Slashdot Mirror
Ethics in Scientific Research
call -151 writes: "There is an interesting NYT article `When Science Inadvertently Aids an Enemy' discussing how some of the "encryption should be free for everyone" attitudes are changing with the WTC attacks. The article makes some interesting points and it is good to see discussions like these in more of the mainstream, even if the tone has definitely changed recently." Well, the questions are being asked again, but most of the researchers dealing with these issues have already answered the questions for themselves.
On the surface it sounds reasonable, but in a day where a file can be transmitted between two different continents in real-time, I'm not sure those old-school rules are even helpful anymore.
If you celebrate Xmas, befriend me (538
Right Here, Right Now. Enjoy.
What the hell is this stupid postercomment compression filter?
"Your comment must be THIS LONG to be posted to Slashdot."
"You must be THIS TALL to ride this rollercoaster."
Sheesh.
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
Unbreakable codes are a tool.
A tool is not evil. A tool by itself can't fly an airplane into a crowded building.
It depends on the use of the tool.
Evil people will do evil things with it, good people will do good things with it.
-J5K
The libertarian solution to the failures of capitalism is to apply more capitalism til the failures are fixed.
It's good that (some) people starting to use their heads when it comes to security, but restricting the use of an item because of what it "might" be used for is a little overboard. Eventually everyone will be in a facial recognition system, fingerprinted, dna sequenced, and blood typed in a huge federal database JUST IN CASE you ever do something wrong.
Where's the line?
Scientists should not hold back news of a discovery for fear that one day it may be used by the bad guys -- let the sociologists deal with that. All scientific discoveries have the potential to uplift the human condition. Perhaps one day we will no longer have a need to strong crypto, but until then Hellmann and others should not feel ashamed or guilty about their discoveries and contributions. The ones who should feel ashamed are those who let their personal agendas get in the way of progress, who would rather see us back in age where the privileged few have all the power and the masses are huddled together in the dark looking to superstition for salvation.
Why is it that many people who claim to support standards have such atrocious spelling and grammar?
new eula for a hammer:
the end user will not use this hammer
to build anything that would be deemed
uncapitalistic or un democractic!
this would include:
Mosques,
Churches and
Socialist Gathering centers
yes
what im getting at is encryption is a TOOL
if the terrorists we stupid enough to use a
publicly accessible encryption methods
instead of creating an 'in-house' solution
they are just asking for it!
{
IF it was bin Laden
dont you think he could
afford better encryption?
come on!
}
asking everyone else to
throw away freedom for more
security is not an option
in fact it plays into their hands!
back in the day we didnt have no old school
Encryption, as an algorithm for crunching numbers, costs nothing. You can't keep it out of the hands of the bad guys simply by keeping it out of the hands of the good guys.
To those who say "tools are just tools, it's people that are good or bad," I'd like to pose this question. (This isn't just rhetorical, I'm really curious what people think.) Isn't it the responsibility of those who create or disseminate tools to understand the context into which they release them?
By analogy, if I give a gun to a criminal, some people would hold me partially accountable for what the criminal does with it, especially if I knew (or should have known) that this was a criminal. If I give a gun to a kid, I'm responsible for evaluating whether the kid's ready to learn about guns, and if so, to teach the kid about safety, etc.
Does the analogy extend to scientists? Do they have some responsibility to take part in social, political, etc. processes to ensure that the world they release their tools into is ready and capable of making ethical and moral use of them? If so, what are the minimum requirements and limits of this responsibility?
Then you may be interested in Americans for the Preservation of Information Security, a group working to keep ill-advised legislation from being passed that would deny us tools to keep our information safe in the hopes of denying them to terrorists as well.
Yours truly,
Mr. X
...do something...
There's nothing stopping a small group of interelated individuals from writing their own scrambling technique which could qualify as "encryption", and if laws were passed requiring "back doors" or what-have-you, then any old "Little Orphan Annie Decoder Wheel" that the Government couldn't figure out would instantly make sensitive information (and the people who deal in it) illegal/criminals.
I'll cite an theoretical example.
Video Game Company X has a neat little game gaining great popularity, but due to various reasons they encrypt certain game data with proprietary methods, not at all to keep the government out, but to keep cheaters from snooping the data and exploiting the game. For the sake of argument, they use a clever, light-weight encryption scheme that nobody seems to be able to figure out and for which no back-door-method can feasibly be devised. After all, this is a game, not a spy communications device.
