Cybersecurity: It Isn't Just About You

Topics Discussed

Thank you for being a part of our community! We couldn't do what we do without you. To become a financial supporter of the show, please visit our Patreon page, subscribe to our Premium content on Apple Podcasts Subscriptions, purchase a copy of our book, I Think You're Wrong (But I'm Listening), or share the word about our work in your own circles. Follow us on Instagram, Twitter, and Facebook for our real time reactions to breaking news, GIF news threads, and personal content. To purchase Pantsuit Politics merchandise, check out our TeePublic store and our branded tumblers available in partnership with Stealth Steel Designs. To read along with us, join our Extra Credit Book Club subscription. You can find information and links for all our sponsors on our website.

Episode Resources

TEACHING AND EDUCATION

Transcript

Klon Kitchen [00:00:00] The United States is the most technologically leveraged nation in the world. So what that means is it's a double-edged sword, it means one. We get to have these great lives and great toys. But two, we have realized all of these advantages by innovating faster than we can secure. 

Sarah [00:00:24] This is Sarah Stewart Holland. 

Beth [00:00:26] And this Beth Silvers. 

Sarah [00:00:27] Thank you for joining us for Pantsuit Politics. 

[00:00:43] Hello, everyone, and welcome to another episode. We are here today talking about the state of public education, cybersecurity, because if you did not know it is Cybersecurity Awareness Month, and we have a very special guest Klon Kitchen joining us to talk about cybersecurity. We're going to close out the show as we always do, talking about what's on our mind outside politics, and today we're talking about reading habits. 

Beth [00:01:07] Before we do that, we have another big announcement. We know that the holidays bring a fresh flavor of stress in our lives, especially as we negotiate different perspectives from family and friends about COVID 19, how everyone is feeling about Joe Biden, and whatever YouTube video happens to be revealing the truth about things in a given moment. So we thought we would all take a deep breath together and get prepared for this time of year in community. And we're going to do that with our first annual holiday huddle. 

Sarah [00:01:38] This will be a live, ticketed event on Zoom, where you'll be able to ask questions in real-time. We'll be talking about decision-making and words and phrases that can help you move the conversation forward and, perhaps most importantly, exit strategies for difficult moments. You don't want to miss it. It will be on November 18th at 8:00 p.m. Eastern Standard Time. Mark your calendars and use the link in the show notes to register. 

Sarah [00:02:10] There has been a lot of reporting in the last few weeks about the state of public school registration, specifically, school enrollment declined by nearly three million students in the first year of the pandemic. It's the largest decrease in more than two decades, according to the Census Bureau. And the decline from about 76 million students to about 73 million students. And this decline is really steepest among younger children in preschool and those attending two-year colleges. So really, on like both ends of the spectrum. 

Beth [00:02:43] We also see an increase in parents opting for charter schools, which are public schools. They're publicly funded, but they're run by private groups. We see homeschooling increasing, we see Christian education increasing. 2020 was a huge hit to the school system for a lot of reasons that are probably obvious, and California, in particular, is seeing enrollment dropping and average daily attendance rates that are so low that it's jeopardizing the funding for those schools to just continue to operate normally. 

Sarah [00:03:12] Yeah, there's so much reporting about, like school board members and administrators literally going door to door and finding students like where where are they? Where did they go? Because this isn't just people choosing a different path. There are some people whose children are not going to school. Again, you see it on both spectrums, right? So it's easy to justify keeping a really young preschool student out of head start or keeping a really young child out of kindergarten for an additional year. It's easy to justify prolonging starting college another year, especially if you can earn a lot right now to support your family. But I think that this is is still a problem across the board, even if it's the attendance is there, it is attendance in name only right. There is a real struggle with participation, with all the testing to try to figure out where kids are to try to get them caught up. It's just a struggle. And I think, you know, I have friends who both put their kids in private school during the pandemic because they couldn't deal with the in and out as far as virtual schooling and not virtual schooling. And I have friends who have returned to the public school and I have friends that have not. That have stayed in the private school system. 

Beth [00:04:22] And I just think it's important for us to hold space for how hard it is out there in public schools right now. We can't fix those problems. We can't even name all those problems. I think it's going to take a lot of years to really understand all the dynamics that have influenced the way people are interacting with the public school system right now. Sitting here today, though, we know it's hard. There is a nationwide shortage of school workers. Everyone from teachers to bus drivers to custodial staff. We need more people who are willing to work in schools. We know that school board meetings are the new town halls and not in a good way that there are incredibly hostile situations unfolding, some quite dangerous across the country. And national politics are influencing how people are talking about curriculum and how people are talking about safety protocols. So it's just an intense time. 

