Conversations #94: Craigslist Founder Discusses Importance of Women in Cybersecurity

Conversations #94: Craigslist Founder Discusses Importance of Women in Cybersecurity

Written by Craig Newmark

Podcast

iTunesSpotifyGoogleVideoMore Episodes

Joey Rosenberg, President of Product and Communications at Women Who Code, sits down with Craig Newmark, Philanthropist and Founder of Craigslist. They discuss his work to protect the country and help people build networks for better cybersecurity, defending against disinformation warfare, fighting online harassment, supporting ethical and trustworthy journalism, particularly in underserved communities, supporting veterans and military families, supporting organizations advancing women in tech, like Women Who Code, and supporting pigeon protection. 

What drives your philanthropic efforts, and what motivates you particularly to support women in tech?

Ultimately, it concerns the moral compass set in Sunday School. They told me I should treat people like I want to be treated. Among other things, they told me to know when enough is enough. This means giving people a break. This means that I am my brother’s and my sister’s keeper now and then.

I’ve been successful because I’ve been in the right time and place by accident. I know that makes me the forest gump of the internet, but I’ve been lucky and don’t see any point in keeping it all for myself. I’m trying to give it away in smart ways that help protect the country, meaning I help and defend the people who help and defend our country.

What is your view about the current representation of women in tech, both in startups and established companies?

It’s not what I’d like to see. When I went to college, it was the second wave of feminism, and I saw a lot of women going into computer science and engineering. Things started really well in the late ’70s and ’80s, but then suddenly, many women in those fields seemed to disappear. I didn’t understand a number of the problems involved, including a lack of opportunity and then outright harassment.

I’m trying to help others address that thing. For example, helping out women in tech groups, but also helping groups like the Coalition Against Online Violence. They are committed to fighting harassment directed against women, which is a huge problem. The worst is directed towards women in journalism, who are the most motivated to fight back.

I see a problem I don’t understand, and my strategy is normally finding people who do understand it and know how to fight back, and then I’ll help them out.

Your philanthropic efforts have included cybersecurity support. Why is investing in this area important in particular?

We are a country at war. There are adversaries overseas who want to hurt us, and one big means of the attack is cyberspace, specifically the internet. Many people, like vets and military families, sacrifice a lot to defend us. Military families give up a lot. I decided to do some of that. I started finding people doing good work, helping them out, finding more people who do good work, and helping them out. These days, most of my time is spent in cybersecurity and supporting vets and military families.

Tell us a little about how the world would benefit from having more diverse people in cybersecurity, looking at the challenges from different perspectives.

First, we need to stand up for what we believe in. Fairness involves treating people like you want to be treated. Then, in practice, our enemies are always trying new ways of attacking us. That means you continually need new thinking and new ways of looking at attacking and defense. You need people from all walks of life. Finally, the numerical need for cybersecurity specialists is so big, in the hundreds of thousands, that you need everyone you can get to enlist. If you could do something to help protect the country, you should do it.

Tell us about your view on the evolution of technology and the rapid pace of development as balanced against privacy and data security. Talk to me about those different areas and how we get that balance right.

To improve things, we have what Homeland Security CISA calls “Shields Up” or “Secure Our World.” One of the technologies that will make things a lot better is passkeys. They replace passwords. With passwords, sometimes it’s easy to trick you into giving them up through social engineering or phishing. Passkeys, there are no credentials to give up. That solves a bunch of problems.

On the other hand, we have a whole new set of unknown vulnerabilities. As we get smarter and smarter about artificial intelligence, specifically Generative AI, no one knows where it’s going. I’m trying to help Common Sense Media establish guardrails for kids’ use of AI. They’re trying to rate the safety of AIs for kids. My concern is that you want large language models. You don’t want to train them using source material, which is all about lying to people. I’m talking to people in the background quietly because my theme is that I’m not all that smart. I know how to help smart people, which works for me.

Are there any other things we should do to create good outcomes? What does good look like? How do we know when we got there if we did it right?

