This week on Gadget Lab, WIRED senior writer and former show host Arielle Pardes drops by to talk about how Silicon Valley has ruined work culture. Then WIRED senior writer Lily Hay Newman comes on for a conversation about cybersecurity, encryption, and the hacker’s mom who infiltrated a prison.
Lily recommends Dangerzone, an application made by Micah Lee that checks PDFs for potential malware. Lauren recommends the book Whistleblower by Susan Fowler. Mike recommends Acid for the Children, a memoir by Red Hot Chili Peppers bassist Flea.
Lily Hay Newman can be found on Twitter @lilyhnewman. Arielle Pardes is @pardesoteric. Lauren Goode is @LaurenGoode. Michael Calore is @snackfight. Bling the main hotline at @GadgetLab. The show is produced by Boone Ashworth (@booneashworth). Our consulting executive producer is Alex Kapelman (@alexkapelman). Our theme music is by Solar Keys.
You can always listen to this week's podcast through the audio player on this page, but if you want to subscribe for free to get every episode, here's how:
If you're on an iPhone or iPad, open the app called Podcasts, or just tap this link. You can also download an app like Overcast or Pocket Casts and search for Gadget Lab. If you use Android, you can find us in the Google Play Music app just by tapping here. We’re on Spotify too. And in case you really need it, here's the RSS feed.
Michael Calore: Let's do it. All right, everybody ready? All right.
Lauren Goode: [laughing] OK. Sorry!
MC: I'm just waiting for you to stop talking.
LG: One, two, three, serious!
[Intro theme music]
MC: Hi everyone. Welcome to Gadget Lab. I am Michael Calore, a Senior Editor here at WIRED. I am here with WIRED Senior Writer, Lauren Goode.
MC: And WIRED Senior Writer Arielle Pardes.
Arielle Pardes: I'm back!
MC: I know. How long has it been?
AP: It's been a couple of episodes for sure.
MC: Yeah, a couple.
AP: It's been at least a couple of months I think, and now I look forward to the tweets and the fan mail we'll inevitably get where people will say, "I couldn't tell the difference between your voices."
LG: I love getting that feedback.
LG: I really do.
AP: Let's just intentionally confuse them.
MC: I never get that feedback. My voice is totally unique, highly unique. I sound like absolutely nobody else. Well Arielle, it's great to have you back on the show after what feels like a year of you not being here. Later on we're going to be joined by WIRED Senior Writer, Lily Hay Newman, who is going to be bringing us up to speed on what is the haps with the security industry. But first we're going to talk about a story that you wrote this week on WIRED.com called Silicon Valley Ruined Workplace Culture. It's all about how the laid back atmosphere of startup offices is taking over other workplaces outside of the technology industry. You argue that this kind of low key environment has made it harder to separate work from our personal lives. Tell us more.
AP: Sure. There was a time, 10 maybe even 20 years ago when having perks like free food in the office or a nap room felt really novel and really uniquely tech. I remember the first person I knew who worked for Google telling me about the perks that they received at the Google campus in New York and just feeling like, "Wow, I cannot believe that an office could be like that. A place that's fun, a place where people are well fed, a place where you could get beer on tap and maybe even jump in a ball pit." Of course, this is kind of like a parody of what Silicon Valley is like, but this idea has really caught on and has spread not only around the tech industry where now Google's culture is the hallmark that spread to many other companies, but it's also spreading much, much beyond the tech companies and much beyond California. Do you think this is a good thing?
MC: No, not necessarily. Because part of the thing that you illustrate in the article pretty clearly is that these changes have really eroded the work-life balance and that's something that I am against.
AP: Yeah, I think a lot of critics of this type of work culture, which I very much associate with Silicon Valley, but maybe there's a better term for it, is not something that's actually in worker's best interest. So offering someone free food or a chance to take a nap, or even spend some of their time doing something that's not work related might seem on its face like something that is very much for the worker's benefit. Unlimited vacation is another one of these examples, where it seems like something that would only benefit the employees. But a lot of critics of this culture will point out that it actually creates an environment where people are staying at the office much longer, where they have much less time to themselves outside of work and where their identities become entirely flattened to just their persona as an employee.