Sarah [00:05:14] Last week, I cried through an entire teacher meeting about my youngest son, Felix, who has just been struggling. Just behavior issue, after behavior issue, after behavior issue and literally like the morning I was supposed to go meet with her, the New York Times sent a one of their parenting emails that was basically like, the kids are struggling in school, and it was so many things it's like they're out of practice, they didn't get that, you know, steady attendance. You know, Felix, even though he went to head start. So he had, you know, sort of regular school attendance before he started in kindergarten. I mean, since he started elementary school, his kindergarten year was last year. Like, I don't think he's had one solid five-day week or maybe like two where he went all five days and there wasn't a holiday or a substitute or he wasn't quarantined or there wasn't a virtual day one day like. And it's just it's showing, man, it's showing like one of the teachers was quoted in the email saying, like, they just forgot how to be here. A lot of us did like, they just forgot how to follow the rules and they need practice, and not to mention just the stress and anxiety of the pandemic. If they've lost somebody, if they've had anxiety about getting COVID, if they've embodied or manifested or definitely feel the conflict at those school board meetings, the nastiness about masks because, you know, if you are a child and you're hearing this fight, I don't care what side of the fight you're on, what they're hearing is, one group doesn't care about me. Depending on where you are, right? One group I shouldn't trust because they don't care about me based on whatever side of the debate you're on, right? If you're if you're a person advocating for masks, then it's hard not for kids to hear the message that, well, my government or my teachers and administrators don't care for me. And the reverse if you're a person advocating against masks, then your kids are going to hear my teachers and my administrators in school, they don't care about me because they want to make me wear this mask all day long and like, that's just how are they supposed to put that into perspective, right? Like, how are they supposed to have the tools to make sense of all that? I mean, the adults can't make sense of it and that anxiety and that anger and that frustration is just this bubbling cauldron on which we're all supposed to like, swim around and learn in. 

Beth [00:07:39] And you multiply that by however many kids you're responsible for as an adult in a school. And then you add on the school doing all kinds of new things because of COVID 19 safety protocols, new technologies, because we learned all this stuff through virtual learning, all the new assessment, as you said, trying to figure out where we are, all these new programs to spend some of the relief dollars that schools received and to try to show that it's worth continuing to invest in schools through those relief dollars, trying to just make up for missed learning time and what you end up with is a completely unsustainable place. My sister sent me a couple of articles about this. She and her husband are both teachers in Chicago. And it really resonated with me when I saw one of these articles saying, here's what would help and what would help did not sound like even higher salaries it was. Can we just hit pause on new things? Can we just take a second and let things settle? Can we help everybody remember how to be here? Can we get through a year? Can we have a few meetings less a week? Can we make those meetings shorter? Can you not scrutinize my social studies lesson plans because you're worried about critical race theory or whatever controversy is swirling through our community? Just a little more time, a little more trust. Give me some space to operate. 

Sarah [00:09:04] Listen, I grew up in a family of educators, and way before the pandemic, I heard we get one thing figured out and they add something new or something starts working and they come up with a new approach. Well, that is endemic in the public school system, and I think it leads to a lot of conflict between administrators and teachers. I'm not I don't think we're breaking any new ground naming that. And I think with the idea that and it is a gendered idea because teaching is a gendered profession, Anne Helen Petersen is done some excellent right on this that we want teachers to be martyrs. You know that because it's a largely gendered profession. Women are supposed to sacrifice for the greater good and give it all for the kids. And it's just not. It's not fair. It's unethical. It's asking people for work they don't get paid for, which is wrong. And I think that that conversation has gotten I don't know if the actual practice has gotten better, but I feel like the awareness. I have teachers in my lot, in my own life, and we have teachers in our audience that name that now and say, No, I have boundaries. I'm not doing that. I'm not doing everything because it makes me a good person. You know, I am a good person and I'm a good teacher and I have to have boundaries. I'd like that to be less of an individual approach in conversation and more of a systemic approach in conversation. 

Beth [00:10:25] Because there does still seem to be that kind of we can do it, everybody just another day. Take care of yourselves, try to get some yoga in, you know, here's a donut. Like, we do this for the kids and that's wonderful. And I'm not faulting any administrator who is using whatever tools that administrator can find because the administrators are not OK, either, just like the parents or not. I mean, you know, of course, the kids are absorbing all of this because we're all a mess. And of course, that mess kind of Tripoli falls at the door of people who are responsible for so many other people during the course of the day. So we just want to say we see it and we care about it and where we can advocate for acknowledging these issues and treating anyone who works in a public school custodian. Secretary, lunch personnel. Everybody deserves a lot of grace right now. 

Sarah [00:11:20] Next up, we're going to talk to Klon Kitchen about cybersecurity. 

Beth [00:11:38] I am really excited to introduce you to Klon Kitchen because I am a devoted reader of his excellent newsletter on cybersecurity, The Kitchen Sync. Klon has extensive experience in cybersecurity and strategy. He has worked in senior roles with the Office of the Director of National Intelligence at the National Counterterrorism Center and as the lead analyst on Al Qaida senior leadership at the Defense Intelligence Agency. He served as national security adviser to Senator Ben Sasse, and he is currently a senior fellow at the American Enterprise Institute. And even if you think cybersecurity doesn't matter to me, listen, we go all the way to Tik Tok in this conversation, so we hope you enjoy it. I'm so excited that you're here. I'm a huge fan of your newsletter, and I wanted to tell our audience why I like your newsletter so much. I am like the ideal Apple user. I like things that look pretty and work easily, and I don't care what's under the hood and I can't follow what's under the hood when we start talking about that. And it's nice for me to be able to read about cybersecurity from someone with your level of experience and expertise and that I can still follow because it doesn't become so hyper-technical that it loses me. So thank you for that. 

Klon Kitchen [00:12:43] Yeah, that's the goal. Thank you. 

Beth [00:12:45] I really appreciate too the precision that you bring to describing cyber threats. I feel like I opened a lot of articles and I'm just reading about hacking. And when I come to your newsletter, I understand here's what happened. Here's the impact of that. Here's maybe the goal and that precision helps me. So I'm wondering from a big picture perspective if you can help us organize our thinking about what we're talking about when we discuss cyber security, is there some sort of taxonomy that you use to describe what kinds of threats are out there? Who's behind those threats and what the goals are? 

Klon Kitchen [00:13:20] Sure, I do. And one of the reasons why I think this can be so confusing is because it's very confusing. There are a lot of bad guys out there. It is a very technical, challenging problem that touches essentially every aspect of our life. There are kind of every day there's new ways that all of this stuff can be manipulated or used or abused. And so, you know, for normal people who are living normal lives, of course, they're not following all this, you know? And so I guess I just say that to say, you're not the only one and you're not crazy, right? One other kind of broad context that I think will be helpful for your listeners. We live in an awesome country, and one of the things that makes our country awesome is that we have available to us amazing technologies, technologies that really expand human thriving and make our daily lives easier, whether it be, you know, all the amazing things that our phones can do or just the normal provision of, you know, regular services. But it's also true that with all that has come a fact that the United States is the most technologically leveraged nation in the world. So what that means is it's a double-edged sword. It means one. We get to have these great lives and great toys. But too, we have realized all of these advantages by innovating faster than we can secure. And that has been a natural byproduct of the free market economy that we enjoy, where you don't need the government's permission to try new things and build businesses. That's all great, but it's also been a little bit of a choice, one that prioritized getting out there quickly, getting out there fast and we can do this new thing. Let's do it without fully understanding its its implications. So all that to say, in a technical term, we call that threat surface. So the United States is a very broad threat surface, which just simply means we're pretty vulnerable now. Over the last couple of years, we have taken a lot of actions to help secure ourselves. But among the most kind of significant threats, getting into kind of some details here that everybody will be aware of are things like ransomware, right? So that ransomware is a piece of malicious code. Often sometimes called malware that somehow gets on to one of your devices. Typically, it's sent via email and you click on something that looks like a file. And what it does is, it locks your computer so that you can no longer gain access to your information. And the only way you can get access is by paying a ransom, typically with some type of digital currency. And that has become very prevalent. And it's not only happening more frequently, it's actually become a service. So bad guys online are now providing ransomware as a service so best. If you wanted to be an evil person and sort ransoming large portions of people where you could go to a website, literally pay them to do it for you. And the barriers to entry are very low. So ransomware is a big one. And then general cyber security more broadly involves things like insider threats. So people who work at a company who, for whatever reason, get angry and they want to do damage to the company and they leak information. You have criminal syndicates who are trying to get all kinds of large swaths of data that they can then sell on to other people who can use that information for, you know, bad guy stuff that can include things like identity theft or a host of other things. So I could go on and on and on. But the point is is that cyber threats are incredibly diverse. They're only becoming more diverse. And as we continue to integrate these technologies into our lives, there's going to have to be a type of consumer education that has to come alongside that alongside some very necessary government action. 

Beth [00:17:27] You talk about that threat surface. Yeah, that seems complicated in the United States, just because we have this real distinction between government, private sector, private citizen, that doesn't exist in some of the places where a lot of this malicious activity is coming from. And so when you think about the U.S. that is trying to be secured, who is responsible for this problem? 

Klon Kitchen [00:17:50] Yeah. So all of us. So as you mentioned. So what we refer to as critical infrastructure. This is the plumbing that makes the nation work, its electrical lines, its water, sewage, its, you know, nuclear power plants. It's all the infrastructure that allows our nation to operate and thrive when we refer to critical infrastructure. The overwhelming portion of that is owned in private industry, not by government and. It's been great. Right, as I mentioned earlier, that private industry is what has allowed us to develop all of these amazing tools for the most part because governments typically are not very good at that. At the same time, as those have become more and more central to our daily lives, their potential disruption becomes a real issue of government concern because it goes to our way of life and the security of our people, potentially even life and death. We as a nation are trying to figure out how do we do this? Because by law, the federal government. So it takes someone who's really, really good at doing cyber stuff like the National Security Administration or agency, the NSA. We have amazing cyber ninjas who can do just stuff that you can't even imagine, but legally, they're not allowed to be on domestic private networks. And there's a reason for that, right? That goes to constitutional protections against government surveillance and a whole bunch of other things. And that's a decision we've made as a society, and we just have to fully understand that in making that choice, we've made a trade right. We've traded some portion of security for a greater portion of privacy. Or I would essentially we've said I would rather fear bad guys overseas than to fear my own government. OK. Well, that's a rational choice that we that we've made, and we made it from the very beginning of our nation. But that I think what we're realizing is that choice is more costly than it used to be, particularly in the context of cyber. And so I think a part of what's going on right now is as a society, we're renegotiating all that and trying to figure out, well, OK, in an era where something like facial recognition technology. So the idea that cameras will essentially be able to positively I.D. everybody and will be essentially ubiquitous in the in the public square, at least. Well, what is a right to privacy look like in a world of ubiquitous recognition and identification? Because, you know, it's easy. It's easy to recognize all the bad things that come with that like that rightly gives us all the heebie-jeebies. But there's some really good stuff, too. So imagine, for example, if your neighborhood had cameras and could proactively identify convicted child predators. And could send a text message to families in the neighborhood, Hey, if I write or what if you know someone who might otherwise be kind of wrongly arrested could quickly be removed from suspicion because they had been? No, no. Look there right there we see them. They've been positive. It's not that right now there's the flip side of all that we're all those bad things could happen. But all that to say these issues aren't going away, and technologies like these and the cybersecurity issues associated with them are only proliferating and people such as yourself and the general public by necessity, going to become more sophisticated in the thinking about them because there's just no escaping it. 

Sarah [00:21:27] When you brought up the child pornography example, I was intrigued to ask what you think about the recent Apple controversy, where they put forward security protocols to scan photos and flag photos with child pornography issues, and then there was such a privacy outcry that they walked it back. I mean, I understand the privacy concerns, but I also understand that child pornography for anybody who understands what it's like on the web has gotten bigger than almost any entity, including the federal government, can handle. And so I actually appreciated Apple's efforts, even though I understand the security concerns like in order to tackle if people care about child pornography and child sex trafficking, which they absolutely should because it is a massive issue in the dark web, then there's going to have to be some big solutions. And how do we balance that? 

Klon Kitchen [00:22:20] Yeah. Well, importantly, there's a there's a broader political and I don't mean that in a gross way. I just mean specifically a political context here where part of the debate that's going on right now is we talk about cybersecurity, for example, is employing encryption technologies more broadly. So when we talk about encryption, what we mean is using math to make your communications and your pictures and all kinds of your content. Even if it gets stolen, the bad guys can't use it. It's hidden by fancy math. That's essentially encryption. You know, for Apple example, your iMessages, your text messages to other Apple phones or iPhones, those are encrypted end to end, which means that Apple can't see the content of that communication. And the only person who can is the person you're sending it to. Well, they have been engaged by law enforcement about that because they are concerned that those messages could include child exploitation materials, so you could text a picture to someone else and it could contain child exploitation. You know, San Bernardino terrorists, you know, several years ago was using an iPhone. We couldn't get on and it was encrypted. So companies like Apple were being engaged by the government and being pressured. And often the idea of child exploitation is used as an example of the type of thing that law enforcement wants to be able to get at a very compelling argument. OK, well, Apple, for its own reasons, doesn't want to make less secure services or devices, right? That's what a lot of us are buying it for is because it's secure and same time they want to try and address some of the justifications that are being thrown at them, particularly child exploitation. So this recent effort fits into that context. It wasn't like they just decided, Hey, we're going to do this. It was them trying to be responsive in a way I think they would identify as kind of a middle road way. We don't want to make our devices less secure and just be, you know, kind of completely open to the federal government. At the same time, the point about child exploitation is very real, and maybe there's something we could do about that. OK, so that's the context. The thing they did was pay a lot of this exploitation material we actually have and we can do what's called hashing. Essentially, that means you put a digital fingerprint on it so that if it ever shows up, an automatic algorithm can proactively identify that and remove it without a human ever having to see it. Right. So you essentially break an image or a video down into individual pixels and you just understand like, OK, this is what the digital fingerprint looks like on there. And then the algorithm is constantly scanning for all known digital fingerprints associated with this kind of material. And so what they were going to do is, is they were going to have an algorithm that lived on your phone that was constantly scanning your images or any of those known exploitation materials. And then if anything was found, it would be removed and a notification would be provided to Apple and then passed me on to law enforcement. There's a lot more details, but that's basically the idea. You know, none of this is easy. And the people who pretend like it is, I think, either don't understand or, you know, have a have an agenda. There is, you know, some degree, I think of lost privacy. I think Apple's intentions weren't nefarious, but it looks like at least at this point, they did not make a sufficiently good argument to where society was willing to kind of make the trade. I mean, essentially what we decided was, no, we'll take the status quo in terms of the risk of child exploitation rather than give up a greater amount of our privacy. 

Sarah [00:26:15] Well, I think that the case got made to a small population who was loud and who cares prioritizes privacy because they are tech and security experts. And that's fine. I'm not mad at that, but I don't think the problem is because this topic is intimidating, I think if you polled it to the mass amount of Americans and sort of presented it the way you just did, you'd have a different outcome. But I think Apple, you know, maybe didn't open it. And that conversation opened it up enough to like everybody as opposed to the people who understood what the heck they were talking about. 

Klon Kitchen [00:26:47] Yeah, yeah. I think that's right. 

Beth [00:26:49] Yeah, I mean, to that point, I think this whole conversation is hard because when I talked to people about privacy issues, I hear a lot of I got nothing to hide, like it's fine and I enjoy my shopping recommendations like the algorithms have made my life better in a way that I'm willing to accept. And I don't know how to find a space between that sort of personal sensibility about things and the very big out there China, Russia, bad actors conversation that we can kind of live in and move toward greater security in a productive way. 

Sarah [00:27:25] I do think you have a fair amount of people that you get that I don't care. I don't have anything to hide, but I am creeped out by Alexa and how I talk about something. And then it shows up in my Instagram feed. I do hear that pretty often. 

Klon Kitchen [00:27:35] Yeah, yeah. Well, so Eric Schmidt, former CEO of Google, used to call that the creepy line. Like they want to get right up to the creepy line where it's like, How did you know that? You know, a lot of people often feel it's not true, but they often feel like I think my phone must have been listening to me because I was talking to a friend about this. And then all of a sudden I started seeing ads. There are different ways that shows up. It's not listening to your voice, but it's still creepy. I look part of this is just coming and resolving yourself to understand that there is an aspect of our privacy that we have already given away, that we're not getting back. OK, we have we are going to be known. We are already known. Right. So you like Gmail? Well, that's not free. I know you're not paying for it, but it's not free and you're the product. And that's the deal we made now. Did everybody understand that when they signed up for Gmail? Of course not. Hmm. But that's not going away because there have been times where people have tried to help pay for the service and we won't collect any data. And we won't share it, and we won't sell ads, you just pay us directly, you know, five bucks a month and all the unlimited amount, nobody goes for it, nobody goes for it. So we have just made a decision knowingly or unknowingly, it's still been made. And some of that's just not going to be rolled back. And we're going to have to adjust to that and we're going to figure that out. At the same time, a lot of people, my friends, my family, you know, as you mentioned, Sarah, you know, they get creeped out by Alexa and Google, you know, but they still buy it. Right? They still have it. A lot of people will have a tendency to say, well, this is just a market failure, you know, consumers don't understand. Well, maybe it's also a market decision. And there has been no lack of criticism for these companies, there has been no lack of kind of concerns raised about all the various things, and yet here we are doubling down. I mean, consider the news on social media companies, which by the way, I'm only on Twitter and that's purely professional and I'm always looking for ways to get off. But that's the only piece of social media I'm on. I'm increasingly convinced that social media is a net negative for society. And yet, you know, I'm on there because I have some professional interest in doing that. So we're all sending mixed messages because we've all got mixed feelings. And I think that is a good way to characterize American attitudes toward technology. We like the convenience. We know it makes certain aspects of our life better. At the same time, we also know that part of it is a dumpster fire and that it's really awful. 

Beth [00:30:30] We'd love to take us back to that big picture of you then, because that is part of what makes us a great country and also a really good target. Can you help us understand when we hear about efforts coming out of Russia or China? What what's the goal of those efforts? 

Klon Kitchen [00:30:49] OK. I'll use China as an example, and you can understand that that will have broad applications beyond that. So in one sense, it's normal intelligence activity or espionage, right? There have been stories recently about a hack that came out of China associated with the Chinese military and intelligence services against the Microsoft Exchange servers, which just gave them huge access to a lot of information. Well, they have a number of reasons where they might, why they might be doing that. But generally it all boils down to intelligence. It's a relatively cheap, efficient way to get a lot of information. There's a level of deniability to it. Right? So you can obscure it enough to where you have possible deniability. And so the barriers are too low to prevent that kind of that type of activity and the benefits to other nations are too high for them not to do it. Now, to be clear, we do this too, right? This is normal behavior for states, and I often say I'm not mad at China for playing the game. I'm mad at us for letting them win. Right? That's the point. More and more broadly, though, there is something with China, particularly that I think extends beyond that. China's like every nation in the history of the world in that it seeks to build and wield geopolitical influence for its own interests. That's a rational way of operating in the in the international world. And they have rightly, I think, concluded that leaving in a couple of key technological sectors is going to be essential for building and wielding that influence going forward. So they need to be able to lead an artificial intelligence or quantum computing or semiconductor manufacturing or robotics. You know, and so on and so forth. But those are all industries of the future that are not only going to be the basis of the new economy, but also those are the technologies that are going to define and win battlefields. Well, they don't have the dynamic innovation environment that we do. And so for decades, they have been stealing intellectual property that will allow them to kind of catch up to the West in those technology areas. And one of the most efficient, deniable ways of stealing intellectual property is through cyber means, right? And so that defines a lot of what we've been seeing out of the Chinese government for two decades. That has been a key initiative that they have had is to kind of steal intellectual property. And now they've actually written their laws in such a way as to where by law, if you're operating, any company operating in China has to provide their intellectual property and any data they collect. To the Chinese government and then any Chinese government or excuse me, any Chinese company, no matter where they operate, has to do the same, which is one of the reasons why I raised a big red flag about Ticktalk, which is a Chinese owned social media company. That is amazing. It's huge in the United States, but by law they have to make their data available to the Chinese government. 

Beth [00:33:54] I really appreciate you confirming my Tik Tok fears. I have serious Tik Tok concerns. I did not want to put the app on my phone. 

Sarah [00:34:00] I made her. It was me. I made her. 

Beth [00:34:01] Sarah made me. 

Sarah [00:34:03] Yeah, I made her. I'm sorry. It was me. 

Klon Kitchen [00:34:06] Well, I mean, look, the thing is is, you know, there's give me a lot of your listeners who have Tik Tok and you made this point earlier. Hey, I don't really care what they know about me. I'm kind of a no thanks. I appreciate that no one, if you knew what I could do with your information, you may change your mind because I can do a lot.

Beth [00:34:24] I'm certain I would.

Klon Kitchen [00:34:28] But then too, it's not just about you. Yeah, you are a piece of a much broader mosaic, and that mosaic of of insight and of knowledge provides real advantage to a government that is increasingly adversarial to our interests and to our people. And so there's a corporate sense here, too. Yeah. 

Beth [00:34:50] On that note, I have been dying to hear you talk more about your idea of issuing cyber letters of marque and reprisal. Can you explain to people who've never heard those words what that means and what you think it could look like? 

