Andrew 🌻 Brandt 🐇<p>Last night I attended the <a href="https://infosec.exchange/tags/Boulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Boulder</span></a> BVSD school district's District Accountability Committee meeting. I am the representative to my kids' high school at the DAC, that advises the school board on policy matters. It's a commitment I made to staying involved in local school operations, regardless of the outcome of the election last year.</p><p>The DAC is considering updates to policies surrounding the searches of and interrogations of students on school grounds. The DAC policy subcommittee made several positive changes that strengthen the protections this policy gives to students, who under these kind of circumstances are obviously in a power-imbalance situation.</p><p>But there was one change that I couldn't abide, and when I brought it up, it started a nearly hourlong debate in which many other DAC representatives chimed in with their own concerns.</p><p>The change was to give schools the permission to search students' mobile devices and laptops. It was a one-line insertion into an existing policy that gives school officials permission to search student lockers. </p><p>I made the point that phones/laptops often contain highly sensitive, personal information that falls outside the scope of any legitimate investigation, and that the language was overbroad and failed to take into account the need for student data privacy and limiting the scope of the search, and raises significant civil rights issues.</p><p>Another DAC member raised the issue that the policy seems to lay the responsibility for students maintaining the security of their devices on the students, even when an adult has access to those devices, which seemed weirdly out of sync.</p><p>Yet another DAC member was concerned that there was no guidance about how such searches would be conducted, and under what circumstances. Doesn't changing a policy like this lead to potential 'fishing expeditions' on specious evidence or even just allegations of misbehavior without evidence? </p><p>In the end, the DAC thought this policy would sail through and be passed along to the BVSD board for their approval next week. I think the policy needs significant rework and there's no way the board should pass it in its current form. I will speak at the school board meeting next week to get that point across, because the way it looks right now, I would not want my name connected to this policy.</p><p><a href="https://infosec.exchange/tags/COpolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>COpolitics</span></a> <a href="https://infosec.exchange/tags/BVSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BVSD</span></a> <a href="https://infosec.exchange/tags/SchoolBoard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SchoolBoard</span></a> <a href="https://infosec.exchange/tags/policy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>policy</span></a> <a href="https://infosec.exchange/tags/electmorehackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>electmorehackers</span></a> <a href="https://infosec.exchange/tags/4thAmendment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4thAmendment</span></a> <a href="https://infosec.exchange/tags/PolicyHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PolicyHackers</span></a> <a href="https://infosec.exchange/tags/education" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>education</span></a> <a href="https://infosec.exchange/tags/USPol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USPol</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
217active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#electmorehackers
0 posts · 0 participants · 0 posts today
Andrew 🌻 Brandt 🐇<p><span class="h-card" translate="no"><a href="https://mastodon.social/@dangillmor" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dangillmor</span></a></span> ...which is just another reason we should <a href="https://infosec.exchange/tags/ElectMoreHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ElectMoreHackers</span></a> so we have legislators who have the technical chops to build some consumer protection policy with teeth!</p>
Andrew 🌻 Brandt 🐇<p>The Aspen Tech Policy Hub is organizing some training in how hackers can engage in tech policy by learning how to speak and write effectively to communicate with lawmakers. They're calling it "The Cyber Civil Defense Policy Training Series"</p><p>The first one starts next Tuesday.</p><p>Sign up for one, or all three, here: <a href="https://aspenpolicyacademy.org/short-courses#cybersecurityseries" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">aspenpolicyacademy.org/short-c</span><span class="invisible">ourses#cybersecurityseries</span></a></p><p><a href="https://infosec.exchange/tags/ElectMoreHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ElectMoreHackers</span></a> <a href="https://infosec.exchange/tags/TechPolicy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechPolicy</span></a> <a href="https://infosec.exchange/tags/Policy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Policy</span></a> <a href="https://infosec.exchange/tags/engage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>engage</span></a> <a href="https://infosec.exchange/tags/engagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>engagement</span></a> <a href="https://infosec.exchange/tags/fightforthefuture" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fightforthefuture</span></a> <a href="https://infosec.exchange/tags/AspenTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AspenTech</span></a> <a href="https://infosec.exchange/tags/AspenTechPolicyHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AspenTechPolicyHub</span></a></p>