So there is some hard data around this. Unlimited vacation is a great example, where companies that have unlimited vacation policies have found that their employees actually take less time off. But there's also some soft data where people who are working in these types of companies, especially who are coming from other industries have noticed that it actually really just flattens your sense of who you are and what you can do outside of work. And I think that's bad.
LG: It's interesting you say that because I'm currently reading Susan Fowler's book called Whistleblower and Susan Fowler, for those who don't know was a Site Reliability Engineer at Uber. She had a pretty negative experience working at Uber and after she left, wrote a blog post that along with other news reports that were coming out around this time period, this was back in 2017 eventually led to Uber completely restructuring, Travis Kalanick, the CEO was pushed out. So she was a very influential person in the changing tides of Uber.
But one of the things that she talked about is when she first joined walking around and the person who's giving her the tour saying that the engineers get dinner at night. And you're thinking, "Oh." Especially if you're young, you're not making that much money perhaps, you're living in an expensive city and you're thinking, "Great. Dinner." But dinner was served late specifically to keep people waiting around and working late at night. So there's this melding of our work and personal life that happens. Sometimes and it's not just like a special occasion thing, sometimes at these companies, the way that the incentives are set up or structured is so that you are always there so that you never leave your desk, that you never leave the office, that you're working until 9:00 o'clock at night. And once that starts to happen repeatedly over time, you basically eroded your personal life.
AP: Yeah. And so in addition to Susan Fowler's memoir, a lot of people have been talking about Anna Wiener's memoir, Uncanny Valley, which is also a closeup look at what it's like to work in startups in the Bay Area. And there's this great chapter where she talks about how some of these policies that seem really generous actually work against employees. And one of the examples she gives is a company that has a name your own salary policy, which seems really nice, but actually led to a pay discrepancy between men and women engineers that was so big, some female engineers ended up having to get corrective salary changes up to $40,000. So these things don't always benefit employees in exactly the way they're intended to, and in some ways I think are very much designed just to benefit employers.
There is a big criticism of some of these types of workplace perks that makes the point that the person benefiting at the end of the day is the investor who is making all of the money and the workers who are persuaded into this ultra productivity hustle culture are doing so not for their own benefit, but to the benefit of the person funding the company.
LG: Right. Unless they have massive amounts of equity. But even then you could say that some of these cliche work policies are in fact benefiting the employer even from a marketing perspective. Because for example, Amazon may have a culture of like bring your dog to work every day, or I don't know, free bananas everywhere or whatever their thing is. But we know that some of these policies are inherently classist because that's not the way that workers experience Amazon if they're working at the Amazon fulfillment centers, it's a vastly different experience from corporate than it is in let's say a warehouse fulfillment center, a data center, if you're a delivery driver. But the companies have the benefit of saying, "Look, we have foosball or Flex, work from home." But that actually only applies to a certain category of employees in many cases.
MC: I'm more in favor of perks that instead of the ones that keep you at the office, they make it easier for you to get there and easier for you to do your job. So for example, like snacks are nice and everything, but for all the money that they spend on providing dinner to people, if they stay late or if they have an open vacation day policy, they should do things like provide free daycare for people who have children and they can bring their children to work and their children can hang out at daycare at work, and then they pick them up and they drive them home.
Or transit vouchers, things that make it easier for people to commute in because they can get like a free train ticket or a free bus pass from their office. Those types of things are more inclusive and benefit not everybody, but they benefit the people who need it the most. And they take a big chunk of pain out of getting into the office and doing your job.
LG: I have to say personally, I did work for a company at one point that had an unlimited vacation policy and I really liked it. But I don't think I took advantage of it, and please anybody who worked with me for that three to five-year period, if you feel like I did, get in touch with me. I really don't think I did, but there was something about knowing that I was sometimes working on really intense projects and sometimes that required some nights and weekends, and sometimes these things would go in phases. Especially in our job, we know when conference season is, or I would start a new video project and I knew that would take up the next eight weeks or whatever it might be.
Knowing that at the end of the tunnel there was perhaps some time off waiting for me, that I didn't have to like count the hours of the days and go, "Oh, can I take those full four or five days off?" Just knowing it was sort of open. I mean I felt liberated by it and I imagine that people to your point Michael, maybe who have greater responsibilities, or people who are raising families at home and are like, "Well, I've got to work around a whole variety of different schedules." I don't know, I found that to be very motivating. At the same time, I could also see how in extremely pressure filled environments, it's not necessarily managers who are pressuring you not to take time off, but it could be your peers.
