Slashdot Mirror
Ethics in Scientific Research
call -151 writes: "There is an interesting NYT article `When Science Inadvertently Aids an Enemy' discussing how some of the "encryption should be free for everyone" attitudes are changing with the WTC attacks. The article makes some interesting points and it is good to see discussions like these in more of the mainstream, even if the tone has definitely changed recently." Well, the questions are being asked again, but most of the researchers dealing with these issues have already answered the questions for themselves.
Unbreakable codes are a tool.
A tool is not evil. A tool by itself can't fly an airplane into a crowded building.
It depends on the use of the tool.
Evil people will do evil things with it, good people will do good things with it.
-J5K
The libertarian solution to the failures of capitalism is to apply more capitalism til the failures are fixed.
It's good that (some) people starting to use their heads when it comes to security, but restricting the use of an item because of what it "might" be used for is a little overboard. Eventually everyone will be in a facial recognition system, fingerprinted, dna sequenced, and blood typed in a huge federal database JUST IN CASE you ever do something wrong.
Where's the line?
Encryption, as an algorithm for crunching numbers, costs nothing. You can't keep it out of the hands of the bad guys simply by keeping it out of the hands of the good guys.
To those who say "tools are just tools, it's people that are good or bad," I'd like to pose this question. (This isn't just rhetorical, I'm really curious what people think.) Isn't it the responsibility of those who create or disseminate tools to understand the context into which they release them?
By analogy, if I give a gun to a criminal, some people would hold me partially accountable for what the criminal does with it, especially if I knew (or should have known) that this was a criminal. If I give a gun to a kid, I'm responsible for evaluating whether the kid's ready to learn about guns, and if so, to teach the kid about safety, etc.
Does the analogy extend to scientists? Do they have some responsibility to take part in social, political, etc. processes to ensure that the world they release their tools into is ready and capable of making ethical and moral use of them? If so, what are the minimum requirements and limits of this responsibility?
There's nothing stopping a small group of interelated individuals from writing their own scrambling technique which could qualify as "encryption", and if laws were passed requiring "back doors" or what-have-you, then any old "Little Orphan Annie Decoder Wheel" that the Government couldn't figure out would instantly make sensitive information (and the people who deal in it) illegal/criminals.
I'll cite an theoretical example.
Video Game Company X has a neat little game gaining great popularity, but due to various reasons they encrypt certain game data with proprietary methods, not at all to keep the government out, but to keep cheaters from snooping the data and exploiting the game. For the sake of argument, they use a clever, light-weight encryption scheme that nobody seems to be able to figure out and for which no back-door-method can feasibly be devised. After all, this is a game, not a spy communications device.
Since we know that they're doing it for gaming, and not espionage, we can consider it mostly harmless. But the laws some people want to pass would probably prohibit this very thing. And for what? Supposed terroist threat? Get real.
I don't even know why I'm rambling about this consider almost everyone here is likely going to agree with me that the trivial uses of encryption should be inalienable in one's rights to privacy. But I'm just frightened that someone might do something (such as the above example) and suddenly find themselves locked away for life just because they wanted a secure entertainment platform.
Lock up the clowns?
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
Is that our society is so ethically-challenged and bereft of common sense that we have to make any undesirable behavior illegal, and any desirable behavior mandatory. (Seatbelts and motorcycle helmets, for instance.)
To many people it makes sense to make anything potentially harmful illegal, because how else would we discourage it?
We've gotten so used to our morality being legislated that we feel we have to pass laws for everything. That's why the abortion issue is such a big deal, because people equate morality with legality. The same deal with sexual harassment laws. We shouldn't need laws to tell us that sexual harassment is wrong, but without the threat of legal penalties many people would still be pinching their secretary on the ass every time they walked in the room or worse.
So, basically, because someone somewhere might use encryption for evil, and because the average voter doesn't have a clue what it's for, they have no problem with it being made illegal to prevent (in their mind) possible abuses.
As a scientist let me say I understand the concerns of society. I wish that some software developers would realize that as our society becomes more digitized, the power of programming becomes greater.
