Though an oft-spoken mantra in the field of information security, it is worth repeating: security is a process, not a product. Sometimes, you have a major cyber security issue that is not going to be addressed by any tech product and whose only solution is a process that everyone must be involved in. Today, that cyber security issue is GamerGate.
What is GamerGate? GamerGate is an ongoing and sustained campaign of online harassment directed at individuals who are accused of “attacking Gamer culture”.
The story begins when game developer Zoe Quinn made an unconventional game called Depression Quest that generated some positive buzz for how it helped to raise awareness of some important social issues. This was quickly derailed after her ex-partner wrote several blog posts that, among other things, accused Ms. Quinn of cheating on him with a game journalist and further, that she was doing so in exchange for a good review on her game.
The claim about the quid pro quo appears to be false but a conspiracy was manufactured anyway and Ms. Quinn became the first target of GamerGate. The ensuing campaign targeted, among others, media critic Anita Sarkeesian (who, sadly, is no stranger to this type of harassment), game developer Brianna Wu and, most recently, actress Felicia Day.
That misogyny has implications for cyber security is not news. 2014 saw the largest hack of celebrity accounts and the targets were almost all female. Emma Watson spoke on the topic of feminism before the UN and was hit with a threat to release nude photos of her. And that story? Written by Jessica Valenti, who herself was the target of online sexual harassment. I’m restricting myself to examples from this year because otherwise, I could go on. For a while. It can be very depressing.
The role that misogyny plays in online harassment was recently quantified in a PewInternet survey:
Young women, those 18-24, experience certain severe types of harassment at disproportionately high levels: 26% of these young women have been stalked online, and 25% were the target of online sexual harassment. In addition, they do not escape the heightened rates of physical threats and sustained harassment common to their male peers and young people in general.
Technology can’t solve this problem, not least because tech companies still possess the ability to be profoundly clueless about these issues at times. Set aside the sparkle and specter of the technology and break the issue down to its fundamental components and you will find a cyber security threat that everyone can help to solve.
If you take one thing away from my many blog posts an obnoxious emails, it is this: we can all play a role. There are some who suggest we start thinking of cyber security in the same way we think of public health. You don’t have to be a doctor to play a role in controlling pandemics and you don’t have to be a technology expert or gaming aficionado to see that GamerGate is not a good thing.
Anita Sarkeesian has some good advice: “Listen and believe”. The mechanics of victim blaming may play out differently in a cyber security context but the fundamental problem is still the same and the technology used shouldn’t distract us all from the fact that this is a problem we’re familiar with and we all have a responsibility to see to its solution.