It can create a social structure where you are expected to just be there all the time because that's what "everyone else is doing". Yeah, and to be sure you know, not everything about these perks is bad. That would be painting with far too big a brush. I talked to some companies who are located outside of Silicon Valley and outside of the tech industry who are modernizing their workspaces in the style of tech companies. One of them is Cargill, which is a major food distributor, and they told me they've taken lots of trips to the Valley and have been very inspired by things like open offices and remote work plans. And I think that's great. I don't think that necessarily means that they're an evil company now or that their workers are going to be overworked. I think it's fantastic that they're exploring things like video conferencing so that their workers can be at home some of the time. I think where it gets tricky is when the incentives for an employer sometimes overshadow the things that are actually good for an employee.
MC: Yeah. And I think part of that is the technology that they use, which is a weird thing where Silicon Valley is influencing workplace culture, even for remote workers and even for people who are taking time off. Because with the proliferation of tools like Slack and remote calling like 8×8, and I forget what the Microsoft equivalent of that… Oh Skype. That's right, Skype. There's this expectation that even when you're off or even when you're off hours if you work in an office that is like three hours offset from the main office or the other way around, people can still reach you. My phone starts lighting up at 6:00 o'clock in the morning when my colleagues in New York show up to work and start asking me questions, and I'm like, "It's 6:00 o'clock in the morning."
So you have to set a boundary in order to not be sucked into this sort of cyclone of working all the time, and that's something that, "what hath technology wrought?" Well, it's made us always on in both good ways and bad ways, and it's absolutely terrible that you know, my colleagues can Slack me at 9:00 o'clock on a Tuesday and then expect me to answer right away and not save it until Wednesday morning.
LG: I think that goes back to what Arielle said to you about who is this really benefiting, and oh right, it's investors. I think that in any organization, and you could say like whether they're investors in a startup or they're the boss at a 100-person organization or whatever it might be, there are different levels of stakeholders. And so sure, if a stakeholder says, "I want to be up answering email at 6:00 o'clock in the morning and taking work calls at 9:00 o'clock at night across different time zone, if you're like a big stakeholder, in some regards, right? I'm using that loosely. Maybe that makes sense for that person, but you just can't expect everyone else is going to feel the same way.
MC: Yeah. All right well Arielle, thanks for coming back on the show. It was great to have you.
AP: Thanks for having me.
LG: Everybody go read Arielle's story on WIRED.com because it's really good. It was the most popular story this week.
MC: It's still rock and rolling.
LG: It is.
MC: And we'll have you back very soon.
AP: I look forward to it.
MC: Great. We're going to take a quick break right now and when we come back we're going to talk about security with Lily Hay Newman.
MC: Welcome back. We are now going to talk about what's happening in the world of security, and joining us in the studio is WIRED Senior Writer Lily Hay Newman. Hi Lily.
Lily Hay Newman: Hi. Thanks for having me.
MC: Of course. Thanks for coming on the show. Flying all the way here from New York where you're normally based.
LHN: It was all for this.
LG: It's funny when you said Lily Hay Newman, it sounded like you're saying Lily hey, Newman. Yes. Hey Lily Newman, hey.
LHN: Okay. What's up?
MC: It's built-in. But you didn't come out here just for the show, you're out here in San Francisco for the week for the RSA Cybersecurity Conference. Tell us more about what the conferences who attends and what happens there.
LHN: Yeah, RSA is a huge conference in the security industry and it's really much more corporate than a lot of the other regional security conferences that go on throughout the year. This is a place to see and be seen for all the security companies and the industry as a whole to kind of get together, make deals, show off products. There's definitely a CS vibe to the expo floor, but there's also research that's presented at the conference and panel sessions and things like that. So it runs the gamut, but definitely the trademark or hallmark of RSA is the corporate element.
LG: So it doesn't have the same level of hacker credit that's something like Black Hat or Defcon or those conferences where people go to show off these hijinks that they've been working on for a while.
LHN: Right. Yeah. Not as much colorful hair and fun outfits and everything. But still I think a lot of hardcore people do end up at RSA but it's just because of their industry commitments. So there's still a lot of good people there, it's just sort of not the same type of fun hijinks.
