Thursday, 21 December 2017

Infosec vs. its predators

Pundits suggest the "Weinstein moment" — a broader, deeper awareness of abusive conduct, sexual harassment and criminal sexuality — is already fading without significant change. Few of the offenders face consequences worse than losing a gig, and yesterday we learned The New York Times isn't even up to that, letting its celebrity groper keep his job and trotting out Executive Editor Dean Baquet to dismiss his admitted behavior as merely "offensive." Sarah Jeong looks at another example: the hacker community, which did a surprisingly good job of outing its "missing stairs" but has trouble banishing them for good.

In information security, as in many other industries where the accused is a prominent figure, accusations can turn into a competition of social capital, and the accused almost always wins out over their accusers. But in this community, giving an accused rapist a pass has often been framed as a moral imperative with four words: “He does good work.” The assumption is that talent is scarce and sexual misconduct must be tolerated for the good of society. Little to no consideration is given to what we lose from disbelieving victims — their technical and social contributions, any future contributions by people who quite reasonably decide to avoid a toxic culture, and even beyond that, the quiet erosion of trust among bystanders. Complicity leaves a stain on us all.