August 11, 2022 • 31 mins
Eva Galperin has been referred to as a “Hacker Hero.” She is the Director of Cybersecurity at the Electronic Frontier Foundation and technical advisor for the Freedom of the Press Foundation. She is the Cofounder of @stopstalkerware.
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:03):
I'm Sam Edis and I'm Amy Nelson. Welcome to What's
Her Story? With Sam and Amy. This is a show
about the world's most remarkable women, their professional and personal journeys. Together,
we'll hear from gold medalists, best selling authors, and leaders
of the world's most iconic brands. Listen every Thursday or
join the conversation anytime on Instagram at What's Her Story Podcast.
(00:30):
Eva Gabrand has been referred to as a hacker hero.
She is the Director of cyber Security at the Electronic
Frontier Foundation and Technical Advisor for the Freedom of the
Press Foundation. She is a co founder of Stop Stalker.
Were so, Eva, how did you become interested in privacy,
in free speech in this entire world. I am an
(00:54):
immigrant who came to the United States as a child
with my family from the Soviet Union, and so all
of of my most sort of foundational memories are built
around this notion that we left a place with no
civil liberties to come to a place that had more
(01:14):
of them, and that the protection of those liberties was
very important. Life in the Soviet Union was always framed
as you know, this place where you had no privacy
and where you had no free speech, and that these
were extremely important values that that we needed to protect.
And so I guess I I I really internalized that
(01:37):
growing up, and then your interest in technology really started
very early on. Tell us about that. We left the
Soviet Union and then we landed in uh in Silicon
Valley in the eighties. My mom was a geneticist, and
so she came to, you know, San Francisco, had worked
in biotech, and my dad was an engineer, and so
(01:59):
he came to Silicon Valley and worked at a series
of tech companies, and as a result, there was always
tech around the house and I was I was online
at a time when most children were not. When there
was an Internet, but there was no web, and it
was assumed that if you were able to speak to
(02:20):
other people over this Internet, that you were at least
in college and probably using like your first college account.
And in my case, that is not what I was doing.
I was actually using modem and one of those little
VT one hundred green screens that you used to see
in libraries to place a phone call to my dad's
(02:44):
desktop machine at Sun Microsystems in order to contact the
rest of the Internet. And so my first experiences online
all required me to sort of have a strong understanding
of how the inner net worked. That brought me, you know,
a lot of the fundamentals that helped me land my
(03:05):
first jobs. But how did you sit down in front
of that first computer. So one of my friends had
found some sort of like chat group on Prodigy relating
to you know, our favorite fantasy and science fiction series.
And I came to my father and I said, Daddy, Daddy,
can I get Prodigy so that I can you know,
sit around talking about dragons. And my father said, no,
(03:28):
Prodigy sucks, and he got me a Shell account on
his computer and showed me how to use news groups
and use net. So take us to your first job,
I guess. My first computer job was during my freshman
year in college at UCSC. I worked for a company
(03:50):
in Sunny Vale doing a sort of a desktop administration
of Windows machines and also a bunch of you know,
Unix ad illustration on a lot of Solaris machines as
some network administration. And the reason that I was able
to do this was because I had seen all of
these things before, and I had spent a bunch of time,
you know, building my own computers and I already understood
(04:14):
how networks worked, and so all I had to do
was just sort of expand that knowledge out into you know,
how how do you look after many machines at once
instead of just the one machine that you have in
your house. And that turned out to be such a
useful skill that eventually I was like, wait a minute,
what am I going to college for again? And I
(04:34):
dropped up. Some people have called you their hacker hero.
How did you go from where you were then to
becoming the cyber hacking superstar that you are today? Well,
I don't want to leave people with the impression that
it is just a NonStop rise to power, where you know, I,
(04:57):
as a as a vonder Kint mastered the inner No,
none of that is true. I I dropped out of
school in order to go work a steady tech job,
and my parents were appalled and they were like, but
you need to go to college, and so I told them, Oh,
don't worry. When this bubble bursts, I will go back
to school. And I was lying. But the bubble did
(05:19):
burst because I I have lived in Silicon Valley for
a very long time, and I have seen many bubbles
come and go. So the bubble did burst, and no
one I knew had a job in in the early
two thousands, and certainly I did not have a job.
And I turned around and I went back to school.
I got a degree in international relations and political science.
(05:43):
I spent two years studying Chinese and my intention was
to go to law school next and become a lawyer.
I'm like, well, you know, this computer stuff really isn't
working out. And I was. I was just about to
go to to law school and gotten into law school.
