that passion to build something.

It's interesting. I don't need the deepest amount of technical expertise, but what I really need is someone that loves to build because they will go pull the manual out and figure it out. And that, I think, was the original, to me, part of the, that hacker ethos of, if I want to play this computer game, I've got to copy the code out of the magazine to play it.

There's no other way to get it into the computer. 

 Aaron Mauro: Yeah. And for me as, as an educator, there's an interesting kind of relationship, right? There's kind of an old phrase, you know, you don't, you don't learn to hack, you hack to learn. And so building and making an application is just this inherent. Problem solving exercise where, you know, you don't know how to make something from beginning to end, but you figure it out along the way.

And really it's about the application of, of a broader sensibility that, you know, I'm trying to articulate as something around a broader sense of digital literacy and hopefully that literacy carries with it a pretty strong sense of security and what it is to kind of behave online in a way that, you not only protects yourself but is kind of generous and is a way that is follows that kind of golden age of the web where we like to share online.

And I think, you know, like open sources is one of those. Those kinds of, I guess, ethos is that that kind of resonates beyond software and really has a lot to do with the way that we share culture too. 

Justin Beals: Yeah, we have a lot of listeners that are maybe coming more from an engineering background, more from a technical background in working around security.

I'd love if you could just help us express, you know, what are the humanities or even, you know, how should security experts think about the humanities as. impacting the human condition or their work? 

Aaron Mauro: Yeah, this is, you know, it's a huge question and it's, it's an interesting one, like, you know, your own backgrounds with the humanities training and I happen to know that there are more than a few graduates from humanities programs working in security.

 It's something that I think, you know, your listeners will identify with. But, you know, the humanities are, they sound stuffy and they're often defined by university departments, right? Like we have literature and theater and film, philosophy, history, dance, games now. But it's, you know, I tell my students that it's all the stuff that makes life worth living. It's,  the good stuff. It's the stories that we tell and the things that we hold on to and the things that we want to share. But the discipline that I'm a part of this digital humanities, right? We have this. This kind of additional tag that goes along with it. It really seeks to solve problems for those who want to study culture, right?

And they want to use computational methods to help solve some of those problems. And, you know, what are problems that humanities people face? It has a lot to do with the transition to the web that We have a really a generations long project to digitize the human cultural legacy, and it sounds grand, but this work is happening in places like galleries and libraries and archives and museums as well as universities, and it's really made possible by the very fact of the web, the fact that it exists.

It means that now we have to make things available, not just so that they're preserved for the long term, but that increasingly if it's not available online, it almost is like it doesn't exist, that it can be trapped in the analog. And so for a lot of the work that we're doing is we're, Invested in making things available in what we, you know, think of as a, as a kind of a cognate or a related movement to open source.

And we think of this as open access. And so the digital humanities is very much invested in open access and making things available to people. As well as studying now digital culture as it happens because not just the, the old things, the things that are trapped in books and museums and archives, but that a lot of the work that we do is to study, you know, the apps and the games and the social media, the data that's generated just by people inhabiting these digital spaces, as well as the software that's being generated.

So there's a whole. Subdiscipline of critical code studies where we're reading things and understanding source code, which is becoming more and more important, especially with the proliferation of, you know, we have to say it artificial intelligence now and really understanding these things is part of that kind of opening up of literacy for us.

And it's a big problem, right? Like we have a lot of issues with just being online, not least of which are kind of trust and or the erosion of trust and misinformation and that the humanities is kind of predicated on really a good faith argument, the ability to exchange ideas and misinformation really kind of blows that process up.

And so for us in the humanities, we really do want to kind of help foster a space where meaningful cultural exchange can happen. And, you know, there's a few kind of humanistic perspectives here that I might, you know, just want to share. Here's, you know, like maybe a few, but you know, that security culture, the, the ideas around what it is to make, you know, a well authenticated, well secured space is an expression of values, right? Like what and who we protect assigns a kind of value to it. And those that we leave outside that circle of protection are inherently kind of, you know, left out. And so that's, that's a big question for us. You know, there are, there are issues around the cultural context of attacks and, and things like that as we're studying some of these big events, you know, like we've had a couple with, you know, CrowdStrike and, you know, Snowflake and things like that, that the attribution of, of these attacks are increasingly, you know, situated within a cultural context, a kind of history of political ideology that drives attackers.

