Dismantling Security Controls in the Name of Advancing Tech
Uber pulled out of Corpus Christi, Texas a couple of weeks ago. They are threatening to pull out of Austin if the vote in May goes against them. Venture capitalists are saying that Austin’s city council is “too hostile” and anti-tech because of the desire to regulate tech-enhanced old business the way that traditional old business is regulated. If you somehow haven’t heard, the debate in Austin (and elsewhere) is about whether security practices around hiring Uber/Lyft drivers should be the same as security practices around hiring taxi drivers. Effectively, Uber and Lyft are using their market clout to weaken security practices around only their own taxi services. Whenever cities don’t go along, they pull out and let the resulting market backlash force the city governments into weakening security. To do anything else is “anti-tech”.
This is a sad, sad state of affairs because it reveals the essence of why Internet security sucks. If you believe that continuing to require fingerprinting of drivers is “anti-tech”, then it follows that parts of the tech industry view even minor investments in security processes as “anti-tech”. At the very moment when security people are saying that Uber and Lyft should “build security in”, they are using their market clout to get security out claiming that the traditional security practices are too expensive.
The Uber driver mass shooter made all the news, but it wasn’t until then that I saw the reports of at least three Uber drivers raping their young female passengers and the reality is that there have been many, many incidents. This is not an academic issue, this is not a matter of the pain of recovering from identify theft, this is a matter of violent personal crime. If it is “anti-tech” to continue to require the simple security protocols of the pertinent industry, then I wonder whether the tech industry will ever have the will to solve the greater security problems. At the risk of touching the third rail and will full awareness that not all women agree with me on this issue, I will say that if ever there were an issue which shows the damning effects of insufficient diversity in the tech industry, then this is that issue.
It should go without saying, but of course someone will mention it if I don’t – no one security control will solve all security problems and that is certainly as true of fingerprint based background checks as of any other security control. I am not claiming that none of the Uber/Lyft security incidents would have happened if fingerprint based background checks were in use. I am arguing that rolling back the security protocols of the taxi industry is ill considered.
As a mother of young daughters and as an advocate for security in the tech industry, I hope that we will not continue to follow the path of convenience at all cost.
P.S. Since this is a more political and contentious issue as most, I will remind you that as always on my personal blog, opinions expressed are my own.