Andrew Brandt<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@paul_ipv6" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>paul_ipv6</span></a></span> <span class="h-card" translate="no"><a href="https://sfba.social/@DeliaChristina" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>DeliaChristina</span></a></span> and I am operating a campaign to recruit and train progressives in the information security and technology sectors to seek public office<br><a href="https://electmorehackers.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">electmorehackers.com</span><span class="invisible"></span></a><br><a href="https://toot.bldrweb.org/tags/ElectMoreHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ElectMoreHackers</span></a></p>
Andrew Brandt<p>Last October, while in the home stretch of an off-year campaign for elected office, a political candidate's inbox received a series of email-borne attacks. @SophosXOps investigated both the business email compromise (BEC) and the phishing emails the candidate received. </p><p><a href="https://news.sophos.com/en-us/2024/06/13/election-phishing-campaign/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.sophos.com/en-us/2024/06/</span><span class="invisible">13/election-phishing-campaign/</span></a></p><p><a href="https://toot.bldrweb.org/tags/politics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>politics</span></a> <a href="https://toot.bldrweb.org/tags/COpolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>COpolitics</span></a> <a href="https://toot.bldrweb.org/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> <a href="https://toot.bldrweb.org/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spam</span></a> <a href="https://toot.bldrweb.org/tags/BEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BEC</span></a> <a href="https://toot.bldrweb.org/tags/BVSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BVSD</span></a> <a href="https://toot.bldrweb.org/tags/SchoolBoard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SchoolBoard</span></a> <a href="https://toot.bldrweb.org/tags/ElectMoreHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ElectMoreHackers</span></a></p>
Andrew 🌻 Brandt 🐇<p>Oh look, the feature <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> will be adding to <a href="https://infosec.exchange/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows</span></a> that nobody ever asked for or wanted: A full recording of absolutely everything you do on your computer, supposedly "powered by AI"</p><p>Yeech. We need to <a href="https://infosec.exchange/tags/ElectMoreHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ElectMoreHackers</span></a> so we can get a national data privacy law and rein in this kind of outrageous corporate hunger for data.</p><p><a href="https://arstechnica.com/gadgets/2024/05/microsofts-new-recall-feature-will-record-everything-you-do-on-your-pc/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/gadgets/2024/0</span><span class="invisible">5/microsofts-new-recall-feature-will-record-everything-you-do-on-your-pc/</span></a></p><p><a href="https://infosec.exchange/tags/spyware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spyware</span></a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a></p>
Andrew 🌻 Brandt 🐇<p>I'm actually astonished at how bad the answers were from this Colorado state senator Mark Baisley (2nd from left, so-called "freedom senator") to questions on this panel about <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> and <a href="https://infosec.exchange/tags/elections" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>elections</span></a>.</p><p>When asked about the risks to lower or local/downballot candidates were minimal (wrong!), and when asked how political parties or candidates should protect voter roll data, he answered "obfuscation, security through obfuscation" (I guess he's unfamiliar with the baseline security principle of "there's no security through obscurity.")</p><p>We desperately need more people to run for office who know what they're talking about. This was just embarrassing. </p><p><a href="https://infosec.exchange/tags/COPolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>COPolitics</span></a> <a href="https://infosec.exchange/tags/ElectMoreHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ElectMoreHackers</span></a></p>
Andrew 🌻 Brandt 🐇<p>I'm at Google in <a href="https://infosec.exchange/tags/Boulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Boulder</span></a> attending the Defending Digital Campaigns summit, with a lot of folks discussing how politicians and political campaigns are targets for cybercrime and a whole host of other threats. Jena Griswold just spoke about all the problems elections officials face. <a href="https://infosec.exchange/tags/COPolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>COPolitics</span></a> <a href="https://infosec.exchange/tags/Colorado" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Colorado</span></a> <a href="https://infosec.exchange/tags/ElectMoreHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ElectMoreHackers</span></a></p>