And the guy that I was I was dating at
(06:04):
the time said, you know, I I don't want to
leave the Bay area. The law schools that you got
into are far away. So I've just started a job
at this place called Twitter, and I think it might
go somewhere. So can you just like give me a year,
Just go get a job somewhere, give me a year
while we work all of this stuff out. And he
(06:26):
went to go work for Twitter, and I went to
go work for the Electronic Frontier Foundation. And my job was,
you know, extremely high powered and technical. It was my
job to answer the phone. I answered the phone at
e f F in two thousand seven, which was shortly
after the Civil Liberties Organization had filed a lawsuit against
(06:48):
A T and T for its part in the n
s AS warrantless wire tapping program that had been going
on since two thousand three. This was a Bush era program,
and that meant that we had a lot of people
contacting us who were are concerned about government surveillance. And
some of those people had really interesting cases, and some
of those people were in need of a therapist. And
(07:13):
it was my job to tell the difference between these
two kinds of people and to very patiently sort of
corral both of them. And that was something that I
that I did for several years, and it really gave
me a strong background in all of e f f
S different issues. I I learned about copyright, I got
(07:35):
to apply my international relations skills, I got to apply
my uh my language skills, and also my technical skills
when it came to know understanding how this kind of
surveillance worked. This was also the UM the height of
the m p A and the r a S efforts
to sue mostly college students for pirating UM movies and music,
(08:01):
and so I was also caring from a lot of
people who were only a couple of years younger than
I was, who had these, you know, terrifying letters that
were coming from the r A and the n p
a A saying, you know, give us thousands of dollars
or we will sue you into oblivion because you downloaded
a movie once or you downloaded an album. And so
I spent some time working on that as well. There
(08:22):
was actually a really interesting thing that happened while I
was doing this job, which was there was a a
law firm that came up with this interesting scam where
they would upload files to the Internet purporting to be
various types of porn, and then they would see who
(08:44):
downloaded it, and then they would send threatening letters to
that person saying, we know you downloaded this porn and
unless you want us to sue you a lawsuit in
which the title of this porn allowing people to know
embarrassing things about your taste in pornography. Unless you want
us to to file this lawsuit, please give us two
thousand dollars. And they sent out thousands and thousands of
(09:08):
these letters. It was a tremendous scam. So those were
my first experiences dealing with people who were being unfairly
surveiled unfairly targeted with vulnerable populations, with people who were
really scared and feeling powerless, and we're having their worst today,
and would then reach out to me. Were you comfortable
(09:30):
or how did you go about taking that role of
answering phones into really analyzing what was coming through and
these massive early issues with the Internet. Well, part of
it was was just the act of repetition. Once you've seen,
you know, several hundred different examples of the same issue,
you get really good at triaging it very fast. And
(09:52):
when you have accurately triaged things for for your legal
team or for your activism team, you know, consistently for
the better part of you know, a year or two
or three, than your peers start to trust your judgment
and you you know, kind of build up that kind
of rapport. But really it just came from doing it
(10:13):
over and over and over again until I got very
good at it. The work of answering the phones that
the Electronic Frontier Foundation had prior to me been a
job that famously burned people out. It was very rare
for somebody last more than a year doing that. Why
weren't you burned out by that job? I think I
just had a you know, text startup kids capacity for burnout.
(10:41):
I had a very different idea about what qualified has burnout.
And I'm not going to tell you that that was healthy.
It absolutely was not. I think the one of the
things that's really changed at e FF, and in fact
in just in workplaces in general, in the many years
have gone by since I since I did that job,
(11:03):
is that we have a lot more understanding of the
psychological impacts of doing this kind of work, and an
understanding that you can't expect people to deal with with
other people's trauma four seven every single day and now
a quick break even there was an incident at your
(11:28):
work that led you to really focus on cyber stocking.
I spent many years focused on the privacy and security
needs of activists and journalists, largely in North Africa and
the Middle East. A lot of this was happening during
the Arab Spring and sort of the years after the
Arab Spring. But in lateen early it became known that
(11:56):
my primary collaborator on all of the security research that
I was doing was a serial rapist. He had been
running around raping women for decades, and in January, I
think of an interview came out with one of his survivors,
and she was just terrified. She was really, really scared,
(12:17):
And everybody else in that article was really scared. And
they were scared of him, not just because he had
been raping women for several decades, but also because he
was a hacker, and they were afraid that he was
going to compromise their devices. So they all had their
you know, their microphones covered, and they all had their
cameras covered, and they were they were terrified, and I
(12:39):
was so mad. I got so mad, and I didn't
want anybody to ever feel that way again. And as
a result, I I started a project that was aimed
at the sort of commercial spy where that these kinds
of abusers use in order to stock their victims, and
I co founded an organization called the Coalition against Stalkerware,
(13:02):
and we've and working on this issue ever since. You
need an example to our listeners as to how it
all works and what it means to be cyber stocked. Well, Uh,
there are many different forms of electronic surveillance are stalking.
But the particular thing that I chose to focus on,
because it's so invasive and also very easy to do, UH,
(13:23):
is stockerware, so there is commercially available UH software that
anyone can find or purchase that if they have a
physical access to your device and they have like your
user name and password, which is an extremely common combination
of things. When you're dealing with somebody who is who
(13:45):
is abusing you, what the abuser does is they simply
grab the other person's phone when they're not looking, download
the stalker wear onto their phone, and then the phone
covertly ex fultraits data from the phone, usually to a
website which is run by the company that makes the
stoker wear, and then the abuser pays a monthly fee
(14:08):
to the stalker wear company in order to get that
get access to that data through a portal. You have
been vocal about trying to come after the executives from
the soccer wear companies, because presumably this is one of
the worst possible ways to to be making money in
this world. How have you been successful at that? I
(14:32):
have had some success when it comes to going after
the stoker wear companies themselves. I am very careful about
how how I do this because I am myself a
security researcher, and so I want to be really careful
not to use any of the tools that are used
to sort of persecute security researchers for doing our thing,
(14:56):
even against bad people. Uh. And I want to make
sure that I don't create any bad precedent that can
then be used to stop the kind of work that
I do. But in addition to the fact that stoccer
ware is very bad, it is often very poorly made,
it's often really insecure. So not only is your data
available to your stalker, but sometimes these portals leave data
(15:20):
open for anybody to see. And I have managed to
convince the FTC to take action against to such companies
that ended up behaving in this way. You've gone up
against some really powerful companies and powerful people. Have you
ever felt afraid? Have you faced me backlash? Before I
(15:40):
worked on domestic abuse, I was working on I was
working to support people who were being stalked by authoritarian governments.
And if you think an abusive partner is is a jerk,
wait until you are, say, going up against the Syrian government.
(16:04):
It's a very different kind of situation. And I have
been targeted before by a government that was angry about
my activism. The Vietnamese government actually sent me malware, but
I'm not scared because this sort of stuff is old
hat to me. I have been doing it for a
very long time, and it's just very difficult to frighten
me at this point, which means that I don't get
(16:26):
bullied a lot. What is your relationship to personal safety,
like in your own everyday life, not online? Well, a
lot of people are are surprised. They say, well, you
know I can find you online. I you know you're
using your real name. There are pictures of you. I
can see them, you know, I I know what city
you live in, and all that sort of thing you
(16:48):
use social media. I see that you have like an
Instagram account and a Facebook account whatever. And they say, well,
how dare you? You know, your privacy and security activist?
How can you can be how can you be doing this?
And the answer is that privacy and security are not
about living on a mountaintop throwing all of your devices
(17:08):
into the ocean, which is presumably located near this mountaintop.
It is about having control over your data and making
decisions about who you do and do not share it with.
And so my life is locked down, but it's not
so locked down that I can't move. I think one
of the most important things that we really lose sight
(17:30):
of when we talk about privacy and security online is
that you need some wiggle room. You can't just turn
around and leave the Internet. And that's advice that that
people give to survivors of domestic abuse all the time.
They're like, you're being harassed, you're being you know, you're
being followed, you're being stocked. Just just don't use the internet.
(17:52):
Just you know, shut down to all of your social
media accounts and never talked to your friends again. And
that's just more alienating. What about when you're just in
your everyday life, do you find that you're less trusting
of people? Given your work? I'm not sure what I
would use as a benchmark. I was never a particularly
trusting person. What is your personal life like when letting
(18:15):
a new relationship into your life? Are you more cautious
than the average person? I don't know. I don't have
an average person around to compare myself with. I limit
the kind of risks that I take, but I also,
you know, I live in reality where you have to
be able to communicate with other people and have them
(18:36):
be able to find you on occasion. I don't live
like a secret agent. Okay, so when you met your partner,
did you meet online? Or no? So you've never dated online? No? No,
I still meet people the old fashioned way where you
in meat space. I do not have any good advice
(18:57):
for trying to date online in the or of our Lord.
That seems terrifying. What is your relationship like with your
parents today? Really? Nice? Actually? I mean I did in
my mid twenties apologize to my parents for that the
(19:18):
entire time I was a teenager and now we get
along just fine, but I was, I was an exceptionally
difficult teenager. How would you define sort of the biggest
mistakes that most people are making when it comes to
exposing their own online world to potential stalkers or bad people. Well,
(19:42):
I think that the first thing people really need to
think about is so what we call threat modeling. So
you need to sit down and you need to think
about what you want to protect and who you want
to protect it from, because trying to protect everything from
everybody all at once is a good way to go insane.
It's just not practical. The other thing to keep in
mind is that the people that you trust today are
(20:05):
not necessarily going to be the same people that you
trust tomorrow. Abusers, for example, do not show up with
a great, big sign across their forehead saying hello, I'm
an abuser. They show up looking like the best thing
that's ever happened to you. And I think that it's
really important for people to understand the dynamics of abuse,
but also to understand how to lock someone out of
(20:27):
their lives, how to sort of take back all of
the permissions that they have given, and how to do
it decisively and quickly, and to to sort of practice
these skills in advance, because generally, when you need to
lock somebody out of your life, you are already in
a in a heightened state of panic, and that's not
(20:49):
when you want to be practicing tricky new skills. Now,
a lot of people feel like if a partner is
not allowing you to hold their phone and use their
phone and know their password, that they're hiding something that's
sort of the converse to you know, being protective. What
do you think about, I mean, does your partner have
(21:11):
access to your phone? Oh? Hell no? Okay, will they
ever know? Not their phone? So in twenty years he
would never be able to just use your phone to
look up something on the Internet. Is his phone broken?
Did something up to his fingers? Me? What if you're
going on a road trip and he forgot his phone,
we would chart around and go get it. Okay, So
(21:33):
there is no circumstance under which he can use your phone.
I mean in some sort of situation where like terrorists
are going to destroy the world unless I hand him
my phone. Sure, but for the most part, you know, no,
I have my own devices, I have my own privacy,
and there's no reason I would ever have to give
(21:55):
access to that stuff to another person. If I want
someone to have acts us to one of my devices,
I will set up a separate account for them that
they can log into in order to get to that
a device. And the same thing happens with you know,
all of the electronics around the house. You want access,
you can have an account, and when it's time for
you to go, I can change the password on that account.
(22:17):
I could lock that account out. I can delete that account.
But you don't get mine. And now a quick break
in gave a ted talk that you know has over
three million views. How did that change the tra doctory
of your career? I was actually kind of surprised. I was.
(22:39):
I was approached by Ted to give a talk, and
they sort of shrugged when I asked them what I
should talk about, like they didn't care. I just wanted
me to get up on stage and say stuff. And
I was like, Okay, alright, fine, I'll just talk about
this this thing that I'm currently working on. And I
didn't expect for it to st such a nerve, But
(23:03):
I think it was really just the combination of the
technical problem that I was working on, combined with the
kind of human interest story of all of these people
who are being targeted, combined with the human interest story
of I got so mad I decided to destroy an industry.
What are you working on today? Well, right now, I
(23:24):
have just spent a bunch of time working on physical trackers,
so like tiles and air tags, I am not destroying
the industry. I'm trying to get the industry to agree
on a standard that they will then publish so that
the people who make phones and other devices can build
sort of tracker detection directly into those devices that will
(23:45):
work all the time in the background, so you don't
have to like specifically download an app for every single
different type of tracker and then run a scan for
every single kind of tracker, because that is a health scape. Uh,
and that's sort of where we are now. The other
thing that I'm king on right now is uh, privacy
and safety for people who are seeking abortions and who
(24:06):
are doing abortion support. That's definitely my my last couple
of months of work and trying to come up with
with best practices for people, and also really bringing these
issues up to people who are working in tech or
making products and who are making platforms and get them
to think about how they are going to protect users
(24:26):
who are traveling to abortion clinics or searching for information
about abortions, or who are simply being prosecuted for their
pregnancy outcome, whether it was an abortion or a miscarriage.
And a lot of the danger to people in these
populations isn't widespread now, but I have spent a lot
(24:49):
of time working in authoritarian countries and watching laws get
past very quickly and watching the the entire threat landscape
change very quickly. And when you build a platform where
you build a tool, it's really hard to turn that
ship around fast. So I want them to start turning
(25:09):
it around now before it becomes necessary. You've said that
you were a difficult teenager. If Eva was a teenager today,
her parents would have Life three sixty and be tracking
her every move, how fast the vehicles she's driving in
or going. What are your thoughts on all of these
(25:29):
parental tracking devices that are now sort of the norm. Hilariously,
my parents wouldn't. My parents gave me a tremendous amount
of freedom, partially out of out of respect for my
need to go figure out who I was and what
I was doing, and that caused the great deal of anxiety.
(25:51):
But they did it. And part of that, I think
is because kids now grow up in a much more
heavily surveilled in environment then I did. I grew up
during an era of latch key kids, where it was
totally normal for kids to come home from school, let
themselves into the house, microwave up some ramen, possibly feed
(26:13):
their younger sibling, and then somewhere around eight or nine,
a very tired parent comes home. That's not what parenting
is like now. It's very different. So I think that
that that sort of comparison is just sort of unfair.
As for parenting apps, I think that parents should give
their their kids some room to grow and some slack,
(26:35):
but at the same time, if you are gonna watch
your kids and what they're doing online and what they're
doing on their various devices. There are are two bits
of advice that I have. The first is, don't lie
to them. Don't lie to them, don't fool them. Make
sure that they understand you know exactly here are the
tools that I am using. Here is the information that
they get. And the second is to talk to your
(26:55):
kids about being responsible online and how to look out
for threats themselves and make sure that they're comfortable coming
to you with problems. Like do some parenting. I think
that there is a there's a sort of authoritarian bent
in parenting right now. That's kind of idea that you
have to run your house like a police state and uh,
(27:18):
and you don't if you think you've got to fool
your kids. There are other solutions which which seemed like
they would probably be less harmful in the long run. Sam,
do you want to go to the speed round? Yeah?
What book are you reading right now? Right now? I
am reading a book called Braiding Sweet Grass, which is
about combining notions about science and environmentalism with the author's
(27:45):
experience as a native American growing up in the United States.
What is your morning routine. I wake up in the
morning and I have first coffee. No mental effort happens
before first coffee, and then I just sort of stagger
until I manage second coffee. I'm not a very good
morning person who leaves you star struck. Probably the last
(28:08):
time that I felt that way was I E. F. F.
Gave a Pioneer Award to William Gibson, and I stood
in the same room as the guy who wrote all
of the science fiction that really influenced a whole lot
of my early childhood, and I was extraordinarily impressed. But
mostly I was impressed not only that he wrote all
of these books that influenced me very much at an
early age, but that he is writing books now that
(28:31):
I feel are very much at the top of his game.
Because what he does with science fiction is what what
any good writer does, which is that people think you're
describing the future, but all you're really doing is describing
the present with a really discerning eye. And so he's
an amazing observer of the present. You're clearly very fearless.
(28:52):
What is your greatest fear? I've tackled so many of
my fears by just sort of throwing myself into them.
There are people who are afraid of public speaking, so
I took up competitive public speaking in college. There are
people who are afraid of heights. I am a circus arealist.
I do tricks thirty ft up at the euir upside
down and spinning until I'm not afraid of heights anymore.
(29:15):
But there are definitely is still still things that I
am afraid of, and I think that more than anything,
what I dread is is losing autonomy. I have a
tremendous amount of autonomy in my day to day life,
more than I ever thought that it was possible for
(29:35):
a person to have, and losing that would be, I think,
a really big blow. You know, years ago, I did
a book series called the Experts Guys Right two different things,
and I would always try to find the top expert
in every field, and certainly I would have approached Eva
(29:59):
for you know how to Protect Yourself Online chapter. But
I admire anyone who gets to the top of the
field like she has. I completely agree, and I think
with Eva. The thing that's even more interesting is she
is a woman who has really taken truth to power.
In a completely maldominated arena, right, all of those things together, like,
(30:20):
that's really hard, and in the national security arena, which,
like I don't know itself, is an intimidating place to be.
I thought the most surprising thing was how little fear
she has about her own safety and how little concern
she has for that. It really surprised me. I felt
like she was going to at least be a little
(30:40):
guarded about that, or or have some just practical concern.
But it almost makes you feel more powerful the fact
that she's not afraid at all. Absolutely Thanks for listening
to What's Her Story with Sam and Amy? We would
appreciate it if you leave her review wherever you get
your pot casts, and of course, connect with us on
(31:02):
social media at What's Her Story Podcast. What's Her Story
with Sam and Amy is powered by my company, The
Riveter at The Riveter dot c and Sam's company, park
Place Payments at park place Payments dot com. Thanks to
our producer Stacy Parra and our male perspective Blue Burns
I'm Sam Edis and I'm Amy Nelson. Welcome to What's
Her Story? With Sam and Amy. This is a show
about the world's most remarkable women, their professional and personal journeys. Together,
we'll hear from gold medalists, best selling authors, and leaders
of the world's most iconic brands. Listen every Thursday or
join the conversation anytime on Instagram at What's Her Story Podcast.
(00:30):
Eva Gabrand has been referred to as a hacker hero.
She is the Director of cyber Security at the Electronic
Frontier Foundation and Technical Advisor for the Freedom of the
Press Foundation. She is a co founder of Stop Stalker.
Were so, Eva, how did you become interested in privacy,
in free speech in this entire world. I am an
(00:54):
immigrant who came to the United States as a child
with my family from the Soviet Union, and so all
of of my most sort of foundational memories are built
around this notion that we left a place with no
civil liberties to come to a place that had more
(01:14):
of them, and that the protection of those liberties was
very important. Life in the Soviet Union was always framed
as you know, this place where you had no privacy
and where you had no free speech, and that these
were extremely important values that that we needed to protect.
And so I guess I I I really internalized that
(01:37):
growing up, and then your interest in technology really started
very early on. Tell us about that. We left the
Soviet Union and then we landed in uh in Silicon
Valley in the eighties. My mom was a geneticist, and
so she came to, you know, San Francisco, had worked
in biotech, and my dad was an engineer, and so
(01:59):
he came to Silicon Valley and worked at a series
of tech companies, and as a result, there was always
tech around the house and I was I was online
at a time when most children were not. When there
was an Internet, but there was no web, and it
was assumed that if you were able to speak to
(02:20):
other people over this Internet, that you were at least
in college and probably using like your first college account.
And in my case, that is not what I was doing.
I was actually using modem and one of those little
VT one hundred green screens that you used to see
in libraries to place a phone call to my dad's
(02:44):
desktop machine at Sun Microsystems in order to contact the
rest of the Internet. And so my first experiences online
all required me to sort of have a strong understanding
of how the inner net worked. That brought me, you know,
a lot of the fundamentals that helped me land my
(03:05):
first jobs. But how did you sit down in front
of that first computer. So one of my friends had
found some sort of like chat group on Prodigy relating
to you know, our favorite fantasy and science fiction series.
And I came to my father and I said, Daddy, Daddy,
can I get Prodigy so that I can you know,
sit around talking about dragons. And my father said, no,
(03:28):
Prodigy sucks, and he got me a Shell account on
his computer and showed me how to use news groups
and use net. So take us to your first job,
I guess. My first computer job was during my freshman
year in college at UCSC. I worked for a company
(03:50):
in Sunny Vale doing a sort of a desktop administration
of Windows machines and also a bunch of you know,
Unix ad illustration on a lot of Solaris machines as
some network administration. And the reason that I was able
to do this was because I had seen all of
these things before, and I had spent a bunch of time,
you know, building my own computers and I already understood
(04:14):
how networks worked, and so all I had to do
was just sort of expand that knowledge out into you know,
how how do you look after many machines at once
instead of just the one machine that you have in
your house. And that turned out to be such a
useful skill that eventually I was like, wait a minute,
what am I going to college for again? And I
(04:34):
dropped up. Some people have called you their hacker hero.
How did you go from where you were then to
becoming the cyber hacking superstar that you are today? Well,
I don't want to leave people with the impression that
it is just a NonStop rise to power, where you know, I,
(04:57):
as a as a vonder Kint mastered the inner No,
none of that is true. I I dropped out of
school in order to go work a steady tech job,
and my parents were appalled and they were like, but
you need to go to college, and so I told them, Oh,
don't worry. When this bubble bursts, I will go back
to school. And I was lying. But the bubble did
(05:19):
burst because I I have lived in Silicon Valley for
a very long time, and I have seen many bubbles
come and go. So the bubble did burst, and no
one I knew had a job in in the early
two thousands, and certainly I did not have a job.
And I turned around and I went back to school.
I got a degree in international relations and political science.
(05:43):
I spent two years studying Chinese and my intention was
to go to law school next and become a lawyer.
I'm like, well, you know, this computer stuff really isn't
working out. And I was. I was just about to
go to to law school and gotten into law school.