I want to see ChatGPT-like systems using source material that we know is fact-checked and well-intended. Two sources of that are Wikipedia, but I’ve also observed that Bloomberg News already has a GPT System built, which is not available to the public. They have strict fact-checking requirements. Their customers demand that, and I’d like to find some trustworthy Generative AI systems. They have a lot of great potential, but I’ve seen disappointing ones, a little probing, and they’re what they call hallucinating, and I just call lying.

How do we effectively equip children to use Generative AI and be prepared for the future? One of the skills I see missing is not just ignoring that AI is there, but how do you recognize when you’re getting a bad output?

Fact-checking is hard, time-consuming, and expensive. As an engineer, go after the low-hanging fruit, focus on sources that you know are trustworthy, and avoid sources that you know are lying to us and maybe attacking our country. The folks at Wikipedia have done a good job of analyzing that. There’s also possible help coming from NewsGuard, although my heart and contribution dollars are more with Wikipedia.

What do ethics and ethical leadership have to do with building the outcome we want where we get to use technology, but we’re also protected against things like disinformation warfare and just disinformation, in general, that’s so widespread?

I remember from Sunday school there’s this ninth commandment thing, which prohibits what they call false witness, which is not a bad definition of disinformation. That’s an entire ethical framework right there. There are some tough questions, but find sources that do not bear false witness. Sometimes, the best-intentioned and most professional news sources get things wrong. There’s a difference between sometimes getting things wrong and intentionally getting things wrong all the time.

How do we make security on the web easier for individuals and developers so that they can operate with good intentions?

In terms of security, there’s that CISA stuff, Shields Up, to help people move fast from strong passwords and two-factor authentication to Passkeys. I’ve been bugging the big highs to accelerate universal adoption, which might be working. We must find ways to remind people to patch their systems as quickly as possible. When your phone or notebook says, “Hey, there’s an update,” you do it.

It’s harder in large enterprises where sometimes hundreds or thousands of systems must be patched. Sometimes, people have a lot of servers that are running on old versions of software. We need to convince companies to update those systems. I don’t have much clout in that argument, but when boards of directors realize that due diligence, insurance, and litigation safety require them to keep things up to date, that may have an effect. 

What must be done at a policy level to enhance cybersecurity and protect users?

I’m not a policy guy. I’m an engineer and much more pragmatic. We need the lawyers and insurance agents to point out due diligence requirements for security in areas like keeping your systems up to date.

Also, there are systems through the net that work with law enforcement. They look for systems that are either infected with ransomware or are being actively operated on by ransomware gangs. We need victim notification systems that can safely notify victims, where the victims will take those notifications seriously, stop bad guys, and fix their systems. I’ll push in those two areas, getting help from lawyers and others pointing out due diligence for shareholders. That can work.

You are supporting Women Who Code this Giving Tuesday. Can you share why you decided to support Women Who Code?

I find people who are good at helping others in areas like protecting the country. Sometimes, you want to give a hand to someone. In Sunday school, I learned that sometimes you are your brothers’ or your sisters’ keeper, and if you’re lucky enough to have done well, it’s just the right thing to help a little bit.

Craig is generously supporting Women Who Code this Giving Tuesday. It’s happening on November 28th. His donation and yours can help us continue empowering diverse women to excel in technology careers. Early giving has begun, so feel free to give today and be part of the Women Who Code Movement to transform lives and communities by making tech a  more diverse, equitable, and inclusive space for women and underserved technologists. Join us on Giving Tuesday on November 28th now or at the link below, or you can also text to give. You just text “Giving Tuesday 2023 to 844-844-6844. 

craig newmark philanthropies

***************

Video: https://youtu.be/rNSq-hzyUAs

Host: Joey Rosenberg, President of Product and Communications at Women Who Code

Guest: Craig Newmark, Philanthropist and Founder of Craigslist

Producer: Kimberly Jacobs, Senior Communications Manager, WWCode

Producer: JL Lewitin, Senior Producer, Press, Digital Content, WWCode