Andrew 🌻 Brandt 🐇<p><span class="h-card" translate="no"><a href="https://defcon.social/@Irishmasms" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Irishmasms</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dangoodin</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@eff" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>eff</span></a></span> Look, everyone in this conversation is someone I admire and recognize as knowledgable and sincere in their desire to help and protect others. I don't think name-calling benefits anyone.</p><p>We can agree that different people have different threat models. I'm not a Colombian narco lord who the NSA wrote a specialized payload to run in my smart TV. But I do have concerns about what activity my television reports up to Samsung or LG, or whoever the TV sends telemetry back to.</p><p>I've actually seen the content of the traffic that multiple smart TVs in my home have sent back, and it's more than I feel comfortable with. Do I think it poses a grave risk? No. Do I want to have more control over what should be a glorified monitor does with its access to my internal network? Absolutely!</p><p>And Dan is correct about this: It has become routine for a wide variety of devices we use more intimately and directly and frequently to collect and transmit a significant amount of usage data to their creators or to third parties, and the lack of a coherent national set of enforceable data privacy rules/laws/whatevers has given this trend a chance to fester and grow. </p><p>We should not accept this as inevitable. We should not throw up our hands and be resigned to the fact that this is just the way things are. They do not need to be this way.</p><p>Feckless political leaders, in the pockets of large tech companies, are why we are here, and why we cannot pass meaningful legislation that protects consumers. We are fighting for our very lives against massive industrial giants who want to market us as products.</p><p>This is why we need to <a href="https://infosec.exchange/tags/ElectMoreHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ElectMoreHackers</span></a>. We cannot rely on disinterested or (frankly) corrupted politicians to push for these changes that would benefit so many.</p>
Andrew 🌻 Brandt 🐇<p>I will say this as often as I need to until people understand.</p><p>A word that everyone clearly recognizes as meaning "someone who commits crimes" or, in the words of these clout-chasing fools, "seeks to destroy identities, ruin lives, destabilizes economies, and take down organizations" already exists.</p><p>That word is CRIMINAL.</p><p>I reclaim the word <a href="https://infosec.exchange/tags/hacker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacker</span></a> in the name of all the creative, inspirational people who live their lives to help others.</p><p><a href="https://infosec.exchange/tags/CriminalsSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CriminalsSuck</span></a> and we should <a href="https://infosec.exchange/tags/ElectMoreHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ElectMoreHackers</span></a> not demonize them with outdated derogatory, defamatory stereotypes</p><p><a href="https://infosec.exchange/tags/hackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hackers</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a></p>
Andrew Brandt<p>I've spent the last few months canvassing residential neighborhoods in <a href="https://toot.bldrweb.org/tags/Boulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Boulder</span></a> for petition signatures for various candidates I support. But because I am an inveterate <a href="https://toot.bldrweb.org/tags/hacker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacker</span></a> I quickly realized I could bump up my <a href="https://toot.bldrweb.org/tags/WiGLE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WiGLE</span></a> <a href="https://toot.bldrweb.org/tags/wwwd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wwwd</span></a> rank if I engaged in a little complementary war-walking. </p><p>The <a href="https://toot.bldrweb.org/tags/HackerBoxes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerBoxes</span></a> "wispy" kit (<a href="https://hackerboxes.com/collections/past-hackerboxes/products/hackerbox-0089-wispy" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackerboxes.com/collections/pa</span><span class="invisible">st-hackerboxes/products/hackerbox-0089-wispy</span></a>) is a pair of ESP-32 WROOM dev boards, a GPS receiver and a daughterboard with an OLED display and two antenna mounts. It tracks wifi and Bluetooth/BLE and fits inside a clipboard! <a href="https://toot.bldrweb.org/tags/ElectMoreHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ElectMoreHackers</span></a></p>
Andrew Brandt<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dangoodin</span></a></span> Just more examples of my argument that we need to <a href="https://toot.bldrweb.org/tags/ElectMoreHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ElectMoreHackers</span></a> if we want technically competent legislators who won't embarrass themselves by making wildly inaccurate accusations, and then basing the creation of policy off of those misunderstandings of the fundamental nature of the technology</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload