Dr. Victoria Baines on her journey to cybersecurity, digital surveillance, ethics, and the future of
Dr. Victoria Baines is a former law enforcement intelligence analyst who spent years investigating and analysing cybercrime and child exploitation. She is one of the leading experts, authors, and researchers in cybersecurity, a regular contributor to BBC, CNN, as well as other major media on digital ethics, cybercrime, and the misuse of emerging technologies.
Baines is the Principal and Founder of Cartimandua Insight, a resource that helps governments and technology companies navigate global cyber-diplomacy and online safety issues. Have you ever heard of the Cyber Warrior Princess podcast? Dr. Baines co-hosts the award-nominated podcast and helps demystify cybersecurity. Victoria is a graduate of Oxford and holds a doctorate in classical literature and is a Visiting Fellow at Oxford and Stanford universities.
In this interview, we delved into Victoria’s path to cybersecurity, her thoughts on electronic surveillance, remote work, and women in the industry.
Studies and getting into cybersecurity
“My background is in linguistic analysis, specifically ancient languages and my Ph.D. is in Roman literature. I spent the best part of 10 years studying Latin and satire,” she says.
After her graduation, Victoria spotted an intelligence analyst job ad for the police in the local newspaper and was intrigued. “It was a job that nobody ever told me about at university. During the interview, I was given a huge pile of intelligence reports and had 40 minutes to go through it, make sense of it, and then present how the crimes were committed. I had to find intelligence gaps, and propose what we should do about it. I was hooked,” remembers Baines.
“I started my career as a higher intelligence analyst working in Surrey Police. After I became a principal analyst at the Child Exploitation and Online Protection (CEOP) command which is now within the UK National Crime Agency, then I moved to Europol. At Europol, I wrote the threat assessment on cybercrime and got involved in designing the European Cybercrime Centre (EC3). From there I went to work at Facebook and was the point of liaison for law enforcement in the security services at Facebook. My journey into cybersecurity was a series of not very deliberate sideways moves and the path wasn’t straightforward,” says Dr. Baines.
“My journey into cybersecurity was a series of not very deliberate sideways moves”
Thoughts on digital surveillance
The leading events of the past months led us to discuss some elements of digital surveillance. But what is the role of tech companies providing these types of solutions? Victoria believes that issues around digital surveillance are changing every day and everyone has to take more responsibility for it.
“Society is waking up to the extent to which they are under surveillance. Some high profile tech providers pulled out of providing facial recognition due to technology being used to promote discrimination and racial injustice. Previously, tech providers tried to remain neutral saying it's not their fault the platforms are misused and they can't be responsible for what people do with their solutions such as facial recognition. When companies pull out of those partnerships on an ethical basis, it means that they now recognise having ethical responsibilities. That puts a greater focus on tech companies to act responsibly. It’s a move away from what we've had until now when it's been a lot easier for tech companies,” says Victoria.
"Society is waking up to the extent to which they are under surveillance"
The role of encryption
And what about an end to end encryption? Digital surveillance doesn’t go without mentioning end to end encryption. When talking about an end to end encryption concerning technology and electronic surveillance, Victoria finds it to be a tough topic. Mostly because, she says, both parties are well-meaning.
“Tech companies want to provide end to end encryption because everybody should have the best security available and the market demands it. Law enforcement and some government agencies think that the tech companies act irresponsibly if they introduce end to end encryption. What I don't think helps is when governments hit tech companies with big sticks to try and get their way, particularly when they don't necessarily understand how impossible it is to have a safe backdoor to encryption,” she says.
“One of the things that I see in the political sphere and what I call cyber diplomacy is that tech companies try to operate globally and try to have a single policy for what's allowed. For example, a company like Facebook is under fire for working towards an end to end encryption for all of its users in whatever country they may be. But if you're the UK Government, you need to protect your citizens in the UK. So you’re flexing your national sovereignty as if the internet is not a global thing. I think it's an existential tension between what national governments and global platforms have to do. Governments are making very public statements, implying or stating very clearly that tech companies have been irresponsible, failing to protect children, failing to prevent terrorist attacks, and things like that. When Facebook started, it couldn't have thought of the bigger implication of what kind of impact it could make 10 years later,” thinks Baines.
The role of innovation
This raises some philosophical questions about innovation. “We see this in the debates around Huawei involvement in 5g infrastructure in the UK. Some of the political statements have been made saying we can build homegrown technology when homegrown technology is defunded to make a business decision to get cheaper technology. If security had been the first thought, the homegrown technology would have been funded 10 years ago. Everything is cyber now,” says Victoria.
Being in information security is hard not to get pulled into political issues. “It became mainstream and everyone has an opinion. If we relate this to digital ethics, there's way more to cover now for cybersecurity professionals or businesses because they have to be more ethical,” adds Victoria.
“There's way more to cover now for cybersecurity professionals or businesses because they have to be more ethical”
Where is the future of work moving to?
When we discussed the future of work, Victoria thought that a lot of people won’t want to go back to the office.
“It’s going to be more difficult for those who have not been enabled to do everything from home. People might not have antivirus on their laptops at home and they might use the same password for everything. This should be a wake-up call to bring us back to basics about how we inform citizens about cybersecurity,” she says.
The fact that many people don’t practice healthy cyber hygiene might be influenced by how we talk about cybersecurity. “Intimidating images of a scary faceless guy in a hoodie, hiding behind a cascade of zeros and ones like Grim Reaper who's going to come and take you to the underworld. This doesn’t make ordinary people feel like they can engage with cybersecurity. We have to do this differently and get closer to people working from home. Sharing advice on remote working is good but we need it on TV because not everybody is the Netflix generation,” says Victoria.
"Sharing advice on remote working is good but we need it on TV because not everybody is the Netflix generation"
“Some of our most vulnerable people from a cybersecurity perspective, are people who don't do everything online. But now they have to use a VPN to access sensitive information. If we want to get those people on board, why don’t we brand it not as a cybersecurity course where you get scared of everything that happens online, but instead talk about digital empowerment where you can get people to feel comfortable with it? We don't want people falling for scams, we don't want people downloading ransomware. We want people to have an up to date antivirus and it shouldn't be the big turn off from the start. It should be part of wider digital citizenship. If we have a larger remote workforce in the future, there's a need for a national package of all the needed digital information not forgetting the element of mental health,” says Victoria.
"If we have a larger remote workforce in the future, there's a need for a national package of all the needed digital information not forgetting the element of mental health"
Will remote work help more women to thrive in cybersecurity?
"Flexible working hours and having women in cybersecurity don't make it a female-friendly industry. It's about creating pathways for women to become leaders in the industry. We need to see a more understanding workplace, ” says Victoria.
"Flexible working hours and having women in cybersecurity don't make it a female-friendly industry. It's about creating pathways for women to become leaders in the industry"