I’m a teaching assistant for Berkeley’s undergrad computer security course, and I was given the assignment to prepare a week of section material for the class. This section would be on the details of TLS. After rigorous searching, I was unable to find any diagrams accurately describing the TLS handshake. The diagram didn’t need to be perfect, and it certainly didn’t need to describe every possibility of error during the handshake. But it should at least be accurate. The best diagram I could find omitted “mod p” from the Diffie-Hellman parameters, said the client and server sent hashes instead of MACs, and didn’t describe the separate encryption and integrity keys that were derived from the premaster secret.
So, I decided to make my own diagram. Forgive my crude LaTeX, but the diagram does its job.
On November 7, 2016 I knew what the next 5 years of my life would be. I was going to graduate in May from the University of California, Berkeley with a double major in Computer Science and Arabic. I would get a masters in CS from Berkeley in May of 2018 and then return to the National Security Agency to work for the next 4 years. On November 8th, I had no idea what would happen.
I was a member of the Stokes Scholarship program for the NSA. The government paid the majority of my college tuition, and in exchange I spent my summers interning for the Agency yand after graduation (and 1 year on leave without pay) I was obligated to work for the NSA for 4 years. The program was an incredible opportunity. I accepted the offer in May of 2013, just after the Snowden leaks began. At the age of 17, I committed the next 8 years of my life to an institution which was deemed a threat to civil liberties by people all around me. I decided to attend orientation at the Agency before determining if I would stay in the program or not.
I remained conflicted even after the orientation, but I was too fascinated to quit. The work was too interesting to leave, and I knew I would regret it if I never gave myself the opportunity to learn. So I stayed and interned for 3 summers. I loved the work. I loved studying computer security with some of the most elite minds in the field. I built software that mattered, that had the potential to save lives and livelioods. The ethics of my work weren’t black and white. I felt a lot of guilt for enjoying my job as much as I did. There are clear problems with the military industrial complex using bulk data collection to control and target individuals. The casual Islamophobia of my coworkers, people I thought of as friends, was sickening. This racism is not excusable because of the need for security. I believe reform of the Agency’s domestic surveillance (either advertantly or inadvertantly) should occur. I think the culture within the Agency needs to shift. But I also think there are violent threats, which often cannot be stopped without signals intelligence captured by the Agency. I think these benefits are more defensible thna goinng to work in finance. I believed I was doing more good at the Agency than I could elsewhere.
In my third summer, I signed up to join the Computer Network Operations Development Program, an alite, 3-year training program for hackers and defenders. This had been my goal since my first summer, and I was thrilled to achieve it.
But after the election of Donald Trump, I cannot return. I’m terrified of the threat he presents and I am sickened at the thought of working under him. If Marco Rubio, or John Kasich, or Jeb Bush were elected I would have gritted my teeth as I passed their picture in the hallway, but I would have continued to do my job. Trump is categorically different. I’m scared that the vast powers of the NSA will shift to primarily and intentionally targeting Muslim Americans and illegal immigrants. Years from now I can’t tell my kids that I was working in the DOD during Trump’s tenure. I cannot serve him. I was good at my job and I loved the work. But because of President Trump, I cannot work at the NSA.
This essay was deemed UNCLASSIFIED and approved for public release by the NSA’s office of Pre-Publication Review on 11/16/2016 (PP 16-0742).
A year and a half ago, I got the incredible opportunity to shoot a Code.org video. A couple months later, the video was published and watched by thousands.
If you’re not familiar, Code.org is an organization that works to increase computer science education:
Code.org® is a non-profit dedicated to expanding access to computer science, and increasing participation by women and underrepresented minorities. Our vision is that every student in every school should have the opportunity to learn computer science, just like biology, chemistry or algebra.
The Eddie Murphy comparison wasn’t the only surprising response. Every time one of the videos was shared, I would get a new round of emails, Twitter direct messages, Instagram followers, and Facebook friend requests. All from men. That is not an exaggeration, I was contacted over a hundred times, only from men. My Twitter, Facebook, and Instagram are all private, yet the same men would email me, then follow me on any social media platform they could find. Many messages asked if we could meet in person. None of the messages included a specific question or reason for contacting me, instead they described an interest in “learning more.” I really do appreciate the appeals for information and connection, and I do not believe that all or even most of these people had any malicious intentions. But the way they virtually approached me, their insistence and fervor, felt threatening.
This will not be my only post describing gender relations in computer science. I do not claim to represent all women in the industry, and others may disagree with my beliefs. But these messages demonstrated a fundamental disconnect in appropriate conduct. And these were not isolated instances, this happened often. Yet I’m sure I missed out on opportunities for collaboration, research, and friendship because the messages came off as were menacing. I should not have to choose between professional advancement and feeling safe. I should not have to choose between professional advancement and feeling safe.
So, I present suggestions for reaching out:
Email me or message me on LinkedIn. My other social media profiles are private.
Tell me why you’re contacting me. Networking is a fine reason, but make clear why you want to connect with me.
Don’t ask to meet in person.
Limit your number of follow ups. Any more than 3 starts to concern me.