Since we know that they're doing it for gaming, and not espionage, we can consider it mostly harmless. But the laws some people want to pass would probably prohibit this very thing. And for what? Supposed terroist threat? Get real.
I don't even know why I'm rambling about this consider almost everyone here is likely going to agree with me that the trivial uses of encryption should be inalienable in one's rights to privacy. But I'm just frightened that someone might do something (such as the above example) and suddenly find themselves locked away for life just because they wanted a secure entertainment platform.
Lock up the clowns?
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
Is that our society is so ethically-challenged and bereft of common sense that we have to make any undesirable behavior illegal, and any desirable behavior mandatory. (Seatbelts and motorcycle helmets, for instance.)
To many people it makes sense to make anything potentially harmful illegal, because how else would we discourage it?
We've gotten so used to our morality being legislated that we feel we have to pass laws for everything. That's why the abortion issue is such a big deal, because people equate morality with legality. The same deal with sexual harassment laws. We shouldn't need laws to tell us that sexual harassment is wrong, but without the threat of legal penalties many people would still be pinching their secretary on the ass every time they walked in the room or worse.
So, basically, because someone somewhere might use encryption for evil, and because the average voter doesn't have a clue what it's for, they have no problem with it being made illegal to prevent (in their mind) possible abuses.
[NYT]...discussing how some of the "encryption should be free for everyone" attitudes are changing with the WTC attacks...
It doesn't matter what polls say, or how people's attitudes change; the fundamental issue is that crypto-backdoors, laws against strong crypto, etc. etc. are doomed to failure because they won't work.
This is not to say that such laws might not get passed, causing untold inconvenience to law-abiding citizens, chilling research, and compromising our national security by giving crackers a weak point to attack; all I'm saying is that such laws mathematically can't serve their purported purpose.
That is the message that needs to get out.
-- MarkusQ
As a scientist let me say I understand the concerns of society. I wish that some software developers would realize that as our society becomes more digitized, the power of programming becomes greater.
Consider this. In the '40's a few great men/women created an awesome force with grave consequences, the nuclear bomb. A computer security scientist would never consider himself on this level of creation of power, nor should he. But what if a programmer develops a worm that destroys information perfectly, there by bring down an economy, possibly killing people? To go even farther, what if someone creates the technology that enables a terrorist attack, or enables that worm to exist?
As we go farther into the digital age, programming is going to have more and more power and influence. Imagine if physicists were to take the arrogant attitude of today's security developers and say, "If I can build it, I should and also tell everyone else how to do it!"
I just think that in some cases, we should really consider the consequences of our actions....
-Sean
2) What if this is more of the same?
But on to original point - while Hellman admits his view of NSA as "Darth Vader" was "human but ... ridiculous" - perhaps he's overlooking the number of people whose lives were saved by strong crypto?
Or perhaps there's nobody in Tibet resisting the Chinese? Or perhaps there was nobody in the former Soviet Union using crypto during the coup? Or perhaps the Berlin Wall came down, in part, because people were able to communicate without Stasi eavesdropping on them.
Or perhaps the women who infiltrated Afghanistan in defence of native women being slaughtered by the Taliban were only able to get their stories out -- stories that have been publicized time and again over the past few years, and that have nothing to do with the present crisis -- because they're able to communicate securely.
If (and in light of the Zimmerman distortions, I see it as a very big "If") Hellman is having second thoughts about public-key crypto, I urge him to look at the good it's brought.
NYC was One Big Atrocity. We'll never know how many Little Personal Attrocities Hellman's tech has prevented, but I'd bet it's in the thousands.
Come to think of it, why's nobody talking about banning planes? They're tools that were used with at least as much of a bad intent as encryption was. Stick that in the face of the next security-over-freedom politician you meet.
Just an idea that just occured to me.
I got news for you. You can't live a completely safe life. There is always the chance that something or someone will kill you, no matter how bizarre the circumstances. So you propose to live your life paralyzed by fear, never making progress because progress could be dangerous. Talk about cowardice. And the US will not remain a technological leader for long with that attitude.
I put myself in situations where I could die (Arguably 10 times a week as I commute to and from work) because I refuse to live in fear. I enjoy hang gliding and hiking the short (2-3 mile) trails at the Rocky Mountain National Park even though doing so is putting my life at risk. Sure I could crash. Sure I could run into a bear or a mountain lion that would think I'd make a tasty and delicious snack. I see dozens of people each trip up to the park who never even think you could die up there. Every year a few idiots get gored by pissed off elk. Fucking Disneyland Mentality. People die in the amusement park. No place is completely safe. You will never make anyplace completely safe. You will eventually die, one way or another. Deal with it.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
This issue was already explored by the Internet community, and the cypherpunk manifesto From Crossbows to Cryptography explains the issue, though some of us find our collective selves on the other side of the coin from the cypherpunks this time.