And I think that the humanities has a lot to add to that as well. And so there's, there's thinking around us that I think, you know, we, we might be able to, as we build this crosswalk between disciplines, between security as an industry, as a, as a way of thinking and the humanities as, as this long running project that, that might help to augment and shape the way that we, we do this work and maybe bring some, some more people on board.

Justin Beals: So thinking of the the security world in general and its engagement around the humanities, I think we can cast a long net when we think about open source movements, freedom of information, early hacker culture, you have a phrase, a statement in your book. I'd love to read it. It says “social and cultural change will emerge from communities best able to develop, deploy and operate systems securely without corporate dependencies or direct government control” you know, this really resonated with me because it seems the apotheosis of our current state of the Internet, which does feel 90 percent corporate controlled, you know, 10 to 15 percent government control. And I think we're reaching to the government to try and change things.

But you put forward the idea that neither of those entities are really going to give us the opportunity for change that we as a community might need to go through.

 What are your thoughts, you know, about this breakdown in our relationship between corporations and government as a community? And, and how do you think those relationships should change so we can be positive about the future together?

Aaron Mauro: Yeah. And again, it's a difficult kind of space to enter into right between kind of governments and corporations. This is the, you know, the way that we, we access things. And I like to go back to, you know, really foundational language, you know, and thinking about agency and what does that look like online and, and how do people, you know, retain autonomy online and ultimately if we are in fact digital citizens, how do we kind of express and use our freedom online and in in a global network? And  I don't think that there's anything simple about any of this, but I do think that we have to be, you know, really pushing for a broad-based digital literacy so that folks can take up that agency. And, you know, I say this, you know, maybe there's a kind of a two-part answer here for where we might be able to fit, you know, this space between, you know, government regulation and kind of corporate control.

But I can tell you that young people in my classrooms, especially as they enter university, the You know, in a different world than those of us who were born in the 1900s, as they say, which really hurts me on a foundation. But I think that some of us who can dip back into the kind of pre web world and remember what that was like, would be surprised to learn that, you know, students these days, people in their 20s, who are children of the 21st century, really don't know where their files are stored on their computer.

They don't really know that there's things that are stored in directories that are encoded and really that an OS is just a bunch of text files and that there's something kind of intuitive about understanding the layers of abstraction in a computer that Have I worry is increasingly lost in these seamless UIs, you know, productivity features, cloud storage, where everything is searchable and that students, you know, young people that I face might not be fully aware of what their systems are doing and how much metadata or what Microsoft likes to euphemistically called telemetry is collected, you know, and that awareness as it disappears.

It is part of where we lose a grip on on that sense of autonomy and agency online and you know like developers will think about this and they're when they're working perhaps in open source and they'll be pulling in something from a supply chain and they'll be thinking about their dependencies and and that is is, you know, another real risk where, you know, we're thinking about these very large ecosystems.

And even in that case, somebody who is quite literate and quite capable and building things might not be able to fully grasp where all of those tendrils lie. So we're all kind of victims of the increasing complexity and the way that a lot of that complexity can kind of vanish before us. But I do think that there's something really fundamental to those, that kind of, you know, Three ideas around agency and autonomy and freedom, but they're not merely something that we, we want to kind of talk about or hold on to, but that they can have real consequences.

A story that I talk about in the book goes back to the January, the events of January 6th and 2021, where, you know, a few thousand supporters of then-president Trump, you know, decided to protest and start a riot on Capitol Hill. We know the consequences of all of that, and, you know, there's some 400 criminal cases that were taken up afterwards, but those cases were made possible by a hack and it was called parlor tricks and I'm sure it's still on GitHub. I know I've cloned it, but that parlor tricks was the, a hack that was made really over just a few days afterwards, somewhere in January 9th after the riot on the Capitol where, you know, a hacker in their 20s by the name of Donk Enby on Twitter was able to download about 30 terabytes of incriminating data from Parler. And this was right in violation of the Computer Fraud and Abuse Act, surely, right? This is a hack that really was not technical in nature; it was basically just accessing an unrestricted API endpoint that the parlor devs just left open.

And so, you know, it was a moment where we exposed a lot of the bad behavior and some of these platforms where, you know, we see that, that the content on parlor was, was not cleaned, right? And retained all the GPS, uh, data. Um, they were serialized in order, and they had dates associated. So, all of that information was available.

And when that 30 terabytes was dumped, it became quite a moment. It became a moment where we had, you know, citizens building mapped visualizations of the riot. One of the ones that I really liked was Faces of the Riot. But if you wanted to go and look at it, probably what Parler saw was, was really one of the big ones, and it gave this view of this event that wasn't quite captured elsewhere. And it became the stuff of the criminal cases that followed afterwards. And it was made possible by someone who is still anonymous. A single actor, though, working in coordination with a group called Archive Team, who develops a downloading archiving tool called Warrior, which allowed for, you know, volunteers around that January 9th period to get enough bandwidth to download 30 terabytes from the systems.

And then you have, you know, groups like distributed denial of secrets who are hosting and sharing that data, that data, um, for the long term. So archiving it and holding it so that we can actually go back and look. And so that is the kind of, um, freedom that I'm talking about] where regular citizens can access and look at information.

There's really no breaking and entering. It's a matter of simply just knowing how to download. And, you know, in this case, it was a bunch of Python scripts, but it's the kind of action that allows for historical moments like this to be better understood. And so as a humanist, as somebody who wants to, to have, you know, the historical record retained as clearly as possible.

It's pretty valuable to me. So there's, there's a kind of solidarity with, with these kinds of people who take it upon themselves to, you know, maybe do something that's quasi-legal, but you know, it's also something that I'm glad we have. 

Justin Beals: It was one of my favorite stories in the book. Actually, I had not known how much of that data was pulled from Parler.

So I,  really enjoyed reading it and how much data was pulled, what type of community was required to make that information useful. And I do think that that resonates with what I might like to see. In a relationship with corporations that store my data and government, you know, as well, is that we want that, that transparency to be able to create a clearer understanding as a community of what we like and don't like about certain activities.

Well, one of my frustrations lately, Aaron, has been, I think, to your point of access, for example. And, data that we store, you and I both built file systems. We store data on it. We knew where to go look for that. You know, unless the cassette tape sat too close to a magnet, I was pretty much going to be able to get the data back off and onto my old tatty ran.

 But so much data is stored algorithmically now, right? Like one of the things I could see for new digital citizens is that they don't think about where they store that thing because they believe that the algorithm will provide it for them when it's useful. It's no longer a part of their universe. Someone else owns it at the end of the day. 

Aaron Mauro: Yeah, I think again, it's, it's a question of, of, I suppose, bringing people back to, to this history that, that is increasingly lost in, in the kind of seamlessness of, of what these UIs do, right? That I'm, I'm reminded of that, that Apple ad where, you know, the, the I'm not sure the young person was sitting in front of their tablet, and they, they ask, you know, innocently, what's a computer?

Because all they know is this, you know, big screen with the, you know, the soft user interface. And, and I  think that moment is one to be mourned and I think that we have to resist that. The moments where, you know, young people get curious, though, and I think that they are at least in my classrooms.

That's where they want to be. They want to be building things and, you know, really learning how things get made. That moment of curiosity is the one that I think that we should be, you know, really baking into our earliest curriculum and grade school all the way up so that we we you. Don't have things hidden behind this kind of slick UI; it's about understanding how things are really put together.

And I think from that on onwards, that really growing sense of curiosity will be, I think, what will save us in the end. It's, it's, it sounds like humanities to me, right? Being a curious person. 

Justin Beals: Well, you know, we say a hammer is looking for nails in our, in our product work. Sometimes. So I'm going to make a little bit of a bombastic statement here, but there was a portion of your book that really resonated with me.