LG: Encryption is typically a big topic at conferences like RSA and it's just been a big topic in general lately even at our own Ward 25 Conference last fall we had folks on stage, like Brian Acton from a WhatsApp and Chris Cox, formerly of Facebook. And Neuberger also, Nick talked a lot about encryption with her. What's the general sentiment towards encryption at a conference like RSA?
LHN: Oh, well at a conference like RSA, the sentiment towards encryption is incredibly positive. RSA always has a cryptographers panel every year, which is one of the big highlights of the conference where Titans of the cryptography industry movement, whatever you want to call it, all get together on the panel. So, yeah, in setting an environment, it's a really pro encryption group and space to be, but like you're saying, definitely there's more and more awareness about the other perspectives that are out there or the problems that encryption is facing or the pushback. So I think that there's an influence at the conference of worrying about that, thinking about that, grappling with that.
MC: What I think you're talking about is the renewed push by the justice department to force tech companies to build backdoors into encryption on consumer devices. Is that right?
LHN: Yeah. Consumer devices, consumer products and global efforts to undermine encryption in the name of law enforcement access. So there's a law in Australia, there's a movement in the UK, and so all of that international movement, there's also a discussion in India. I think it starts to feel like the walls are closing in a little bit at a place like RSA where everyone is kind of on the same page, but feeling this external pressure.
MC: So is that going to happen? Do you think that governments around the world will start to be able to gain access to people's private encrypted communications and break into their encrypted devices because of backdoors?
LHN: It certainly looks like it's moving in that direction. I hope it's not the case based on what we understand about the protections that encryption provides to people worldwide and the disadvantages of undermining it even as there are some advantages allegedly from law enforcement's perspective. Yeah. So I hope it doesn't happen, but it seems to be moving into that direction, and the fact that multiple countries are interested in it and passing laws, that's what really starts to create the problem because companies like Apple and more recently Facebook have tried to use their position of power to really push back and say, "No, this is a crucial user safety issue. This is a global safety issue."
But you can't just pull out of markets left and right where your products are now illegal or where you don't want to comply with certain law enforcement requests. I don't think that is going to be realistic from a capitalist market share standpoint. So I worry about the direction things are creeping in because eventually that power that the companies are trying to wield is limited by their weakness, which is that they need to make money.
LG: Is that what these companies are about? They want to make money?
LHN: Oh yeah. I came on the podcast to drop that knowledge.
LG: Oh, we should do a whole podcast about that. Thank you. So that's going to be a story. I'm sure you and the other members of our WIRED security reporting team will be covering really forever.
LG: I hate to break it to you, Lily-
LHN: And we're on it!
LG: But I wanted to ask you about another story that you wrote about this week about a hacker, a penetration hacker, is that what it's called?
LHN: Penetration tester.
LG: Penetration tester. Okay. Sounds dirty, it's not. Who sent his mom on a special mission. This is a fantastic story. Talk about this. What is this about?
LHN: Yeah, this is a really fun story. So penetration testers are ethical hackers who get hired to try to either break into a physical space or break a product or look at your digital tech and find the weaknesses. But they're not doing it for bad reasons, you're asking them to do it and paying them to do it so they can find the flaws before real bad guys do and give you a chance to fix them.
So this penetration tester, his mother had been in food service for many decades and then wanted to retire and move away from that and became the chief financial officer of his security firm, his penetration testing firm. And she was just loving what she was hearing. She was hearing all these stories from his colleagues, and had heard over the years about what he did. And she said, "I want to try to break into something. I want to get in on the action." And he wanted to be supportive of that and thought it was a cool idea so she posed as a health inspector, a South Dakota State health inspector, and went and tried to break into a prison that they had a contract to pen test to try to find weaknesses in the physical security and digital security of the prison.
So it's illegal to impersonate a health inspector, do not do this on your own, but in the context of a contractual agreement for pen testing, on the premises of the facility and whatever, it's fine. So she used all her past knowledge of food service to do a full health inspection of the facility. She was swabbing, she was doing temperature checks, but she also just sort of said, "Hey, as an inspector I also need to see everything, because I need to check for mold. I'm going to check for humidity everywhere, and look for if there's food out or unsafe conditions." So she got to go to the network operations center where all of the sort of hive mind of all the computer defenses is located and also the server room. And she was just deep into this meanwhile-
LG: And she's inserting USB sticks the whole time.
LHN: Right. So meanwhile she's not a technical hacker, right? The whole point is that she had this idea of how she could physically gain access to this space, but she wasn't going to be able to do the technical components of the hacking that you might do during a pen test. So they had given her these little USB sticks called rubber duckies that you can plug in and get a remote access out of that. It starts beaconing out to whatever computer it's been set up to talk to remotely over the internet. So they had all these rubber duckies set up to beacon out or call out to her colleagues who are set up off the premises. And so she was giving them access into the prison's facilities to be able to do the technical part while she was just going deeper and deeper and deeper. And then do we want to spoil the end?
LG: We should tell people to read your story.
LHN: Okay. Well, she got so deep, there's like a really exciting own at the end.
LG: And sadly, this woman whose name was Rita Stran, she did pass away. I'm not spoiling the end.
LHN: No, that's of course not the exciting end. That's the sad part.
LG: Yeah. This was back in 2016. She did this in 2015 you said, or 2014?
LG: And then she died in 2016. But it sounds like Rita had some real talent for this sort of thing.
LHN: Totally. And I think from what I understand from her son, she definitely would have wanted to do other pen tests if she had been able to. And yeah, I think the story really illustrates how if you have a clipboard and some confidence, you can talk your way into a lot of stuff. And if companies and government institutions and organizations aren't thinking about that possibility, what hackers call social engineering, for someone to just come in and say, "I have the authority to be here and I'm going to roam around." You're really screwed. But you can totally understand how it happened.
I mean, the guards at the door, they were trying to do their job. They were trying to comply with what they thought was an authority figure from the state. So we understand how it happened, but it's just a really fundamental weakness.
LG: Do you think it says anything perhaps about these guards? I don't want to say they're biased, but how they perceived a woman approaching the prison saying, "I need to inspect something." Versus perhaps a man.
LHN: Definitely possible. There was an anecdote that I didn't put in the story about how Rita decided to call the Network Operations Center, which is NOC. It's usually called a Noc. She kept calling it a nook, which also sounds like nuclear weapon, which is weird, meaning like N-O-O-K or something. She kept saying, "Where's your NOOK? Where's your NOOK?" Because she thought it would play into this idea that she wasn't too savvy and she didn't know too much she was just trying to do her job as a health inspector.
So definitely possible that she was sort of riding on all of that to subvert people's expectations. But I think unfortunately security is still a male-dominated industry and most pen testers are men and they rock it out too, you know, get in all sorts of places. So yeah, that type of thing is definitely a factor, but it also is just a blind spot we all have when it comes to physical in-person confrontation and sort of perceived authority and pushing back against that or asking more questions without seeming rude. Yeah, it's something in that area.
MC: Well that's fascinating and I definitely encourage everybody to go read the story that you wrote about it on WIRED.com. And also all of the coverage that you've been doing this week and in perpetuity of everybody trying to keep us safe and the people that they are fighting.
LHN: Thanks. Yeah, stay safe out there everyone.
LG: Lily, are you going to do a join us for recommendations?
LHN: Yes, I do have a recommendation.
LG: All right. Hold that thought. We'll be back after a quick break.
MC: All right. Welcome back, Lily. Let's start with you. What is your recommendation?
LHN: Okay. My recommendation this week is for a product called Dangerzone. It's not really a product, it's a tool that's being released from Micah Lee who is the Director of Information Security at The Intercept and he has a history of doing cool projects like this. What Dangerzone does, is it's an application for your computer that scrubs PDFs. When you get like an attachment in an email or something, it sandboxes it, quarantines it and then goes through and combs for the malicious types of things that can be embedded in PDFs and cleans everything out and then spits out a version for you that you can be a lot more confident it's safe. And I just think that's a really cool tool. It's something everybody could use. Just have it hanging out on your computer. Just use it occasionally when it comes up. And I think he's releasing it in the next few weeks and just seems like a quick, easy way to be a little more secure.
MC: Does it work with Gmail attachments?
LHN: Yeah, I think so.
MC: Yeah. Things stored in like Google Drive.
LHN: Yeah, I think you can run anything through it, but I think it's local.
MC: Okay. Like I download it and it scrubs it when it downloads.
LHN: Right. It's not like a Chrome extension or something.
