Since 1990, the Electronic Frontier Foundation has been at the forefront of campaigning for individual rights in the digital age, and for the past ten years Eva Galperin—currently EFF's Director of Cybersecurity—has been a part of it. Before taking up the cybersecurity mantle, some of her recent work for the EFF includes an in-depth report on Syrian malware with security researcher Morgan Marquis-Boire, and contributions to the widely shared Surveillance Self-Defense toolkit. But the path that led her there, including formative years growing up in San Francisco and Silicon Valley, arose from difficult circumstances.
Born in Latvia to Jewish parents, Galperin's family were forced to flee from the longstanding antisemitism in the Soviet Union, and came to America as political refugees. After arrival they relocated to California in the 1980's, where her mother, a biotechnologist, and father, a computer scientist, found their skills in demand.
Surrounded by tech culture, the young Galperin quickly found a love for computers and the internet:
"I was online very early, much younger than the other people I knew," Galperin says in a phone call from San Francisco. "When I got online I was 12, and no-one on the internet then was 12."
As a young adult Galperin started working as a systems administrator for various companies—in her own words: "At the time anyone who understood Unix could get a job"—promising her parents that she'd go on to college if the bottom dropped out of the market.
"I was online very early, much younger than the other people I knew."
When the crash finally came, she attended San Francisco State University to study political science and international relations, hoping to go on to a graduate degree and then a career in law. While searching for a place at a law school in the local area, she took a job at the EFF's legal intake team in 2007.
"At first I had the job of taking calls from everyone who contacted the EFF and wanted us to take their case," Galperin says. "This required a couple of skills: firstly good issue spotting skills—what kind of cases the EFF was interested in and how to get this information out of panicked people. Then the other thing was trying to get lawyers for people whose cases EFF wouldn't take, but our community of cooperating attorneys might be interested in."
From there Galperin moved to the activism team, working on the landmark SOPA/PIPA campaign among others, before joining a team working against censorship in the MENA region under Director for International Freedom of Expression Jillian York. Then, at the start of this year, she announced a new role as director of cybersecurity, one where she hopes to combine the legal, technical and strategic expertise she's already racked up, particularly in the service of vulnerable populations.
"I care a lot about asymmetry," Galperin says. "A lot of security research is focused on the 'sexier' state-focused stuff, espionage by nation states against other nation states … But what I get particularly concerned about is when the surveillance might of the state is focused on people who don't have this protection, and that includes activists, journalists, more recently even scientists or lawyers."
One of the focuses of this new role will be on improving the standard of security training, which Galperin says can be well intentioned, but often fails to address the needs of the target groups. ("Infosec professionals are some of the worst security trainers that I've ever met. Why? Because they confuse demonstrating their mastery of the subject with teaching.") To this end EFF is currently working on sample curricula for security trainers, although Galperin also cites groups like Tactical Technology Collective, and figures like Matt Mitchell—also one of Motherboard's Humans of the Year—as examples of work she admires in the field.
For any would-be trainers, Galperin says, demonstrating a genuine commitment to activist groups is far more valuable than trying to influence their security practices without a prior relationship: "The best advice I can give is, show up to meetings, wash dishes, clean the floor, run mailing lists, and then let them know about your secret superpower as an infosec professional."
"Really take a moment to enjoy when you've succeeded at something rather than moving on to the next thing."
Beyond that, she encourages newcomers breaking into the field to be bold in publishing papers and pitching talks to conferences like DefCon or CCC, "because this is how we get new blood into the community."
And finally, knowing when to celebrate is important too:
"It's common for activists to burn out because the problem is infinite," she says, "So the best antidote to that is to hold onto your wins: really take a moment to enjoy when you've succeeded at something rather than moving on to the next thing."
Subscribe to pluspluspodcast, Motherboard's new show about the people and machines that are building our future.