So, you know, in your book, you described kind of the anarcho roots of the punk movement. And I remember my first copy of the Sex Pistols first album. I played it all the time at the skate park. Um, uh, but  you know, you kind of highlight that a lot of artists in the, in the genre felt that. Punk was dead the second an album like that got released into mainstream culture in a way. And here's my bombastic statement, Aaron. Do we need to kill the internet, or has it already died as, as you and I understood it in 1999? 

Aaron Mauro: Oh,I wish we could just turn it off sometimes. That's, that's for sure. Take a break. You know, it's, it's an interesting thing. Like I, I don't want to be too much of, you know, the nostalgic kind of person looking back and you know, valorizing dad rock as if it was, you know, better than what's going on now because it's not and I think the past is not better but we we live in a global village right let's like you know it's I'm thinking of you know Marshall McLuhan the Great Canadian kind of media theorist from the 60s, that global villages has really happened.

It's, it's a real thing. And it's brought us back to some of our more kind of base instincts. And this is what he predicted. And it's, it's good in the sense that it's, it really is an opening up all of that kind of nostalgia that we have for the early golden age of the web. But it has also in McLuhan predicted this, it's exposed kind of opposing viewpoints across the globe. And so we have  this extremism as a natural feature of simply being more connected. And I think that that is something that is, you know, Punk for what better or worse is, is not really a valid term, but I also know punk when I see it, so maybe it's a valid adjective.

But I was using that also to kind of describe, you know, the, the, I guess the, the cyberpunk genre that, that really is all around us. It's increasingly popular and you know, I talked about, you know, Buffy the Vampire Slay and things like that. But you know, like I'm sure people are listening, you know, it's like Devs The Expanse, Mr.Robot. Altered Carbon, Westworld, like these television shows are incredibly popular because they are a moment to meditate on the experience of technology. And I think that that's what, you know, cyberpunk does best as, as a genre. It's this, this kind of antagonistic force, where we are thinking about what technology does in relationship to some kind of human experience. t's that experience of,  Human humanity in the midst of technology. And so, in some ways, it's humanity and technology that are the countercultures that describe cyberpunk. And so we have a few things that come out of that genre That II think fit in with the the musical side of things too, right? Like a criticism of runaway corporate influence, ecological degradation, mass urbanization, cybernetics and global communications And In the midst of all of that, the genre cyberpunk is able to still tell something deeply human.

And I think that those are those moments that, that I want to get to when we're, we're looking at something that is science fiction, that's speculative, that is something that can give us, you know, a window into our current experience. And, you know, it's I, you know, sitting in Canada, in the beautiful Niagara region, I come back to McLuhan,, who was really informative on a lot of this.

And if we think about, you know, his, his kind of model phrase, right, the medium is the message, the message of the internet is really about connection and sharing. But it's that sense of connection and sharing that also makes us vulnerable to malicious messages. And so maybe rather than kill the internet to come back to your original questions, we need to remind folks that the internet is not just One application layer, right?

There are many features that we can run on this network, and HTTP is just one of them. And so, you know, I really like the solid project that's been really advocated and touted by Sir Tim Berners Lee. And I think that that's a real step forward for securing data and digital identities on the web. We haven't really seen that find a footing yet with a major application, but I think that's a nice one.

And in the book, I also spent some time talking about IPFS, the interplanetary file system, which is a really interesting project conceptually as a, you know, an alternate application layer for the web. And so, you know, this is something that. Solves the latency problem by moving the web to the edge of the network as a peer-to-peer file sharing scheme.

And so the idea is that if you're on another planet, say the moon or Mars, you could send files to that location and then share them locally and so this is a different style of internet that has some real benefits And that it can not only You know solve that latency question if we move into the stars, but it also has this ability to kind of jump over You know firewalls or sensor, you know issues if you're moving into different countries And so this is a, you know, an interesting model for an alternative internet, a different application layer for the internet, that is a different way of thinking about how we share data and really is, is a way of, of kind of moving away from and making strange some of the assumptions that we have with this kind of centralized network where we assume that we're hitting a server and bringing back data,  which I think is. It doesn't always serve the users in the best possible way. 

Justin Beals: You know, I'm struck by a couple things. One is you talk a lot about, stories and cyberpunk stories in your book. And one of the things that struck me is when I read them a while ago or was, really the genre was just coming into play.

I thought, oh, this is all quite futuristic. It's, you know, very rarely, are we right about the future, but so much of it has turned out to be the things we built, or the way we expected them or the issues that we're seeing in those challenges. And you talk a lot about story authoring, and in here, I think when you talk about the interplanetary file system, we're telling a future story as well through code in a way through a network architecture through an aspiration that we want to see as humanity, and that information is available as humanity continues to spread out.

Aaron Mauro: Yeah, it's, it's one of these things that I think we, we need to be, I think that that sense of curiosity where, you know, the world that we, that we experienced on the, on the daily online is not one that's shared with everybody on the globe, you know, as part of that conversation in the book about the interplanetary file system.

I also talk about the El Paquete in Cuba. That the Alpacat Seminal is this weekly package that's that's shared in Cuba because of the similar constraints around, you know, having enough bandwidth censorship and all the rest. And so what has happened in Cuba is that, you know, one terabyte USB drive.get loaded up every week with movies and articles and ads, even local ads for, you know, Cuban businesses and things. And really everything that you would expect from a week of internet activity is put onto a static one-thumb drive and passed around and shared for a reasonable amount of money. And that again, experience of the web, though, it's not necessarily the case now, but in the early, you know, in the teens. Maybe a decade ago, this was certainly much more common in Cuba, but as a model for data storage and data sharing as a community model, there's a kind of resiliency there and that that kind of hacker ethos, right?. if we can use the term is is taken up to solve a very real problem. And the in the solving of the problem, there's a community that's created, there's an economy that grows up around it.

And I think that that's the kind of, you know, like innovation and thinking that is, is coming from a place that is not at all the kind of web that we experience daily, but I think could have some real lessons if kind of translated into different contexts, like the one that we live in with, you know, 24/7ubiquitous web that's mobile and, you know, constantly in our pocket. So I'm, looking to different structures. And as you said, a kind of philosophy that comes out of code almost, that they can give us a different way to think about the web because, you know, it's a pretty flexible space if we want it to be.

Justin Beals: Yeah, at least I think that's what  I did want it to be when I first started building websites a long, long time ago, there were three major concepts. I felt like in your book. I'd like to touch on them briefly because I think they capture something I'd like to see. The first one is privacy is increasingly the most valuable digital service.

And a broad societal awareness of cyber security practices will be required to achieve economic stability and political sovereignty. I haven't really cap. No one has captured that in such a clarifying way as to why privacy is valuable. My question about this statement is a little bit economic. Do you think that, especially the students that you're teaching the future buyers and decision-makers of economic decisions, are they weighing privacy more heavily than you or I did? Aaron 15 years ago. Is this part of the buying decision? 

Aaron Mauro: Yeah, it's there's, there is certainly a sense that they're my students, you know if I can speak to them for them as a group, you know, for, what it's worth, I don't want to, to kind of lump them together, but they, they are pretty savvy, I got to say, like they, they know what world they're in, but there's a sense of, of resignation that gives me some, some pause, I suppose, that, that it's really difficult to change The current market, there's it's a it's a difficult space to kind of move beyond and so you know, you do kind of Situate yourself in in a platform, right?

You become part of Google, you become part of Microsoft or Apple, and these companies you kind of Capitulate to in a way that just kind of makes your life easier, and it's a necessary evil. And in all of that, I think that privacy is one of those quantities that are qualities that maybe we have lost a sense of what it's really worth because we do give it up quite easily.

And there's a sense that if, you know, you argue for your privacy, what are you trying? What are you hiding? And, or that you think that you're pretty important, that you need privacy when, you know, you're a 20-year-old kid. But those 20-year-olds, as you said, will, you know, become the leaders of tomorrow, and I hope that they really do.

And there will be a whole trail of digital footprints that are retained by companies on them. And I think that this is concerning to me in a pretty practical sense. I, in the book, again,I bring up a 2018 video from Google that was called “The Selfish Ledger”. I don't know if you remember this.

And it was a futuristic, admittedly, not a product video, but a, uh, an imagined. Imaginary kind of world set forth by Google where they proposed a ledger on the self that that all the data collected from, you know, your smartwatch and your phone and all of your browsing and purchasing behaviour would be collected into not just a profile for an individual, but an intergenerational data set that charts every aspect of your life from birth, um, your health, your happiness and productivity.

Um, and if that could be charted in the video as they describe across generations, that they might be able to solve really intractable problems like, you know, depression, health issues, poverty, and it sounds great, but this is a dystopia where privacy is completely been removed from, from any sense of human experience.

Um, It sounds, you know, a little bit far fetched, perhaps, and even in Google's own, you know, discussion of it, it was never intended to be more than a thought piece. But we, we really do have a moment where the reality of someone's life has been captured from beginning to end. And it's not necessarily even being processed by humans.

It's not necessarily even being held but by these kinds of non-human entities. That are being now trained on this data where we have companies that, you know, and  I go back to this author, Ed Finn book called “What Algorithms Want”. And he more or less describes these companies as really just like a stack of algorithms in a corporate trench coat.

They really are, you know, a system that is to facilitate the growth and maintenance of certain algorithms, and in Google's case, you know, PageRank is just one of them now. And so what, why does this matter? Well, it really defines our relationship to the economy, where we maybe are no longer, you know, part of a Productive kind of exchange between, you know, a reciprocal exchange with these companies, but instead are being farmed or mined for our data and the return to society is less and less.

And so this is the real concern for me here is, is that you know, with the loss of privacy that it's a loss of our of again of our ability to have a kind of agency. That is free from, you know, kind of this interference. 

Justin Beals: One of the next concepts that you present, and I think it is an attempt for us to ameliorate some of that power differential, is you say, programming is a fundamental literacy of the 21st century.

The ability to make, manipulate, and circumvent data harvesting systems will be a critical skill. Certainly, knowing how to program as well as write effectively has been a critical skill in my career, but I think what you're proposing here, you can tell me if I'm wrong, is that we're nearing the point where everyone needs to know how to code a little because you're going to need to find a way to manipulate these systems to your benefit.

Aaron Mauro: Yeah. And I think the, you know, the story that I told around parlor tricks is a good example of that, you know, being in the right place at the right time with the right skill set, we'll have. You know, historical consequences. And no, I'm not saying that, you know, that everybody needs to be, you know, some kind of super hacker with a VR headset.

That's kind of far-fetched, right? But there, there is that broad-based literacy that  will be needed. And, you know, I  find, you know, inspiration in the open source intelligence community, actually groups like Bellingcat founded by Elliot Higgins, you know, the open source intelligence community is not really doing a lot of programming though. They're developing software and things to support their teams But these are also just very perceptive people who are using tools and accessing open information that's available, you know, like Google Earth and and things like this that that are really there for checking things.

And so, like Bellingcat, you know, spend a lot of time investigating war crimes in Syria. You know, they've really well-reported issues within Russia with Alexei Navalny and, you know, the Novichok poisoning incidences. And so these are these are moments where, you know, we've had moments of historical consequence that are being recorded again by people who are simply paying attention.

And that even in all of this, that coding absolutely is a, is a key piece of it, but that it's also in an age of disinformation. They remind us that, you know, facts are surprisingly abundant, and they're easy to come by. And so that, that kind of, gives me a lot of hope for the kind of literacy that we're talking about.

And, you know, young people know how to go deep on social media, and that's a real skill. And I think that that's a good one. But, you know, even open source intelligence and its kind of explosion on Twitter, pardon me, X, I guess, you know, that it's, it's one of these things that is also being co-opted because it has that illusion of truthiness.

And so Bellingcat's been even doing a lot of work to kind of debunk the and warning that a lot of these open source intelligence accounts are are really not doing good citizen journalism. They're kind of not citing the original source, they're not archiving it, they lack context, they're editing the footage and manipulating it, posting before verifying.

So, a lot of these standards are not being really accounted for. And so, you know, it's another example of why we can't have nice things that, you know, as soon as we have one process that's, um, or methodology that is taken up to do some good, it tends to get co-opted by bad actors, but again, it's, about having that awareness of that, that overall ecosystem and not looking at things, uh, at face value. So having a critical sensibility really matters. 

Justin Beals: Third element is, um, speculative [ fiction has long been used to express ethical questions and imagine possible futures. And, I think one of the themes that is very hope-giving in your book is about how humans are an element of change when it seems like we can't, and we tell stories to help us see what that change would be. So my question for you, Aaron, is, are there any authors or fiction books that you're reading that are futures that you maybe look forward to, or, or feel like, have some, some vision of what we may want to be? Yeah. 

Aaron Mauro: Well, you know, the book recommendation, I could, you know, I could go on.

I actually picked up the other day, the big book of Cyberpunk by Jared Shuren. I'm holding it in my hand right now. And it's, it's a collection. So it has things from a lot of periods of time, but it doesn't have a lot of repeats. And so this is, I find it a really nice collection. And the one that I actually ended on before coming on with you now is the short story from 2014  called “Patterns of Murmuration in a Billion Points of Data”  by Nian Yang. And this short story is really evocative to me in the era of, you know, large language models and this chat interface with, with AI and the story, not to give too much away, is about this, this AI that is this distributed intelligence.

It uses the first person plural we when it describes itself, and it's, Its mother is dead. And so it's, it's seeking answers as to its, the destruction of its creator. And we get these little windows into the human operator as they chat back and forth. And we see this, this artificial intelligence kind of moving through the web and, you know, being a bit of a citizen journalist in its own way.

And so this is a pretty evocative story, and it anticipates a lot of the things that I think we're looking at now.  Maybe there's, there's things happening in these systems that we can't anticipate. Of course, it's science fiction and it's fun, but that's definitely one to pick up., I found it pretty shocking.

Justin Beals: That's excellent. Aaron, before we wrap up here, we know you have a new book coming out very soon. “The Language of Cyber Attacks”. And just give us what, you know, when could we look forward to that book being released and anything you'd like to say about the meaning of the book or the content. 

Aaron Mauro: Sure. Yeah, no, I love this question. So the book's available September 5th, 2024, on Bloomsbury. com. It's about 25 or 30 bucks, depending on your currency. And in it, I describe security rhetoric as a way to test malicious messages in spam and social media and social engineering attacks. And it really is a follow on on hacking in the humanities.

And I, you know, use it as an opportunity to really take issue with some of the, you know, pop psychology that's been used to support some of the writing on social engineering up till now. I described how, you know, a look at the language of a cyber attack, the lures that are used can be pretty influential in the attribution of a cyber attack, and I also, in the final chapter, I studied the Conti leaks affair, which was the moment.

Where we got that big dump from one of the really the most terrible ransomware crews operating at the time they were attacking hospitals during the pandemic and devoted themselves to Vladimir Putin at the opening of the invasion of the war in Ukraine. But a Ukrainian national in Kiev was able to gain a foothold in their infrastructure and dumped all of their software and chat logs for many years. And it was a moment to really see how the attackers were operating, see their, you know, their techniques and processes. But in it, I think it really also made an argument for, you know, a more kind of cybersecurity where I'm really thinking about moving away from the war metaphor, away from attackers and defenders and starting to see that, you know, a lot of the low-level operators in Conti that we were able to see in the chat logs were not much better off. They were, they were pretty hard pressed and, and were, you know, there were criminals and kids, but they were also victims of a pretty large system. And so I think it was a, it was a window into, you know, the criminal world. Kind of cybercrime that I think gives us a sense that it's not merely attackers and defenders, that there's a lot of forces at work.

So that was, I think, a pretty important move that, that let me kind of describe a broader sense around what, what's happening online when you think about the beginning of a cyber attack and how that occurs with Allure. It's [00:52:00] coming out soon and yeah, and I think it's, it's a, it's one to look out for. 

Justin Beals: I'm very excited to read it  I thoroughly enjoyed “Hacking in the Humanities”. Thanks for being a great guest on the podcast today, Aaron. We appreciate you joining us.

Aaron Mauro: Thanks very much. Justin. It's a lot of  fun.