And the guy that I was I was dating at
(06:04):
the time said, you know, I I don't want to
leave the Bay area. The law schools that you got
into are far away. So I've just started a job
at this place called Twitter, and I think it might
go somewhere. So can you just like give me a year,
Just go get a job somewhere, give me a year
while we work all of this stuff out. And he
(06:26):
went to go work for Twitter, and I went to
go work for the Electronic Frontier Foundation. And my job was,
you know, extremely high powered and technical. It was my
job to answer the phone. I answered the phone at
e f F in two thousand seven, which was shortly
after the Civil Liberties Organization had filed a lawsuit against
(06:48):
A T and T for its part in the n
s AS warrantless wire tapping program that had been going
on since two thousand three. This was a Bush era program,
and that meant that we had a lot of people
contacting us who were are concerned about government surveillance. And
some of those people had really interesting cases, and some
of those people were in need of a therapist. And
(07:13):
it was my job to tell the difference between these
two kinds of people and to very patiently sort of
corral both of them. And that was something that I
that I did for several years, and it really gave
me a strong background in all of e f f
S different issues. I I learned about copyright, I got
(07:35):
to apply my international relations skills, I got to apply
my uh my language skills, and also my technical skills
when it came to know understanding how this kind of
surveillance worked. This was also the UM the height of
the m p A and the r a S efforts
to sue mostly college students for pirating UM movies and music,
(08:01):
and so I was also caring from a lot of
people who were only a couple of years younger than
I was, who had these, you know, terrifying letters that
were coming from the r A and the n p
a A saying, you know, give us thousands of dollars
or we will sue you into oblivion because you downloaded
a movie once or you downloaded an album. And so
I spent some time working on that as well. There
(08:22):
was actually a really interesting thing that happened while I
was doing this job, which was there was a a
law firm that came up with this interesting scam where
they would upload files to the Internet purporting to be
various types of porn, and then they would see who
(08:44):
downloaded it, and then they would send threatening letters to
that person saying, we know you downloaded this porn and
unless you want us to sue you a lawsuit in
which the title of this porn allowing people to know
embarrassing things about your taste in pornography. Unless you want
us to to file this lawsuit, please give us two
thousand dollars. And they sent out thousands and thousands of
(09:08):
these letters. It was a tremendous scam. So those were
my first experiences dealing with people who were being unfairly
surveiled unfairly targeted with vulnerable populations, with people who were
really scared and feeling powerless, and we're having their worst today,
and would then reach out to me. Were you comfortable
(09:30):
or how did you go about taking that role of
answering phones into really analyzing what was coming through and
these massive early issues with the Internet. Well, part of
it was was just the act of repetition. Once you've seen,
you know, several hundred different examples of the same issue,
you get really good at triaging it very fast. And
(09:52):
when you have accurately triaged things for for your legal
team or for your activism team, you know, consistently for
the better part of you know, a year or two
or three, than your peers start to trust your judgment
and you you know, kind of build up that kind
of rapport. But really it just came from doing it
(10:13):
over and over and over again until I got very
good at it. The work of answering the phones that
the Electronic Frontier Foundation had prior to me been a
job that famously burned people out. It was very rare
for somebody last more than a year doing that. Why
weren't you burned out by that job? I think I
just had a you know, text startup kids capacity for burnout.
(10:41):
I had a very different idea about what qualified has burnout.
And I'm not going to tell you that that was healthy.
It absolutely was not. I think the one of the
things that's really changed at e FF, and in fact
in just in workplaces in general, in the many years
have gone by since I since I did that job,
(11:03):
is that we have a lot more understanding of the
psychological impacts of doing this kind of work, and an
understanding that you can't expect people to deal with with
other people's trauma four seven every single day and now
a quick break even there was an incident at your
(11:28):
work that led you to really focus on cyber stocking.
I spent many years focused on the privacy and security
needs of activists and journalists, largely in North Africa and
the Middle East. A lot of this was happening during
the Arab Spring and sort of the years after the
Arab Spring. But in lateen early it became known that
(11:56):
my primary collaborator on all of the security research that
I was doing was a serial rapist. He had been
running around raping women for decades, and in January, I
think of an interview came out with one of his survivors,
and she was just terrified. She was really, really scared,
(12:17):
And everybody else in that article was really scared. And
they were scared of him, not just because he had
been raping women for several decades, but also because he
was a hacker, and they were afraid that he was
going to compromise their devices. So they all had their
you know, their microphones covered, and they all had their
cameras covered, and they were they were terrified, and I
(12:39):
was so mad. I got so mad, and I didn't
want anybody to ever feel that way again. And as
a result, I I started a project that was aimed
at the sort of commercial spy where that these kinds
of abusers use in order to stock their victims, and
I co founded an organization called the Coalition against Stalkerware,
(13:02):
and we've and working on this issue ever since. You
need an example to our listeners as to how it
all works and what it means to be cyber stocked. Well, Uh,
there are many different forms of electronic surveillance are stalking.
But the particular thing that I chose to focus on,
because it's so invasive and also very easy to do, UH,
(13:23):
is stockerware, so there is commercially available UH software that
anyone can find or purchase that if they have a
physical access to your device and they have like your
user name and password, which is an extremely common combination
of things. When you're dealing with somebody who is who
(13:45):
is abusing you, what the abuser does is they simply
grab the other person's phone when they're not looking, download
the stalker wear onto their phone, and then the phone
covertly ex fultraits data from the phone, usually to a
website which is run by the company that makes the
stoker wear, and then the abuser pays a monthly fee
(14:08):
to the stalker wear company in order to get that
get access to that data through a portal. You have
been vocal about trying to come after the executives from
the soccer wear companies, because presumably this is one of
the worst possible ways to to be making money in
this world. How have you been successful at that? I
(14:32):
have had some success when it comes to going after
the stoker wear companies themselves. I am very careful about
how how I do this because I am myself a
security researcher, and so I want to be really careful
not to use any of the tools that are used
to sort of persecute security researchers for doing our thing,
(14:56):
even against bad people. Uh. And I want to make
sure that I don't create any bad precedent that can
then be used to stop the kind of work that
I do. But in addition to the fact that stoccer
ware is very bad, it is often very poorly made,
it's often really insecure. So not only is your data
available to your stalker, but sometimes these portals leave data
(15:20):
open for anybody to see. And I have managed to
convince the FTC to take action against to such companies
that ended up behaving in this way. You've gone up
against some really powerful companies and powerful people. Have you
ever felt afraid? Have you faced me backlash? Before I
(15:40):
worked on domestic abuse, I was working on I was
working to support people who were being stalked by authoritarian governments.
And if you think an abusive partner is is a jerk,
wait until you are, say, going up against the Syrian government.
(16:04):
It's a very different kind of situation. And I have
been targeted before by a government that was angry about
my activism. The Vietnamese government actually sent me malware, but
I'm not scared because this sort of stuff is old
hat to me. I have been doing it for a
very long time, and it's just very difficult to frighten
me at this point, which means that I don't get
(16:26):
bullied a lot. What is your relationship to personal safety,
like in your own everyday life, not online? Well, a
lot of people are are surprised. They say, well, you
know I can find you online. I you know you're
using your real name. There are pictures of you. I
can see them, you know, I I know what city
you live in, and all that sort of thing you
(16:48):
use social media. I see that you have like an
Instagram account and a Facebook account whatever. And they say, well,
how dare you? You know, your privacy and security activist?
How can you can be how can you be doing this?
And the answer is that privacy and security are not
about living on a mountaintop throwing all of your devices
(17:08):
into the ocean, which is presumably located near this mountaintop.
It is about having control over your data and making
decisions about who you do and do not share it with.
And so my life is locked down, but it's not
so locked down that I can't move. I think one
of the most important things that we really lose sight
(17:30):
of when we talk about privacy and security online is
that you need some wiggle room. You can't just turn
around and leave the Internet. And that's advice that that
people give to survivors of domestic abuse all the time.
They're like, you're being harassed, you're being you know, you're
being followed, you're being stocked. Just just don't use the internet.
(17:52):
Just you know, shut down to all of your social
media accounts and never talked to your friends again. And
that's just more alienating. What about when you're just in
your everyday life, do you find that you're less trusting
of people? Given your work? I'm not sure what I
would use as a benchmark. I was never a particularly
trusting person. What is your personal life like when letting
(18:15):
a new relationship into your life? Are you more cautious
than the average person? I don't know. I don't have
an average person around to compare myself with. I limit
the kind of risks that I take, but I also,
you know, I live in reality where you have to
be able to communicate with other people and have them
(18:36):
be able to find you on occasion. I don't live
like a secret agent. Okay, so when you met your partner,
did you meet online? Or no? So you've never dated online? No? No,
I still meet people the old fashioned way where you
in meat space. I do not have any good advice
(18:57):
for trying to date online in the or of our Lord.
That seems terrifying. What is your relationship like with your
parents today? Really? Nice? Actually? I mean I did in
my mid twenties apologize to my parents for that the
(19:18):
entire time I was a teenager and now we get
along just fine, but I was, I was an exceptionally
difficult teenager. How would you define sort of the biggest
mistakes that most people are making when it comes to
exposing their own online world to potential stalkers or bad people. Well,
(19:42):
I think that the first thing people really need to
think about is so what we call threat modeling. So
you need to sit down and you need to think
about what you want to protect and who you want
to protect it from, because trying to protect everything from
everybody all at once is a good way to go insane.
It's just not practical. The other thing to keep in
mind is that the people that you trust today are
(20:05):
not necessarily going to be the same people that you
trust tomorrow. Abusers, for example, do not show up with
a great, big sign across their forehead saying hello, I'm
an abuser. They show up looking like the best thing
that's ever happened to you. And I think that it's
really important for people to understand the dynamics of abuse,
but also to understand how to lock someone out of
(20:27):
their lives, how to sort of take back all of
the permissions that they have given, and how to do
it decisively and quickly, and to to sort of practice
these skills in advance, because generally, when you need to
lock somebody out of your life, you are already in
a in a heightened state of panic, and that's not
(20:49):
when you want to be practicing tricky new skills. Now,
a lot of people feel like if a partner is
not allowing you to hold their phone and use their
phone and know their password, that they're hiding something that's
sort of the converse to you know, being protective. What
do you think about, I mean, does your partner have
(21:11):
access to your phone? Oh? Hell no? Okay, will they
ever know? Not their phone? So in twenty years he
would never be able to just use your phone to
look up something on the Internet. Is his phone broken?
Did something up to his fingers? Me? What if you're
going on a road trip and he forgot his phone,
we would chart around and go get it. Okay, So
(21:33):
there is no circumstance under which he can use your phone.
I mean in some sort of situation where like terrorists
are going to destroy the world unless I hand him
my phone. Sure, but for the most part, you know, no,
I have my own devices, I have my own privacy,
and there's no reason I would ever have to give
(21:55):
access to that stuff to another person. If I want
someone to have acts us to one of my devices,
I will set up a separate account for them that
they can log into in order to get to that
a device. And the same thing happens with you know,
all of the electronics around the house. You want access,
you can have an account, and when it's time for
you to go, I can change the password on that account.
(22:17):
I could lock that account out. I can delete that account.
But you don't get mine. And now a quick break
in gave a ted talk that you know has over
three million views. How did that change the tra doctory
of your career? I was actually kind of surprised. I was.
(22:39):
I was approached by Ted to give a talk, and
they sort of shrugged when I asked them what I
should talk about, like they didn't care. I just wanted
me to get up on stage and say stuff. And
I was like, Okay, alright, fine, I'll just talk about
this this thing that I'm currently working on. And I
didn't expect for it to st such a nerve, But
(23:03):
I think it was really just the combination of the
technical problem that I was working on, combined with the
kind of human interest story of all of these people
who are being targeted, combined with the human interest story
of I got so mad I decided to destroy an industry.
What are you working on today? Well, right now, I
(23:24):
have just spent a bunch of time working on physical trackers,
so like tiles and air tags, I am not destroying
the industry. I'm trying to get the industry to agree
on a standard that they will then publish so that
the people who make phones and other devices can build
sort of tracker detection directly into those devices that will
(23:45):
work all the time in the background, so you don't
have to like specifically download an app for every single
different type of tracker and then run a scan for
every single kind of tracker, because that is a health scape. Uh,
and that's sort of where we are now. The other
thing that I'm king on right now is uh, privacy
and safety for people who are seeking abortions and who
(24:06):
are doing abortion support. That's definitely my my last couple
of months of work and trying to come up with
with best practices for people, and also really bringing these
issues up to people who are working in tech or
making products and who are making platforms and get them
to think about how they are going to protect users
(24:26):
who are traveling to abortion clinics or searching for information
about abortions, or who are simply being prosecuted for their
pregnancy outcome, whether it was an abortion or a miscarriage.
