Lock and Code

Data protection, believe it or not, is not synonymous with privacy, or even data privacy. But around the world, countless members of the public often innocently misconstrue these three topics with one another, swapping the terms and the concepts behind them.  Typically, that wouldn't be a problem—not every person needs to know the minute details of every data-related concept, law, and practice. But when the public is unaware of its rights under data protection, it might be unaware of how to assert those rights.  Today, on the Lock and Code podcast with host David Ruiz, we speak with Gabriela Zanfir-Fortuna, the vice president for global privacy at Future of Privacy Forum, to finally clear up the air on these related topics, and to understand how US law differs from EU law, even though the US helped lead the way on data protection proposals all the way back in 1973. 

In 2017, a former NSA contractor was arrested for allegedly leaking an internal report to the online news outlet The Intercept. To verify the report itself, a journalist for The Intercept sent an image of the report to the NSA, but upon further inspection, it was revealed that the image was actually a scan of a physical document.  This difference—between an entirely digital, perhaps only-emailed document, and a physical piece of paper—spurred several suspicions that the news outlet had played an unintended role in identifying the NSA contractor to her employer, because the NSA did not have to find people who merely accessed the report, but only people who had printed it.  This is what journalism can look like in the modern age. There are countless digital traces left behind that can puncture the safety and security of both journalists and their sources.  Today, on the Lock and Code podcast with host David Ruiz, we speak with security researcher Runa Sandvik about how she helps reporters tell important stories securely and privately amongst many digital threats. 

Three years ago, a journalist for Gizmodo removed five of the biggest tech companies from her life—restricting her from using services and hardware developed or owned by Google, Apple, Amazon, Facebook, and Microsoft. The experiment, according to the reporter, was "hell."  But in 2022, cybersecurity evangelist Carey Parker, who also hosts the podcast Firewalls Don't Stop Dragons, wanted to do something similar, just on a smaller scale, and with a focus on privacy. Today, on Lock and Code with host David Ruiz, we speak with Parker about lessening his own interactions with one of the biggest tech companies around: Google. Tune in to hear about privacy-preserving alternatives and unforeseen obstacles in Parker's current de-Googlization effort. 

How would you feel if the words you wrote to someone while in a crisis—maybe you were suicidal, maybe you were newly homeless, maybe you were suffering from emotional abuse at home—were later used to train a customer support tool?  Those emotions you might behaving right now were directed last month at Crisis Text Line, after the news outlet Politico reported that the nonprofit organization had been sharing anonymized conversational data with a for-profit venture that Crisis Text Line had itself spun off at an earlier date, in an attempt to one day boost the nonprofit's own funding.  Today, on Lock and Code with host David Ruiz, we’re speaking with Courtney Brown, the former director of a suicide hotline network that was part of the broader National Suicide Prevention Lifeline, to help us understand data privacy principles for crisis support services and whether sharing this type of data is ever okay.   

Two years ago, the FBI reportedly purchased a copy of the world's most coveted spyware, a tool that can remotely and silently crack into Androids and iPhones without leaving a trace, spilling device contents onto a console possibly thousands of miles away, with little more effort than entering a phone number. This tool is Pegasus, and, though the FBI claimed it never used the spyware in investigations, the use of Pegasus abroad has led to surveillance abuses the world over.  On Lock and Code today, host David Ruiz provides an in-depth look at Pegasus: Who makes it, how much information can steal from mobile devices, how does it get onto those devices, and who has been provably harmed by its surveillance capabilities?

You've likely fallen for it before—a simulated test sent by your own company to determine whether its employees are vulnerable to one of the most pernicious online threats today: Phishing. Those simulated phishing tests often come with a voluntary or mandatory training afterwards, with questions and lessons about what mistakes you made, right after you made them.  But this extremely popular phishing defense practice might not work. In fact, it might make you worse at recognizing phishing attempts in the future. That's what Daniele Lain and his fellow PhD candidates at the ETH Zurich university in Switzerland revealed in a recent 15-month study, which we discuss today on Lock and Code, with host David Ruiz.

In 2017, the largest ransomware attack ever recorded hit the world, infecting more than 230,000 computers across more than 150 countries in just 24 hours. And it could have been solved with a patch that was released nearly two months prior. This was the WannaCry ransomware attack, and its final, economic impact—in ransoms paid but also in downtime and recovery efforts—has been estimated at about $4 billion. All of it could have been avoided if every organization running a vulnerable version of Windows 7 had patched that vulnerability, as Microsoft recommended. But that obviously didn't happen. Why is that? In today's episode of Lock and Code with host David Ruiz, we speak with cybersecurity professional Jess Dodson about why patching is so hard to get right for so many organizations, and what we could all do to better improve our patching duties.

We are only days into 2022, which means what better time for a 2021 retrospective? But rather than looking at the biggest cyberattacks of last year—which we already did—or the most surprising—like we did a couple of years ago—we wanted to offer something different for readers and listeners.  On today's episode of Lock and Code, with host David Ruiz, we spoke with Malwarebytes Labs' editor-in-chief Anna Brading and Labs' writer Mark Stockley about what upset them the most about cybersecurity in 2021.

In August, the NFT for a cartoon rock sold for $1.3 million, and ever since then, much of the world has been asking: What the heck is going on? On today's episode of Lock and Code, with host David Ruiz, we speak with Malwarebytes' Mark Stockley, TechCrunch's Lucas Matney, and Pilot 44's Mike Maizels about the basics of NFTs and the cryptocurrency-related technology behind them, the implied value of NFTs and why people are paying so much money for them, and the future of NFT's both within the art world and beyond it.

In 2021, the war for computer superiority has a clear winner, and it is the Macintosh, by Apple. The company's Pro laptops are finally, belatedly equipped with ports that have been standard in other computers for years. The company's beleaguered "butterfly" keyboard has seemingly been erased from history. And the base model of company's powerhouse desktop tower could set you back a hefty $6,000. What's not to love? On Lock and Code this week, we talk to Mac security expert Thomas Reed about why Macs are clearly the best... or are they?