Consider this. In the '40's a few great men/women created an awesome force with grave consequences, the nuclear bomb. A computer security scientist would never consider himself on this level of creation of power, nor should he. But what if a programmer develops a worm that destroys information perfectly, there by bring down an economy, possibly killing people? To go even farther, what if someone creates the technology that enables a terrorist attack, or enables that worm to exist?
As we go farther into the digital age, programming is going to have more and more power and influence. Imagine if physicists were to take the arrogant attitude of today's security developers and say, "If I can build it, I should and also tell everyone else how to do it!"
I just think that in some cases, we should really consider the consequences of our actions....
-Sean
We see the Wright Brothers standing near the first ever airplane, moments before it takes off for the first ever powered flight. As they begin to board the craft, a reporter informs them that their invention will be used to kill thousands of people, destroy a building, and drastically alter the fabric of the nation that they love so much. They also are told about the untold number of deaths caused by warplanes, including dropping the bomb on Hiroshima and Nagasaki, as well as all the other armed conflicts that used this wonderful invention. Finally they are told about the numbers of people that will die as passenger planes crash into hills, oceans, and fields all across the world.
Instead of flying the plane, they decide that the risks are too great, and scrap the whole invention. Upon hearing the details about the possible future of the machine, congress legislates that it is illegal to develop, own, or operate such manned flying machines...
Just imagine.
Encryption is rather different than a gun in a few respects:
1) - the tools are software: duplication is easy. Guns are hardware and sophisticated knowledge is needed to make them.
2) - the algorithms are well known: you can make your own tools (without the backdoors). Building your own guns is a bit harder (though not impossible)
3) - there are open source tools (you don't even have to go through step 2 to obtain tools free from backdoors). Although the US occasionally hands out guns (e.g. stinger missiles to the afghan resistance a.k.a. taliban in the eighties), in general selling arms is profitable business.
Now about guns: you need a gun + an idiot to pull the trigger to kill people. Both prerequisites are available in large quantities in the US. In western europe, guns are a bit harder to get so we have less casualties as the result of guns (check the statistics if you like). Obviously, removing guns from society helps reduce the amount of people dying from guns. Doing so is a problem in the US however since billions of guns have been sold there in the recent centuries. So if you are in the US you are fucked, people around you are nuts and have easy access to guns. One day your nice neighbour or colleague may have a bad day and pull his guns on you (which he can buy legally and keep in his house).
Now lets turn to the real issue: why is the US pushing backdoors in encryption software: industrial espionage. Being able to tap in on information banks and businesses exchange throughout the world is very profitable business. A terrorist will just use illegal/free tools (probably on a illegal version of win XP or whatever). If there's one thing you can be sure of: terrorists don't like the US and they are not bloody likely to stimulate the US economy by actually paying for software produced in the US. What do you think? Bin Laden will actually log on to MSN and chat with his colleagues??? Come on!
The US government is using this situation to rearrange the world to make it a little bit more comfortable for the US leaders. Aguably the WTC tragedy was the best thing to happen to them in years. Some impopular anti-terrorist/anti-human rights laws can be pushed through. Suddenly they can be friends with Pakistan (a few weeks ago still referred to as a rogue state that we should be protected from by a missile shield). Everybody turns a blind eye while they whipe the Taliban of the earth and even Khatami is suddenly being friendly on behalf of Iran. In addition some former Soviet republics who happen to play an important role in producing and transporting oil are also the US' best friends.
It is touching to see all this friendship bloom. Unfortunately it is at the cost of millions of innocent Afghan civilians, already in big trouble because of the previous civil wars. What happened to New York was bad but the opportunistic way the US government is dealing with the situation is sickening.
Jilles
After about the 4th day I stopped watching the "news" coverage of the WTC disaster. Basically about the same time the talking heads ran out of things to say. Wake me up when the barrage of pseudoinfo-diarrhoea ceases and they've got something new to say.
