Computer security is traditionally about the protection of technology, whereas trust and safety efforts focus on preventing technology abuse from harming people. In this talk, we’ll explore the interplay between security and tech abuse, and make the case that trust and safety represents an important frontier for computer security researchers. To do so, we will draw on examples from two lines of my recent work.
First, an overview our work on technology abuse in the context of intimate partner violence (IPV) will be presented. IPV is a widespread social ill affecting about one in four women and one in ten men at some point in their lives. Via interviews with survivors and professionals, online measurement studies, and reverse engineering of malicious tools, our research has provided the most granular view to date of technology abuse in IPV contexts. This has helped educate our efforts on intervention design, most notably in the form of what we call clinical computer security: direct, expert assistance to help survivors navigate technology abuse. Our work led to establishing the Clinic to End Tech Abuse, which has so far worked to help hundreds of survivors of IPV in New York City.
Second, we’ll discuss how basic security tools like encrypted messaging need to be adapted in light of tech abuse. Here we find a fundamental tension between the desire for messaging service providers to help moderate malicious content and the confidentiality goals of encryption, which prevent the platform from seeing content. How we end up reconceptualizing and redesigning basic cryptographic tools to more securely support abuse mitigation will be presented.
The talk will include content on abuse, including discussion of physical, sexual, and emotional violence.
Bio:
Thomas Ristenpart is an associate professor at Cornell Tech and a member of the computer science department at Cornell University. Before joining Cornell Tech in May, 2015, he spent four and a half years as an assistant professor at the University of Wisconsin-Madison. He completed his Ph.D. at UC San Diego in 2010. His research spans a wide range of computer security topics, with recent focuses including digital privacy and safety in intimate partner violence, anti-abuse mitigations for encrypted messaging systems, improvements to authentication mechanisms including passwords, and topics in applied and theoretical cryptography. His work is routinely featured in the media and has been recognized by a number of distinguished paper awards, two ACM CCS test-of-time awards, an Advocate of New York City award, an NSF CAREER Award, and a Sloan Research Fellowship.