Klon Kitchen [00:35:06] So constitutionally, Congress has the ability to give the president the authority to issue what's called letters of marque and reprisal. So we actually use these previously. So President Jefferson issued letters of mark to private naval vessels to go after, harass and even destroy the Barbary pirates who were who were intercepting and harassing American naval trade during the during the early years of our of our nation. So it is literally a constitutional authority. So no one has to make anything of it exists, but essentially what it what it does is it gives the president the ability to use private sector actors to conduct what is normally a government function, typically in the context of security. Well, in the cyber domain one, there are more threats than we can handle. There is real capacity in the private sector to do very narrow surgical things. So when I advocate for the occasional and selective issuing of cyber letters of Mark, what I'm advocating for is that the government turn to trusted private sector actors with strong government oversight to conduct specific activities on behalf of the government in the cyber domain. I am not talking about another issue that is often completed with this, and this is the idea of hacking back. There has been a lot of people who have called for a law that would allow private sector actors to simply hackers. So when they get hired to kind of follow them outside of their networks and get their stuff back and that be a general law, I do not support that. I think that would be bad. Bad, bad. Letters of Mark, I understand to be something much more narrow, and I think that's important one, because there's plenty of work to be done right now and the government can't do it on its own. But then too, if and when we ever find ourselves in a true nation on nation war, that war is going to be very crowded, it's going to be very complex and it's going to be very bad. And a part of that crowded and complex environment is going to be. I mean, as we were retirement, you know, the Russians and the Chinese, they're going to be using private sector actors in the cyber domain coming after us, and we're going to need private sector actors on our side who are trained and capable to help repel all of that. And letters of marque are an entry into building that capacity, you know, kind of getting reps in slowly, carefully and methodically building a capability for what may eventually be a requirement. 

Beth [00:37:57] How do we know when we're in that war? Versus what? Takes place today, 

Klon Kitchen [00:38:03] what takes place now is at war, so you'll know because there won't be any question at the point where we are in a nation on nation war and the types of things that I'm describing are happening. We won't, will know, things won't work. Things will be going off. It'll be it'll be there won't be any ambiguity about that. But we do. Your point is is is good in the sense of we do, especially online. We do operate in this kind of gray zone where there's constant confrontation between nations and actors. There's constant kind of friction, right? Sometimes it's conflict, sometimes it's harassment. Sometimes it's watching them watch us, you know, and it is it one of the reasons why all of this can be very. You know, frustrating or difficult is because it's. It's always moving, it's very dynamic and there's always layers to it, you know, because, you know, when it comes to cyber, if someone's in your network and can watch, you will, they're literally only a keystroke away from being able to hurt you. Right. And so is that offense or defense? Well, it depends on the second, you know, and what their intentions are, and I don't always know what those are. 

Beth [00:39:28] Is that why you oppose the hacking back? Because that actor wouldn't be able to see all of those layers and understand what could be triggered? 

Klon Kitchen [00:39:37] That's part of it, I mean, I mostly oppose hacking back because it would be a cluster. I mean, they were just you. There's no guarantee that people would actually understand what they were doing, that they would be as careful as they need to be, that they understand the secondary and tertiary implications of taking satellite. It would just be the wild wild west. I mean, it would be online anarchy, and I'm not advocating for that. 

Beth [00:39:58] So as as we wrap up here and I could talk to you all day and I have lots of questions about lots of things, so we may be asking you if you'll come back and spend more time with us, but I would love to know I really appreciated the way that you put into context that it's not just about my personal data, that I am part of a much bigger effort than I see all the time. So what's my piece of that? What can I do to help with that effort? 

Klon Kitchen [00:40:21] Well, the first thing is I think a fair number of people have done this already, but move as much of your stuff to the cloud as possible. And when I say the cloud, all I mean is the online services that are offered by Amazon or Google or Microsoft or Apple. The idea of, you know, not having everything live on your device, but you're doing Google Docs or word docs and you're doing them online rather than living on your device. The reason I say that is because these companies literally spend billions of dollars every year on cybersecurity because it's an existential challenge for them. They know that if they're if their users aren't secure, they're not going to use their services. So there's no one spending more on this than they. They automate a lot of this so that you don't have to think about it. You don't have to know what's the latest antivirus thing I need to know and do. Like now they've got that. They've got that covered. I would say also investing in a VPN or virtual private network. So you can get that as an app on your phone or you can pay for it as a service. And once you download and install it, what it does is it funnels all of your online activity through essentially an encrypted pipe that even if someone sees, Okay, well, Beth is online and I see activity. I don't know what's going on inside the pipe. I can't get inside to see the content, so I don't know what websites she's visiting. I don't know where online shopping habits look like. And typically, that's very affordable. I mean, there's a number, there's one that I've used in the past called F-Secure, and I think I paid 50 bucks a year to be able to put that on five different devices, you know, so it's, I think, relatively affordable. The other thing I'd say is two more things or one the cloud and VPN to clean up your online life. So just remember that when you post on Facebook, that picture of you on vacation with the family, hey, you know, we're in Vancouver. Well, that means that people know you're not home. Right. And if they want to drop by and see the place and you're not going to be coming home in shock, you know, surprising them any time soon. You know, you're giving that away. Also, remember that you know your online profiles can tell a lot about who you are, you know? So just you want to be smart about that and there are ways that you can you can kind of hide that information. And if you just Google search like if you're talking about on Chrome web browser or if you're talking about on an app, you can typically just Google, search the name of the app and then say privacy. And they'll typically take you to the page where you can adjust those settings. The final thing is I would just encourage you to be aware specifically that other nations use their technology companies to spy on Americans, period. That's not up for debate. That's not ambiguous. That is established. Truth and law at this point. And so part of it is on the U.S. government in terms of, well, we're making these things available. And that's dumb, but you know, I'm working on that on my side. But from a user side, just understand that. Always check, you know where this app is and just ask yourself, like, how important is it that I look at a picture that makes me look old? Like, how important is that really? Because that was a Russian held firm and they were grabbing your face. Those are the types of of consumer decisions that we need to have. Be informed and I'll take stock as we move forward. 

