Engineering ethics

Posted on by

Joe Bonneau is one of the smartest young people I’ve met. He was a Gates Scholar at Cambridge and did a PhD in Ross Anderson’s group in the Computer Lab. On July 18, his paper on “The Science of Guessing” won a prestigious award as the Best Scientific Cybersecurity Paper of 2012. But here’s the catch: the Award, which is judged by a panel of distinguished academic experts, is sponsored by the NSA!

Here’s how Joe blogged about it, and explained his thinking.

I’m honored to have been recognised by the distinguished academic panel assembled by the NSA. I’d like to again thank Henry Watts, Elizabeth Zwicky, and everybody else at Yahoo! who helped me with this research while I interned there, as well as Richard Clayton and Ross Anderson for their support and supervision throughout.

On a personal note, I’d be remiss not to mention my conflicted feelings about winning the award given what we know about the NSA’s widespread collection of private communications and what remains unknown about oversight over the agency’s operations. Like many in the community of cryptographers and security engineers, I’m sad that we haven’t better informed the public about the inherent dangers and questionable utility of mass surveillance. And like many American citizens I’m ashamed we’ve let our politicians sneak the country down this path.

In accepting the award I don’t condone the NSA’s surveillance. Simply put, I don’t think a free society is compatible with an organisation like the NSA in its current form. Yet I’m glad I got the rare opportunity to visit with the NSA and I’m grateful for my hosts’ genuine hospitality. A large group of engineers turned up to hear my presentation, asked sharp questions, understood and cared about the privacy implications of studying password data. It affirmed my feeling that America’s core problems are in Washington and not in Fort Meade. Our focus must remain on winning the public debate around surveillance and developing privacy-enhancing technology. But I hope that this award program, established to increase engagement with academic researchers, can be a small but positive step.

This is — as you’d expect — a very adroit and sophisticated post by an interesting and thoughtful man. I’m inclined to agree with him that “America’s core problems are in Washington and not in Fort Meade [the NSA’s HQ]”. I guess that many (most?) of the engineers who work for the NSA (and GCHQ, for that matter) are decent and humane folks. But they must be reaching the point where they realise that there may be tricky ethical problems associated with working in these kinds of organisations, especially when they have no control over what their managerial or political masters do with their work.

The practice of engineering, in whatever speciality, often throws up involve ethical dilemmas, even though many engineers pretend that it doesn’t. After all, they protest, they’re just solving technical problems set to them by their employers. Moral and ethical questions are “above my pay-grade”, as the saying goes.

The first time I ever thought seriously about this was when I met Robert Jan van Pelt, an architectural historian and an expert on Auschwitz. He talked about the architectural and engineering documents pertaining to the design of Auschwitz that had been found in the Soviet archives in Moscow by a British historian. These documents show how professionals working for two firms, one an architectural practice, the other an engineering company which specialised in incinerators, struggled conscientiously to meet the ever-changing needs of a very demanding client — Himmler’s SS — as they sought to increase the capacity and the throughput of the camp. And both groups of professionals clearly understood what Auschwitz was for.

This is NOT to imply any kind of moral equivalence between those who work for outfits like the NSA and those who services the Nazi genocidal programme. But engineering is, like most other kinds of professional practice, drenched in ethical questions. Even as I write this, there are engineers working for arms companies (for example designing lethal unmanned drones, ingenious new fragmentation bombs whose fragments are less easily detected by X-rays or covert online surveillance technology for authoritarian regimes). All medical schools now insist that their students study ethics. Should engineering schools do the same?

Why advertisers are obsessing about the ‘interest graph’

Posted on by

George Orwell once observed that watching an idea move through a communist meeting was like watching a flurry of wind move across a ripe cornfield. Each stalk sways briefly and then resumes its upright posture. Much the same goes for the folks who are desperate to make money from online advertising. Once upon a time, they were all obsessing about the ‘social graph’ (i.e. Facebook). Now they’ve moved on to the ‘interest graph’. Just came on a neat explanation of the idea, apparently taken from a Goldman Sachs interview (so you know how seriously to take it).

Social graph signals have not been helpful in optimizing advertising. It seems intuitive to everyone that your friends’ recommendations would be powerful motivators…but when you look a little deeper, you hang out with people who have very different tastes than you. And you may have a special affinity through a hobby or something that they don’t share. One of the mythical high grounds that everyone’s thinking about…is this notion of an interest graph. Facebook connects you with people you know. But what connects you, if you’re into road biking, with the top 15 road bikers that are within 15 miles of where I live? 

[For a platform to] capture the interest graph, they’d be closer to the Google search paradigm, because they’d be right in line with demand generation, and with discovery that relates to product purchases. Context, for the history of the Internet, has been a big deal. The websites that do verticals, while they may not have abundant traffic, have always had huge CPMs, relative to the “Yahoo! Mail”s of the world. That may be this middle ground, between search and the social graph, to bring together people with like interests.

I wonder what the next obsession will be?

So how many Booz Allen employees are reading your email?

Posted on by

Glenn Greenwald had a fascinating conversation with George Stephanopolous on ABC’s Sunday morning TV show, This Week in which Greenwald said, at one point,

One of the most amazing parts of this entire episode has been that top-level national security officials like James Clapper really did get caught red-handed lying to the American Congress, which everyone now acknowledges, about what the NSA is doing. And it’s amazing that he not only hasn’t been prosecuted, but still has his job. And what that does is, it lets national security officials continue to lie to the public, which is what happened in that exchange you just referenced.

The way that I know exactly what analysts have the capability to do when they’re spying on Americans is that the story I’ve been working on for the last month that we’re publishing this week very clearly sets forth what these programs are that NSA analysts — low level ones, not just ones who work for the NSA, but private contractors like Mr. Snowden — are able to do. The NSA has trillions of telephone calls and emails in their databases that they’ve collected over the last several years. And what these programs are, are very simple screens like the ones that supermarket clerks or shipping and receiving clerks use, where all an analyst has to do is enter an email address or an IP address and it does two things: it searches a database and lets them listen to the calls or read the emails of everything that the NSA has stored, or look at the browsing histories or Google search terms that you’ve entered. And it also alerts them to any further activity that people connected to that email address of that IP address do in the future.

And it’s all done with no need to go to a court, with no need to even get supervisor approval on the part of the analyst. There are legal constraints for how you can spy on Americans. You can’t target them without going through the FISA court. But these systems allow analysts to listen to whatever emails they want, whatever telephone calls, browsing histories, Microsoft Word documents. It’s an incredibly powerful and invasive tool exactly of the type that Mr. Snowden described. And NSA officials are going to be testifying before the Senate on Wednesday. And I defy them to deny that these programs work exactly as I just said.

Two points here. The first is the question of why a public official who lies to Congress has not been suspended, prior to prosecution? The second is whether the NSA officials who are scheduled to testify before Congress on Wednesday will be asked to respond under oath to Greenwald’s remarks?

John Perry Barlow on 9/11

Posted on by

As I watched the Twin Towers collapse on September 11, 2001 I wrote this in my diary: “We can kiss goodbye to civil liberties from this day onwards. There’s nothing that democracies won’t do to prevent this ever happening again”. As ever, John Perry Barlow was both more articulate, and more perspicacious. This is what he wrote that day to those on his BarlowFriendz list. (Courtesy of SpiekerBlog.)

This morning’s events are roughly equiv­a­lent to the Reich­stag fire that pro­vided the social oppor­tu­nity for the Nazi take-over of Ger­many.

I am not sug­gest­ing that, like the Nazis, the author­i­tar­ian forces in Amer­ica actu­ally had a direct role in per­pe­trat­ing this mind-blistering tragedy. (Though their indi­rect role deserves a much longer dis­cus­sion.)

Nev­er­the­less, noth­ing could serve those who believe that Amer­i­can “safety” is more impor­tant than Amer­i­can lib­erty bet­ter than some­thing like this. Con­trol freaks will dine on this day for the rest of our lives.

Within a few hours, we will see begin­ning the most vig­or­ous efforts to end what remains of free­dom in Amer­ica. Those of who are will­ing to sac­ri­fice a lit­tle — largely illu­sory — safety in order to main­tain our faith in the orig­i­nal ideals of Amer­ica will have to fight for those ideals just as vig­or­ously.

I beg you to begin NOW to do what­ever you can — whether writ­ing your pub­lic offi­cials, join­ing the ACLU or EFF, tak­ing to the streets, or liv­ing vis­i­bly free and fear­less lives — to pre­vent the spasm of con­trol mania from destroy­ing the dreams that far more have died for over the last two hun­dred twenty five years than died this morn­ing.

Don’t let the ter­ror­ists or (their nat­ural allies) the fas­cists win.

Remem­ber that the goal of ter­ror­ism is to cre­ate increas­ingly par­a­lytic total­i­tar­i­an­ism in the gov­ern­ment it attacks. Don’t give them the sat­is­fac­tion.

Fear noth­ing. Live free.

And, please, let us try to for­give those who have com­mit­ted these appalling crimes. If we hate them, we will become them.

May God — or What­ever you want to call It — bless us all. We’ll need it.

Courage,

John Perry

And here’s what he wrote the other day:

The answer to ter­ror­ism is not fear. Nor is it vio­lence. Nor is it trans­form­ing our coun­try in the very ways Al Queda wished, thus betray­ing every­thing Amer­ica stood for and becom­ing an arbi­trar­ily vio­lent and sur­veil­lant nation that rou­tinely tor­tures per­ceived ene­mies and incar­cer­ates them indef­i­nitely with­out due process.

If only we’d had the courage and self-assurance to say, “Nice shoot­ing, Ass­holes, but we have lots of tall build­ings.” And left it at that. If only we’d had the courage to respond to ter­ror­ism with a stead­fast unwill­ing­ness to be ter­ror­ized. If only we’d rec­og­nized the trap we were being led into. But we didn’t.
Now Amer­ica is a par­ody of what it was that day 10 years ago. We have bank­rupted our­selves and slaugh­tered tens of thou­sands with point­less wars of reac­tion. We have gut­ted our enlight­ened guar­an­tees of civil lib­erty and gov­ern­men­tal restraint. We have lost our way. And we have become the very mon­ster Osama bin Laden per­ceived us to be.

This is a sad day indeed. Not merely because it refreshes the tragedies of that ter­ri­ble day, but because it also reminds us of all the tragedies — most of them far worse and more per­ma­nent in effect — that we sub­se­quently inflicted upon our­selves and on count­less inno­cents here and abroad in reac­tion to those events.

New direction needed

Posted on by

Very good blog post by Larry Elliott, the Guardian’s Economics Editor, about what’s happened to Britain. Excerpt:

So why is the Britain of 2013 a much more placid place? One theory is that things are not really that bad. Living standards are now so high that a relatively small fall (in a long-term historical context) makes little or no difference to levels of contentment. A century of growth means that rich and poor alike live better, eat better, have more leisure time and enjoy far higher disposable incomes than did their forebears in the run-up to the outbreak of the first world war. The welfare state is now much more generous than the fledgling system set up by the Asquith government, while record-low interest rates mean cheap mortgages for owner-occupiers. A century ago, 10% of people owned or were buying their homes: today it is around 70%.

Theory number two is that while things might not be all that great here, they are a lot worse elsewhere in the world. People look at Spain or Greece and are thankful for small mercies.

A third theory is that the drop in living standards is accepted as the inevitable consequence of flying too close to the sun in the years before the crash. A period of personal austerity is seen as the necessary pre-condition for putting the economy back in decent shape, thus allowing the pattern of rising prosperity to resume, eventually.

There are doubtless other explanations but it is worth investigating the notion that what has been happening since the financial crisis is an aberration, albeit a fairly lengthy one.

Both the government and opposition believe this to be true. Politicians on the left, right and centre dream of a high-wage, high-productivity UK economy, forging ahead in new industrial sectors, wiping the floor with the international competition and generating the resources to fund a gleaming new NHS and top-quality care for an ageing population.

That’s the dream. The reality is that in the summer of 2013 we have a low-investment, low-wage, low-productivity and low-growth economy. And there’s little to suggest the outlook will change any time soon. Almost four-fifths of the jobs created in the UK over the past three years have been in industries where the wage is below £7.95 an hour. Over the same period, business investment as a share of national output has fallen from 8% to 5%, one of the lowest in the industrialised world.

The village and the wide, wide world

Posted on by


Fox-Amphoux roofscape, originally uploaded by jjn1.

Today we went to one of my favourite places in the Var — the tiny hilltop village of Fox-Amphoux. It’s an old Roman village at the intersection of two Roman roads, 540m above sea level with a lovely panoramic view of the surrounding countryside and it’s one of the quietest and most peaceful places I know. It has no shops, one tiny hotel and an artist’s studio. We sat on the steps of the church, in the shade of a nettle tree that is believed to be several hundred years old, and had a delicious picnic.

The village has one claim to fame, though. The clue is in this crude plaque:

Barras_plaque

It’s the birthplace of Paul de Barras, who was one of the leading figures in revolutionary and post-revolutionary France, and was for four years one of the most powerful men in France. (He was the lead member of the five-man French Directory between 1795 and 1799.)

Given the difficulties of communication at the time, one wonders how much the inhabitants of this place ever knew about their famous son. And whether he ever visited it after he’d gone on to greater things.

Climbing Mont Ventoux

Posted on by


The Summit, originally uploaded by jjn1.

A few weeks ago, the Tour de France made one of its occasional forays onto Mont Ventoux in Northern Provence. Since we were passing nearby on our journey south, we decided to drive to the summit — and were stunned by the legions of cyclists who were also heading up, clearly as their personal homage to the Tour stars. It’s a gruelling 18km climb in searing heat, and yet hundreds of cyclists were doing it. And of course many of their families had come along to lend moral and other support, so there was an almighty traffic-jam at the summit, which is 1911m (6269 feet) above sea level. Not for the faint-hearted, believe me.

Edward Snowden’s not the story. The fate of the internet is

Posted on by

This morning’s Observer column.

Repeat after me: Edward Snowden is not the story. The story is what he has revealed about the hidden wiring of our networked world. This insight seems to have escaped most of the world’s mainstream media, for reasons that escape me but would not have surprised Evelyn Waugh, whose contempt for journalists was one of his few endearing characteristics. The obvious explanations are: incorrigible ignorance; the imperative to personalise stories; or gullibility in swallowing US government spin, which brands Snowden as a spy rather than a whistleblower.

In a way, it doesn’t matter why the media lost the scent. What matters is that they did. So as a public service, let us summarise what Snowden has achieved thus far…

Miliband’s gamble: a modest proposal

Posted on by

Ed Miliband — the only leader of a political party willing to condemn Rupert Murdoch — has now embarked on an epic political gamble. He seeks radical reform of the corrupt way we currently fund British political parties. But to be credible — and to counter Tory spin — he first has to get his own house in order, which means terminating the shady process by which trade unions supported Labour financially by pretending that their members were Labour supporters.

As Oona King points out in the New Statesman, there are laudable democratic aspirations behind this policy.

We are told Miliband risks the historic link between Labour and the trade unions, and that in financial terms, Labour may not survive. The main difference between now and 100 years ago (the House of Lords ruling was overturned in 1913) is that the call for reform comes from the Labour Party leader himself, something unimaginable even in Tony Blair’s day, never mind Keir Hardie’s. These proposals make Tony Blair’s reform of Clause IV look like timid toe-dipping. What began as a little (or a large) local difficulty in Falkirk has, on the leader’s say so, become nothing less than a debate around the nature of politics itself. 

At heart, this isn’t primarily an argument about Labour’s link with the trade unions; it is primarily about Labour’s link with democracy, and whether our internal governance is democratic.

Miliband’s gamble is a really bold one, because without union funding Labour is basically bankrupt, and will therefore not to be able to afford a serious election campaign in 2015. And at this point, even those of us who are not necessarily Labour supporters begin to sit up and take notice. Because if — like me — you have come to the conclusion that the Coalition is a disastrous government, then Labour is the only show in town for the 2015 election. The alternative is a government led by Cameron, Gove, Osborne & Co, without even the bleating restraint of the Liberal Democrats.

So here’s my modest proposal.

We know that the best way to eradicate the corruption that stems from our current method of funding political parties — in which cash-rich billionaires, corporations, lobbyists and unions provide campaign contributions in return for you-know-what — is to have a system where parties are funded entirely by small individual donations (maximum £100).

Until fairly recently, such a system would have been costly and difficult to build. But that was then and this is now. The infrastructure for doing it now exists: it’s called the Internet. Not only has it spawned a variety of ways of raising money for charitable purposes (e.g. Just Giving) but also for supporting commercial and non-commercial projects (e.g. KickStarter).

And we know that it works; the Obama campaign in the last two presidential elections in the US showed just how powerful the Net can be as a way of collecting small campaign contributions in huge volumes. As the Washington Post puts it:

Barack Obama raised half a billion dollars online in his 21-month campaign for the White House, dramatically ushering in a new digital era in presidential fundraising.

In an exclusive interview with The Post, members of the vaunted Triple O, Obama’s online operation, broke down the numbers: 3 million donors made a total of 6.5 million donations online adding up to more than $500 million. Of those 6.5 million donations, 6 million were in increments of $100 or less. The average online donation was $80, and the average Obama donor gave more than once.

“You looked at the money being raised online in the same way that you looked at the crowds who came to the rallies,” Joe Rospars, the 27-year-old director of Obama’s new-media department, told The Post. “You were constantly surprised at the number of people who were coming out to see him,” and, when it came to online donations, “people exceeded our expectations as to what they were willing to do.”

The final total raised by Obama online was $1.1 billion.

If Miliband really wants to revitalise British politics — and release us from the grip of the neoliberal lunatics now in charge of our polity — then imaginative use of the Net should become an absolute priority for him. Donations don’t have to come just from Labour supporters. There are lots of Britons who would never think of voting Labour in normal conditions but who also know that some way has to be found of unhorsing a government which won’t even contemplate banning security companies who are facing investigations for massive fraud from bidding for new government contracts.

Setting up an imaginative donation system is not rocket science. Most of the heavy lifting has already been done by the Obama crowd. The old adage –“where there’s a will, there’s a way” — applies: There is a way: Do Miliband & Co have the will?

Why (most) Brits don’t seem to be overly concerned about NSA snooping

Posted on by

I had an inquiry yesterday from a German journalist asking whether it was true that British people are less concerned than Germans are about the Snowden revelations, and if so why.

Here’s my reply:

Dear [xxx]

1. I think it’s broadly true that, in general, the British public is less concerned about the NSA/Snowden revelations than is the case in Germany. That, at any rate, is the conclusion I draw from the only national opinion polling data I’ve seen — conducted by YouGov and published online.

My reading of the survey results is that

  • the great British public isn’t very worked up about the issues.
  • British people are pretty resigned to being surveilled.

    • My reasons for thinking this:

  • When asked whether the law should be changed to give the security services easy access to phone and online activity, 51% thought that would be going too far, but 39% thought it would be a good idea.
  • When asked how much personal data people thought the security services already had access to, 44% replied “almost everything in practice” and 48% thought that the security services had “wide access to a lot” of personal information.
  • People seem to be slightly supportive of Snowden’s whistleblowing. Just over half (52%) said that he had done the right thing, while 37% thought he had been wrong to do it.
  • On the question of whether Snowden should be prosecuted, people are evenly divided (43% each way).
  • Finally, and perhaps most revealingly, when people were asked if they were surprised by the revelations that Britain’s government surveillance organisation GCHQ had also been monitoring Internet traffic, only 2% said that they had been “very surprised”, 14% were “somewhat surprised” but 83% said that they had been “not at all surprised”.

    • 2. The interesting question, of course, is why the British view differs from that of Germans. Here I can only offer a few speculations.

  • It is partly a reflection the conviction (some would call it a delusion?) that Britain enjoys a “special relationship” with the US, and that this means Britons tend to be more tolerant of US excesses than they are of the excesses of other nations (e.g. Russia or France).
  • There is undoubtedly a special relationship between the security agencies of the UK (GCHQ) and the US (NSA). Some people see this as a continuation of the World War II intelligence-sharing arrangements between the two countries. Cynics see it as an attempt by an economically-enfeebled country to maintain a seat at the “top table” by being useful to the Americans. (Some commentators interpret the British government’s determination to renew its submarine nuclear ‘deterrent’ as an analogous case of “imperial afterglow” — the reluctance to concede that Britain is now just a middle-rank power.) One of my academic colleagues who is an expert in computer security occasionally refers dismissively to GCHQ as “an overseas franchise of the NSA”.
  • The problem of the “Two Cultures” (science and technology). The British public — and particularly its mass media — seems remarkably ignorant about science and technology. Critically, this is also true of British legislators. Of the 600+ MPs in the House of Commons, for example, only three have research degrees. As a result, lay people — and legislators — think that anything connected with computer technology is essentially incomprehensible and best left to experts.
  • Britain has no recent historical experience of being invaded, and so the culture has no clear understanding of the consequences of intensive surveillance technology and records falling into the “wrong” hands.

    • Yours sincerely

    John