We don't even know if the terrorists used encryption. We do know that they used American technology against Americans. Technology manufactured by Boeing...gee, don't hear Boeing engineers wailing about the "ethics" of design features of the 767, do we? Besides, smart people in other countries write encryption all the time...how are you going stop that? What they simply used a seemingly innocuous set of phrases with pre-determined meanings?
This article is nothing more than more of the same pseudoinformation (propaganda?) that the American media has been bombarding us with. The corporate propaganda machine is in full cry, preparing Joe-sixpack for the loss of freedom that is soon to come. Herr Goebbels would have been proud.
What about all the technological advances by the Americans that allow them to exert brutal dominion over other parts of the world? A discussion of ethical concerns and science could prove most embarrasing to America.
In any case, scientists should only concern themselves with "is it possible?" not "should we make it available?"
You're using her as bait, Master!
One nanotechnology expert, Glenn H. Reynolds, a law professor at the University of Tennessee, said that someday it might even be used to make tiny robots that would lodge in people's brains and make them truly love Big Brother.
Well, they'd have to. That show fucking sucked.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Anyone notice that the mainstream media is doing plenty of coverage about the afwul hackers who post free encryption, but very little coverage about things like ethics and airline security? I can't remember the last time I saw anyone in the media write about the fact that there are hardly any checks on people who buy huge quantities of fertilizer that can be used in truck bombs.
While much of the media coverage of encryption lately has been somewhat insightful, it seems that most of it is more reactionary crap. The media is afraid to demonize airlines for horribly mismanaging their entire industry to the point that they cut corners, often illegally on airline security. Maybe it has something to do with the massive amounts of advertising airlines pay for every year, especially right now when they are advertising dirt cheap fares to try and woo back scared travelers.
It just goes to show the biggest downside of massive media corporations; instead of being accountable to the masses, they are accountable to the advertisers.
I will close with a quote, source unknown:
"The media is only as liberal as the companies that own it."
-------------
Dear Senator/Congressman:
This week, you and all other Congressmen are very busy preparing new laws and modifying existing ones to help the United States combat terrorism. Unfortunately, I fear that some of these laws will do more to restrict loyal Americans than actually stop terrorists. I hope you can take a few minutes out of your schedule to read this letter.
To put it bluntly, restrictions on encryption technology are pointless. There have been reports that the terrorist networks responsible for the World Trade Center attack used encryption technology in their communication. Many people, none of whom truly understands technology, believe that if there had been limits on encryption, it would have hampered the terrorists. This assertion is absurd.
Encryption is nothing more than a field of mathematics, where the data to be encrypted is treated as a bunch of numbers. Placing legal limits on encryption is the same as outlawing certain kinds of math. One of the worst ideas being proposed is to force individuals and companies to use encryption technologies for which the government has "back door" access. That is, the government is in possession of secret keys that can decrypt any data which is encrypted using these particular algorithms. Other encryption algorithms which don't allow for back doors would be outlawed.
The flaw in this reasoning is that it is impossible to force terrorists to use "approved" technology. We don't even know who or where they are, so how can we force them to do anything?!? The terrorists will simply use "non-approved" encryption technologies while honest American citizens and businesses are forced to sacrifice their privacy. The worst part is that if other countries were to ever obtain these secret keys, they would have access to every piece of encrypted data from the United States.
The truth is, strong encryption protects Americans. With strong encryption, terrorists won't be able to decrypt sensitive corporate data. They won't be able to spy on American citizens. They won't be able to intercept top secret transmissions.
These terrorists were able to strike not because they used encryption, but because our intelligence organizations are incompetent. The FBI is better known for its blunders (e.g. the Atlanta Olympics bombing, the siege at Waco, the assault at Ruby Ridge, and the 3000 documents in the McVeigh case) than for its successes. In fact, it's been over a week since the attack, and the best our government can say is, "We're pretty sure that Osama bin Ladin is the prime suspect."
Therefore, I am asking you to reject any bills that place limitations on the use of encryption. Instead, I think you should focus on how to improve our intelligence-gathering organizations. Perhaps in exchange for bailing out the airline industry, federal officials from the intelligence organizations should get free flights for the next ten years. The money saved can be used to fund more operations.
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart