Episode 84: Free Alexa! Cory Doctorow on jailbreaking Voice Assistants and hacking diversity with Rapid7’s Corey Thomas

In this week’s Security Ledger Podcast (#84): The 1990s era Digital Millennium Copyright Act made it a crime to subvert copy protections in software and hardware.  We speak with Cory Doctorow of the Electronic Frontier Foundation about his group’s efforts to win an exemption from that law for voice assistants like the Amazon Echo and Google Home. Also: February is Black History Month in the United States. We interview Corey Thomas, the Chief Executive Officer of the firm Rapid 7 about what it means to be a black man in the information security industry and about his path to the field.

Free Alexa!

As Security Ledger has reported: right to repair legislation is circulating in state houses across the country, as consumer advocates seek to enshrine in law the right of owners, researchers and independent repair shops to jailbreak, take apart, fix and otherwise tinker with connected devices -from smart phones to connected appliances and vehicles.

Is there a right to hack voice assistants like Google Home? The Electronic Frontier Foundation thinks so. (Image courtesy of Google.)

In the way of that effort is an imposing obstacle: the 1996 Digital Millennium Copyright Act, or DMCA, which made it illegal to circumvent copyright protections in a wide range of products. Originally conceived as a way to protect movies, music and video games from software piracy, the reach of the DMCA has expanded along with the number of software-controlled objects. It is now cited as justification to limit the rights of farmers to repair their own farm equipment, of independent repair shops to replace parts in smart phones and other appliances and of individuals to install and run their own software and applications on a wide range of devices.

In our first segment on this week’s podcast, we invited Cory Doctorow of the Electronic Frontier Foundation (@doctorow) in to talk about the latest front in that war: voice assistants such as Amazon’s Echo and Google Home. As Security Ledger reported last week, the EFF is seeking an exemption to the DMCA covering the devices.

Cory explains to us why his group is focused on those devices and what winning an exemption might mean for the rest of the Internet of Things.

[Also check out “Episode 81: Hacking IoT with Physics, Poor Grades for Safety Wearables and Peak Ransomware“]

Hacking Diversity with Rapid7 CEO Corey Thomas

In our second segment: the information security field is booming, as companies scramble to find professionals with skills like security operations center operations, network defense experts and malware reverse engineerings. That’s a great thing for professionals in the field. (Though, on second thought, maybe it isn’t!)

Corey Thomas, Rapid7
Corey Thomas is the CEO of Rapid7.

But like so many other things, the fruits of that labor shortage are not spread evenly across society. Women as well as racial and ethnic minorities, in particular, are woefully under represented in information security. Black men and women, for example, account for just 3 percent of information security professionals, compared with 12 percent of the US population. More than a few experts have pointed out that such disparities aren’t only not fair – they’re really not good for the industry itself.

In the midst of this, Black History Month, we wanted to dig deeper into the question of race and information security by speaking to prominent information security professionals-of-color about their experiences coming up in the field. We’re also asking what it will take to increase the share of information security pros who are minorities.

For Rapid 7 CEO Corey Thomas, the answer is the same thing it takes to create other professionals: strong schools and then mentors and support for young professionals after they leave school. In this interview, Corey talks about his own path to the information security industry and how he went from being an electricians son to the head of a billion dollar cyber security firm.