And a lot of the danger to people in these
populations isn't widespread now, but I have spent a lot
(24:49):
of time working in authoritarian countries and watching laws get
past very quickly and watching the the entire threat landscape
change very quickly. And when you build a platform where
you build a tool, it's really hard to turn that
ship around fast. So I want them to start turning
(25:09):
it around now before it becomes necessary. You've said that
you were a difficult teenager. If Eva was a teenager today,
her parents would have Life three sixty and be tracking
her every move, how fast the vehicles she's driving in
or going. What are your thoughts on all of these
(25:29):
parental tracking devices that are now sort of the norm. Hilariously,
my parents wouldn't. My parents gave me a tremendous amount
of freedom, partially out of out of respect for my
need to go figure out who I was and what
I was doing, and that caused the great deal of anxiety.
(25:51):
But they did it. And part of that, I think
is because kids now grow up in a much more
heavily surveilled in environment then I did. I grew up
during an era of latch key kids, where it was
totally normal for kids to come home from school, let
themselves into the house, microwave up some ramen, possibly feed
(26:13):
their younger sibling, and then somewhere around eight or nine,
a very tired parent comes home. That's not what parenting
is like now. It's very different. So I think that
that that sort of comparison is just sort of unfair.
As for parenting apps, I think that parents should give
their their kids some room to grow and some slack,
(26:35):
but at the same time, if you are gonna watch
your kids and what they're doing online and what they're
doing on their various devices. There are are two bits
of advice that I have. The first is, don't lie
to them. Don't lie to them, don't fool them. Make
sure that they understand you know exactly here are the
tools that I am using. Here is the information that
they get. And the second is to talk to your
(26:55):
kids about being responsible online and how to look out
for threats themselves and make sure that they're comfortable coming
to you with problems. Like do some parenting. I think
that there is a there's a sort of authoritarian bent
in parenting right now. That's kind of idea that you
have to run your house like a police state and uh,
(27:18):
and you don't if you think you've got to fool
your kids. There are other solutions which which seemed like
they would probably be less harmful in the long run. Sam,
do you want to go to the speed round? Yeah?
What book are you reading right now? Right now? I
am reading a book called Braiding Sweet Grass, which is
about combining notions about science and environmentalism with the author's
(27:45):
experience as a native American growing up in the United States.
What is your morning routine. I wake up in the
morning and I have first coffee. No mental effort happens
before first coffee, and then I just sort of stagger
until I manage second coffee. I'm not a very good
morning person who leaves you star struck. Probably the last
(28:08):
time that I felt that way was I E. F. F.
Gave a Pioneer Award to William Gibson, and I stood
in the same room as the guy who wrote all
of the science fiction that really influenced a whole lot
of my early childhood, and I was extraordinarily impressed. But
mostly I was impressed not only that he wrote all
of these books that influenced me very much at an
early age, but that he is writing books now that
(28:31):
I feel are very much at the top of his game.
Because what he does with science fiction is what what
any good writer does, which is that people think you're
describing the future, but all you're really doing is describing
the present with a really discerning eye. And so he's
an amazing observer of the present. You're clearly very fearless.
(28:52):
What is your greatest fear? I've tackled so many of
my fears by just sort of throwing myself into them.
There are people who are afraid of public speaking, so
I took up competitive public speaking in college. There are
people who are afraid of heights. I am a circus arealist.
I do tricks thirty ft up at the euir upside
down and spinning until I'm not afraid of heights anymore.
(29:15):
But there are definitely is still still things that I
am afraid of, and I think that more than anything,
what I dread is is losing autonomy. I have a
tremendous amount of autonomy in my day to day life,
more than I ever thought that it was possible for
(29:35):
a person to have, and losing that would be, I think,
a really big blow. You know, years ago, I did
a book series called the Experts Guys Right two different things,
and I would always try to find the top expert
in every field, and certainly I would have approached Eva
(29:59):
for you know how to Protect Yourself Online chapter. But
I admire anyone who gets to the top of the
field like she has. I completely agree, and I think
with Eva. The thing that's even more interesting is she
is a woman who has really taken truth to power.
In a completely maldominated arena, right, all of those things together, like,
(30:20):
that's really hard, and in the national security arena, which,
like I don't know itself, is an intimidating place to be.
I thought the most surprising thing was how little fear
she has about her own safety and how little concern
she has for that. It really surprised me. I felt
like she was going to at least be a little
(30:40):
guarded about that, or or have some just practical concern.
But it almost makes you feel more powerful the fact
that she's not afraid at all. Absolutely Thanks for listening
to What's Her Story with Sam and Amy? We would
appreciate it if you leave her review wherever you get
your pot casts, and of course, connect with us on
(31:02):
social media at What's Her Story Podcast. What's Her Story
with Sam and Amy is powered by my company, The
Riveter at The Riveter dot c and Sam's company, park
Place Payments at park place Payments dot com. Thanks to
our producer Stacy Parra and our male perspective Blue Burns
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Nikki Glaser Podcast
Every week comedian and infamous roaster Nikki Glaser provides a fun, fast-paced, and brutally honest look into current pop-culture and her own personal life.