The issue is power, which privacy confers because anonymity is impunity. Authorship being one of the critical facts concealed by any encrypted parcel. Technology originates in the powerful, in order to confer more power to them. However the technology itself is information which escapes by multiplying itself in unacquainted minds, eventually in those minds outside the power elite which devised the technology. The balance of power falls back to somewhere between the power elite and the subject people.
Now all of this exists independant of ethics. No doubt the power elite would like the subjects to restrain their use of the technology on a principle that does not bind the power elite. Ethics are weak (subjective and voluntary), but they are at least sometimes effective.
Where this leads us is to the question: should we develop new encryption technology? Should we implement Key Escrow? I urge you to think long and hard about the cold facts of how any of those possibilities can be abused. Experts agree that without strong cryptography (even for terrorists) democracy will fail. This is a new world and requires acute wisdom to set the direction we move next. Freedom of speech is not an option or a priviledge, it is a right whithout which people cannot guarantee governance by consent.
--- Nothing clever here: move along now...
We see the Wright Brothers standing near the first ever airplane, moments before it takes off for the first ever powered flight. As they begin to board the craft, a reporter informs them that their invention will be used to kill thousands of people, destroy a building, and drastically alter the fabric of the nation that they love so much. They also are told about the untold number of deaths caused by warplanes, including dropping the bomb on Hiroshima and Nagasaki, as well as all the other armed conflicts that used this wonderful invention. Finally they are told about the numbers of people that will die as passenger planes crash into hills, oceans, and fields all across the world.
Instead of flying the plane, they decide that the risks are too great, and scrap the whole invention. Upon hearing the details about the possible future of the machine, congress legislates that it is illegal to develop, own, or operate such manned flying machines...
Just imagine.
Encryption is rather different than a gun in a few respects:
1) - the tools are software: duplication is easy. Guns are hardware and sophisticated knowledge is needed to make them.
2) - the algorithms are well known: you can make your own tools (without the backdoors). Building your own guns is a bit harder (though not impossible)
3) - there are open source tools (you don't even have to go through step 2 to obtain tools free from backdoors). Although the US occasionally hands out guns (e.g. stinger missiles to the afghan resistance a.k.a. taliban in the eighties), in general selling arms is profitable business.
Now about guns: you need a gun + an idiot to pull the trigger to kill people. Both prerequisites are available in large quantities in the US. In western europe, guns are a bit harder to get so we have less casualties as the result of guns (check the statistics if you like). Obviously, removing guns from society helps reduce the amount of people dying from guns. Doing so is a problem in the US however since billions of guns have been sold there in the recent centuries. So if you are in the US you are fucked, people around you are nuts and have easy access to guns. One day your nice neighbour or colleague may have a bad day and pull his guns on you (which he can buy legally and keep in his house).
Now lets turn to the real issue: why is the US pushing backdoors in encryption software: industrial espionage. Being able to tap in on information banks and businesses exchange throughout the world is very profitable business. A terrorist will just use illegal/free tools (probably on a illegal version of win XP or whatever). If there's one thing you can be sure of: terrorists don't like the US and they are not bloody likely to stimulate the US economy by actually paying for software produced in the US. What do you think? Bin Laden will actually log on to MSN and chat with his colleagues??? Come on!
The US government is using this situation to rearrange the world to make it a little bit more comfortable for the US leaders. Aguably the WTC tragedy was the best thing to happen to them in years. Some impopular anti-terrorist/anti-human rights laws can be pushed through. Suddenly they can be friends with Pakistan (a few weeks ago still referred to as a rogue state that we should be protected from by a missile shield). Everybody turns a blind eye while they whipe the Taliban of the earth and even Khatami is suddenly being friendly on behalf of Iran. In addition some former Soviet republics who happen to play an important role in producing and transporting oil are also the US' best friends.
It is touching to see all this friendship bloom. Unfortunately it is at the cost of millions of innocent Afghan civilians, already in big trouble because of the previous civil wars. What happened to New York was bad but the opportunistic way the US government is dealing with the situation is sickening.
Jilles
After about the 4th day I stopped watching the "news" coverage of the WTC disaster. Basically about the same time the talking heads ran out of things to say. Wake me up when the barrage of pseudoinfo-diarrhoea ceases and they've got something new to say.
We don't even know if the terrorists used encryption. We do know that they used American technology against Americans. Technology manufactured by Boeing...gee, don't hear Boeing engineers wailing about the "ethics" of design features of the 767, do we? Besides, smart people in other countries write encryption all the time...how are you going stop that? What they simply used a seemingly innocuous set of phrases with pre-determined meanings?
This article is nothing more than more of the same pseudoinformation (propaganda?) that the American media has been bombarding us with. The corporate propaganda machine is in full cry, preparing Joe-sixpack for the loss of freedom that is soon to come. Herr Goebbels would have been proud.
What about all the technological advances by the Americans that allow them to exert brutal dominion over other parts of the world? A discussion of ethical concerns and science could prove most embarrasing to America.
In any case, scientists should only concern themselves with "is it possible?" not "should we make it available?"
You're using her as bait, Master!
In my opinion Martin Hellman is no more responsible for the WTC bombings than Rod Serling, who originated the idea of airline hijacking in his 1966 movie, "The Doomsday Flight."
For the rest of his life Serling regretted putting this concept into the public mind. But it was only a matter of time before somebody figured it out. At that time there were no metal detectors. Airports were like high-class bus stations. It wasn't Serling's fault that the security systems we have become accustomed to, as well as those we are going to start seeing now, are installed only after damage has been done rather than after the warnings have been sounded.
Like it or not, we have had the technology tiger by the tail for a long time. Cropdusting planes were grounded nationwide this weekend because of the possibility of biochemical attack. Why now? Cropdusting planes and biochemical weapons have both been around for ages. The possibility of putting them together didn't just pop into existence last week. It's one of many things that the authorities have long known could happen, probably will happen, but hasn't happened yet so no need to alarm people.
I'm sure quite a number of freedoms we have long enjoyed, simply because nobody has figured out how to wreak mayhem with them, will be going away soon. But don't blame it on Martin Hellman or Rod Serling, or the first proto-human who noticed that you could use a stick to hit stuff with. Blame it on the fact that some people are just assholes.
This is really the key point: Terrorists DO NOT need cryptography if they are capable of planning ahead a little in face to face meetings. If you are making it up as you go along, then you have to send lots of detailed messages back and forth. But if you can meet somewhere that CIA agents cannot operate (Afghanistan, for instance), and decide what everyone will be doing in two years (flying airliners into buildings), then the messages requireed as the plan unfolds can all be easily disguised as routine business or family communications.
Of course, if you force banks and other businesses to put back doors into their crypto, then you are giving the more sophisticated terrorists one hell of an opportunity. Why bother blowing up Americans a few thousand at a time when you can foul up the financial system until millions of them are starving? It would be tough to do -- but remember that under our laws, Arab or Afghan origins is no reason to keep a person out of sensitive government positions, like in the key escrow department...
One nanotechnology expert, Glenn H. Reynolds, a law professor at the University of Tennessee, said that someday it might even be used to make tiny robots that would lodge in people's brains and make them truly love Big Brother.
Well, they'd have to. That show fucking sucked.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Cryptography is based on math formulas. Last time I checked, knowledge of math was not confined to the US. Basic cryptography can be done with very large prime numbers, not a difficult math concept, but hard as hell to factor.
Besides, any idea, over our entire history, was probably not thought up by only one person, even though usually only one person gets the credit for it.
Preventing someone from advancing in ANY technology, only puts them behind. If a US mathematician doesn't think of it and publish it, someone else will. To protect against something, you have to understand how it works first. You have to have guns with bullets to make bullet proof vests. You have to have a virus to find the cure. (I hate bad analogies, but since they're all the rage).
I think the farther cryptographers and mathematicians advance, the more useless the old technology becomes. Remember RSA Labs 56 bit key?
Thoughts and ideas should never be outlawed.
Oh yes. And that is why the only option is to make sure nobody wants to hurt you. From the Russell-Einstein Manifesto:
It's up to you.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
Anyone notice that the mainstream media is doing plenty of coverage about the afwul hackers who post free encryption, but very little coverage about things like ethics and airline security? I can't remember the last time I saw anyone in the media write about the fact that there are hardly any checks on people who buy huge quantities of fertilizer that can be used in truck bombs.
While much of the media coverage of encryption lately has been somewhat insightful, it seems that most of it is more reactionary crap. The media is afraid to demonize airlines for horribly mismanaging their entire industry to the point that they cut corners, often illegally on airline security. Maybe it has something to do with the massive amounts of advertising airlines pay for every year, especially right now when they are advertising dirt cheap fares to try and woo back scared travelers.
It just goes to show the biggest downside of massive media corporations; instead of being accountable to the masses, they are accountable to the advertisers.
I will close with a quote, source unknown:
"The media is only as liberal as the companies that own it."
-------------
Dear Senator/Congressman:
This week, you and all other Congressmen are very busy preparing new laws and modifying existing ones to help the United States combat terrorism. Unfortunately, I fear that some of these laws will do more to restrict loyal Americans than actually stop terrorists. I hope you can take a few minutes out of your schedule to read this letter.
To put it bluntly, restrictions on encryption technology are pointless. There have been reports that the terrorist networks responsible for the World Trade Center attack used encryption technology in their communication. Many people, none of whom truly understands technology, believe that if there had been limits on encryption, it would have hampered the terrorists. This assertion is absurd.
Encryption is nothing more than a field of mathematics, where the data to be encrypted is treated as a bunch of numbers. Placing legal limits on encryption is the same as outlawing certain kinds of math. One of the worst ideas being proposed is to force individuals and companies to use encryption technologies for which the government has "back door" access. That is, the government is in possession of secret keys that can decrypt any data which is encrypted using these particular algorithms. Other encryption algorithms which don't allow for back doors would be outlawed.
The flaw in this reasoning is that it is impossible to force terrorists to use "approved" technology. We don't even know who or where they are, so how can we force them to do anything?!? The terrorists will simply use "non-approved" encryption technologies while honest American citizens and businesses are forced to sacrifice their privacy. The worst part is that if other countries were to ever obtain these secret keys, they would have access to every piece of encrypted data from the United States.
The truth is, strong encryption protects Americans. With strong encryption, terrorists won't be able to decrypt sensitive corporate data. They won't be able to spy on American citizens. They won't be able to intercept top secret transmissions.
These terrorists were able to strike not because they used encryption, but because our intelligence organizations are incompetent. The FBI is better known for its blunders (e.g. the Atlanta Olympics bombing, the siege at Waco, the assault at Ruby Ridge, and the 3000 documents in the McVeigh case) than for its successes. In fact, it's been over a week since the attack, and the best our government can say is, "We're pretty sure that Osama bin Ladin is the prime suspect."
Therefore, I am asking you to reject any bills that place limitations on the use of encryption. Instead, I think you should focus on how to improve our intelligence-gathering organizations. Perhaps in exchange for bailing out the airline industry, federal officials from the intelligence organizations should get free flights for the next ten years. The money saved can be used to fund more operations.
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart
Hmm. Does this mean that "safeguards" were developed (I cannot imagine what safeguards *could* be developed)? Or does it simply mean that scientists became "comfortable" with the idea, after the passage of some time?
Currently, the big biochem companies like ConAgra and Monsanto are experimenting with our ecosystem, releasing Genetically Modified Organisms into the wild. Forget sabotage or terrorism, we may screw things up by "accident". Anyone else worried about that?
Outlawing encryption is not going to stop people from using it for some malicious purpose. Outlawing guns is not going to stop armed robbery. Outlawing nuclear technology is not going to stop the bomb.
It really doesn't matter what you create/invent/discover scientifically or technologically, people will find a way to use it to kill people. And the governments of the world are the biggest example of this. One of the first applications of a new technology is how can it be applied to the military. I mean, what was one of the first uses of nuclear technology?
What is the question here? Should we not perform any scientific research? Should we not improve our technology? Or, if we do, should we just not share it with anyone? (Including ourselves, there are of course spies and criminals among us.) If that's the case, how could anyone benefit from it?
To not strive forward with technology because evil-doers might use it is absurd! Even though technology is used by a select few to harm others, the benefits far outweigh the unfortunate "evil that men do."
Ascalante: Your bride is over 3,000 years old.
Kull: She told me she was 19!
This is one of the most insightful comments I've read about threats from technology
"We spend a lot of time worrying about extremely sophisticated threats," he said. "But less sophisticated threats can slip under the radar. People who want to hurt you can find a way to do it."
This can only be underlined by the events of September 11, where box cutters were used to destroy the WTC.
Thomas Jefferson said, "The price of liberty is eternal vigilance."
Vigilance is the answer, not locking the barn door after the horse has bolted.
Apologies for mixing quotes and clichés