LHN: And the reason I wanted to recommend this in addition to the fact that I think it's really cool is that we have a story about Dangerzone on WIRED.com today. And so if you want to hear more about it, you can check it out there.
LG: That sounds really useful.
LG: What's your recommendation, Mike?
MC: I am going to recommend a memoir. It's a book called Acid for the Children and it's written by Flea, AKA Michael Balzary. He's the bass player who you may know from the Red Hot Chili Peppers. And he was also for a time the bass player in Jane's Addiction, but he's Flea from the Red Hot Chili Peppers. So he wrote this book about his childhood, about his birth in Australia, and then his move as a young kid to Los Angeles. And going to high school there and just being like a free spirited kid in the world of 1970s Los Angeles. The book ends when he joins or starts the Red Hot Chili Peppers with the other people in the band. And I grew up worshiping Flea because that's also my instrument, I also play the bass and I played guitar as a kid. And I grew up worshiping this guy because in all of the dude surfer bands, there were some that had really exceptional musicianship and Flea was one of those people. He's a fantastic bass player. He also is a classically trained trumpet player. He's played in symphony orchestras as a trumpet player.
LG: Wow. I had no idea.
MC: So this book is really about his own birth as an artist and what artistic expression means to him. It's also just filled with tons of crazy stories and really just reminds you of what it was like to be a kid before the always on world. When you just left the house and you came back when the sun went down, when you got hungry. It's just a wild ride and really emotional. He is a fantastic writer. There are a lot of rock-star bios out there, but this one is just A+ writing. It's really good. So highly recommended Acid for the Children.
LG: Sounds like it really makes you tick.
LHN: What does that mean?
MC: I don't get it.
LG: Flea! Tick! Like should people jump to read it? I know, I'm itching to read it.
LHN: I thought you meant it was like keyed up.
LHN: Ticking like it's a bomb.
MC: I think people should take a bite, yes. What's your recommendation, Lauren?
LG: Oh, I look forward to bad puns. My recommendation this week is a book called Whistleblower: My Journey to Silicon Valley and Fight for Justice at Uber by Susan Fowler. I referenced this earlier in the podcast when we were chatting with Arielle about her great story this week. Susan Fowler, like I said, was a site reliability engineer for Uber. During that time, she had a pretty negative experience at Uber. She ended up writing a blog post after she left the company that really just shook things up. And this is her memoir, and I'm not totally done with the book yet, but what's interesting is that the first six chapters or so are really about her life pre Uber, which I found very interesting. I had not known all that much about her before and then she goes into her experience at Uber and we sort of know what happens there.
But there are just more details I think, and it really underscores some of the cultural issues that exist. Not only Uber, but in Silicon Valley tech companies more broadly, and I think really sort of shows the importance of having people who are of strong character, who are willing to stand up to some of the things they see going wrong at these companies and speak up about them. So I'm enjoying it so far. I happen to see Susan speak this week at a bookstore in Silicon Valley about the book, and yeah, I recommend reading it if you haven't gotten a chance to yet. Steven Levy also wrote about it for WIRED.com if you want to go read that.
MC: It sounds like a great followup to Super Pumped by Mike Isaac, which we talked about last year when that book came out about Uber and Travis Kalanick.
LG: We did. We had Mike on the podcast, which was really fun. He came back to WIRED for it.
LHN: So this is like the other side of all the hijinks.
LG: Yeah. Not necessarily another side of it, but she expounds upon her experience. She wrote this 3000 word blog post and she said she realized that maybe that was leaving out some of her own personal experience at other places, for example, or her experience growing up that were very formative experiences in her life. And yeah. So anyway, I recommend it. Whistleblower.
MC: Whistleblower by Susan Fowler. Great recommendations everybody. And that means that that's the end of our show. So thank you for being here, Lily. We really appreciate it.
LHN: Yeah, thanks for having me. It's so much fun.
LG: So great to have you on.
MC: Thanks to Arielle Pardes for being here for the first half of the show. And thank you all for listening. If you have any feedback, you can find all of us on Twitter. Just check the show notes. The show is produced by Boone Ashworth. Our Consulting Executive Producer is Mr. Alex Kapelman. Goodbye, and we love you.
Boone Ashworth: You actually said that?
LG: I love it!
MC: I told you, I'll say anything that you put in the script.