Beth [00:44:02] If you want to keep up with you, your newsletter, they should sign up for what? What else? 

Klon Kitchen [00:44:06] So the newsletter is The Kitchen Sync, S-Y-N-C dot Tech. Every week I send out kind of a quick digest and commentary on the week's technology in our security news written for. I've got a lot of people in there, but it's largely written for a general consumer audience. I am a senior fellow at the American Enterprise Institute. So if you go to a board, you can see everything I've written. I read a lot of garbage. I'm on TV occasionally and podcasts like these, so feel free to call me in whatever way suits you best. 

Beth [00:44:40] Well, thank you so much. 

Beth [00:44:51] Sarah, what's on your mind outside of politics? 

Sarah [00:44:53] It's cozy season, reading season, every season is reading season. That's the truth. It's like summer reading season. It's winter reading season. Anyway, the point is, I get a lot of questions about my reading habits. I read a lot. I read around 75 bucks a year. So I thought I would talk a little bit about how I get that many books read. The first question I get the most is, do you read more than one book at once? And yes, I definitely read more than one book at once. You read more than one book at once. 

Beth [00:45:22] I do. And I also travel with you and can attest to the fact that Sarah reads more than one book at once. She uses more than one journal at a time like anything that Sarah has found to be a good thing. She's going to do it in multiples, and I admire that about you, Sarah.

Sarah [00:45:35] It's just listen, it's embarrassing. It's a scene. I roll into, like a weekend trip with, like three journals and four books. It's often my expectations exceed the reality because I think I'm going to get like four books read in a weekend, and I just keep doing it. Anyway, that's not the point. OK, so I do read more than one book at a time. I usually read about two nonfiction books and one fiction book at a time. I have read more than one fiction book at a time, but it's not something I do often because you do risk getting the plots confused. They get all just meshed together. And I read more nonfiction than I read fiction. Even though I love fiction, I'm devoted to fiction. I think fiction is important for your mental health. Anyway. OK, so here's what I do that I think Beth drives Beth crazy or would not be the best strategy for you. I like to pick like a number of pages to read every day. So like, I have my daily reading homework. 

Beth [00:46:33] Yeah, that is not for me. I admire it about you. It's just not because I don't. For me, I am not trying to read a certain number of books a year. I am not trying to track my reading the way that you're trying to track your reading. I read for specific purposes, which we can talk about in a second, but it is not a quantitative exercise for me the way that it is for you. 

Sarah [00:46:54] Well, I've thought a lot about it, and that's not really why I do it. I think it helps me read more books a year. I do it because when I feel like when it just hangs out there, oh, I should read some of that today, then it feels like a chore. And so I like the idea of like, Well, I'm reading this many pages, and when I'm done, I'm done. Then I can watch TV or whatever. So like right now, I'm reading 10 pages of Barack Obama's biography a day because I want to get it read by the end of the year because I got it for Christmas last year. Now it's set on my bedside table this entire year because you're never going to pick up a 700 page book and be like, Let me just chip away at this today. Like, that's just never going to sound appealing, right? But like clicking off 10 pages is very satisfying. So that's the big reason I do it, and that really motivates me. And sometimes often I will set a reading goal of so many books of so many pages a day. I'll get started in the book and then I will finish it way ahead of schedule. 

Beth [00:47:51] I think the difference is that I never worry that I'm not reading enough because we read all the time for our work. I know that I'm reading all day. 

Sarah [00:48:00] I want to read books and I don't want to read the dang internet. I want to read books. 

Beth [00:48:02] I want to read books too. But I also have to recognize you only have so much capacity as a human being. And if I'm reading a GAO report and a Supreme Court case and 15 email newsletters and three Atlantic articles. Like that's, that's a lot more reading than the average person is going to do in the course of the day, and I feel OK about it. And so, even the nonfiction books that I read, I try to be really excited when I sit down to spend time with them. I want it to feel like a treat when I spend time with the book instead of, like a chore. And for me, even putting I get your strategy and I really respect that. It just putting those parameters for me still puts it on the chore list, and I'm full up on chores. I don't want anymore. 

Sarah [00:48:42] The other thing I do is particularly with fiction books, I check them out from the library, so I have a deadline. I like a deadline. I have to read it by a certain date or it's going to disappear from my Kindle. Now you can game that system and turn it on airport mode, but I try not to do that too much. I have books on hold so that that like when they come available, I have to read, I have to check them out. I have to read them by a certain time. It puts in a little bit of pressure, some deadlines. I read books for book clubs so that I have a deadline. I'm in a couple of books club so that I know I have to read them by a certain point. I just have to have that extra bit of motivation. When I started doing that, my reading took off and I want to read, there's a lot of dang books I read and people keep writing more, which I think is rude and stressful. I really wish we could all just push pause for like six months and let everybody catch up. 

Beth [00:49:31] Except for our book, which will come out next spring and will clearly be worth your time. 

Sarah [00:49:34] Right, right. 

Beth [00:49:35] That wasn't rude.

Sarah [00:49:36] But, otherwise, otherwise, you know what I mean? Like, that's so. And I've started rereading classics, which I find deeply, deeply comforting and satisfying. And like the treaty-est of all, treats. So I assign myself pages. I have deadlines, either through the Library or book club. And third, and this is the harder one for people. I really don't watch that much television. I haven't watched any television this week. I've read every night and I've and I've watched a little more recently. I watched the first episode of Squid Games. I watched the first episode of the Mare of Easttown. Obviously, I did watch Ted Lasso both seasons. 

Beth [00:50:16] Can I just pause you for a second? And tell you that Tracy, our executive producer who loves us both dearly and says this with affection, is like, I hear Sarah say, she doesn't watch TV. But then I hear Sarah talk about everything that everyone's talking about on TV. It doesn't sound right to me. It doesn't add up. 

Sarah [00:50:32] But I don't. I mean, like, I watch. So I watch squid games a week ago and this entire week I have not watched any television at night. I've done other things I've read because I just at the end of the day, I think I find books more satisfying. I'm never like disappointed. Especially the nonfiction book where I feel like I learned a lot or I found like some interesting perspective. I don't get to it than the end and think, That was disappointing, but I often get to the end of a television show and think, I wish I had that hour back. Even when they're good, like I don't, I don't listen. The other thing is all I'm an only child. TV was my sibling. OK, you have no idea how much television I watched as a child and young adult. Like, I'm still probably hours in front of the average American. I've got space in my lifetime television consumption to skip a lot of days, OK? And so I think that's just that's the I mean that. But that is the reality. Most nights I'm reading, I am not watching television. I just want to be upfront about that. 

Beth [00:51:30] So my practice is to have long, meaty nonfiction books in progress, and I will have multiple of those just depending on what is pulling at my attention today. If it is a light and breezy nonfiction, I try to get through it pretty quickly. Or something like, you know, we just both read Stephanie Grisham's book about the Trump administration. I'm reading Peril now. I'll finish that quickly. Yeah. A book like Humankind, like you referenced on the show the other day, I'm working my way through slowly. I'm working my way through Far From the Tree slowly because of your recommendation. There are lots of, 

Sarah [00:52:01] oh yeah, far from the tree took me like two years. 

Beth [00:52:03] There are lots of spiritual books that I just kind of work through slowly. And then fiction I use like a weekend retreat for myself. If I am going to pick up a fiction book, I am going to plow through that thing and just enjoy it. And it truly is a form of self-care for me. 

Sarah [00:52:24] Yeah, I like to take. It depends on the fiction books I like when I reread Jane Austen. I don't want to plow through it. I want to like, get every joke and read every sentence. I'm reading Still Life by Louise Penny, because I want to read Louise Penny and Hillary Clinton's book, and I thought, Well, I need to read Louise Penny's like main series first, and I'm really enjoying it's like set in fall in Canada. It's so perfect for right now, even though it's a detective novel, which is not a genre I lean into, but it depends on the book, some books I savor, some books I'm like, Just tell me what happened. Like with The Husbands I was like speeding and I can. And also let me just in the spirit of full disclosure, I skim if a book is not that great and I just want to know what happens, I'm skimming. Really, really dramatically, we're talking like a couple of the first sentences of a couple paragraphs, every five pages. You know what I mean? Like, I'm just I'm just going to figure out what happened. So and yes, I will still put that book on my completed good reads list. Thank you for asking. And I don't feel an ounce of guilt about it, either. Thank you to all of you who asked. I love talking about books and reading habits, so we will put a post on social media so that we can hear about your reading habits because it's my favorite topic. I'm a child of a librarian. What can I do? Thank you for joining us for another episode of Pansuit Politics. We hope you'll check out the link for the holiday huddle and join us for that and we will be back in your ears on Friday. Until then, keep it nuanced, y'all. 

Beth [00:53:56] Pantsuit Politics is produced by Studio D Podcast Production.  

Alise Napp is our managing director.

Sarah [00:54:02] Megan Hart and Maggie Penton are our community engagement managers. Dante Lima is the composer and performer of our theme music. 

Beth [00:54:09] Our show is listener-supported. Special thanks to our executive producers 

Executive Producers (Read their own names) [00:54:13] Martha Bronitsky, Linda Daniel, Ali Edwards, Janice Elliot, Sarah Greenup, Julie Haller, Helen Handley, Tiffany Hassler, Barry Kaufman, Molly Kohrs.

The Kriebs, Laurie LaDow, Lilly McClure, David McWilliams, Jared Minson, Emily Neesley, Danny Ozment, The Pentons, Tawni Peterson, Tracy Puthoff, Sarah Ralph, Jeremy Sequoia, Karin True, Amy Whited, Emily Holladay, Katy Stigers, Nick and Alysa Vilelli.

Beth [00:54:45]  Melinda Johnston, Ashley Thompson, Michelle Wood, Joshua Allen, Morgan McHugh, Nichole Berklas, Paula Bremer, and Tim Miller. 

Sarah [00:54:57] Specifically, that it is way down, that the fewest number, is it fewer or less fewer, fewer, fewest less, Nicholas is going to yell at me which 

Beth [00:55:07] one it's I don't do that. I don't know. 

Sarah [00:55:09] My view is less less is what you can count, at least. No. So they counted. 

Beth [00:55:16] Is there a different way you could say this? 

Alise NappComment