[liberationtech] FW: The security and ethics

P.A.Bernal at lse.ac.uk P.A.Bernal at lse.ac.uk
Wed Feb 9 10:04:58 PST 2011 

Whilst I agree with almost all of that wholeheartedly, it does seem to me that even in personal security - particularly in the context of NGOs on the frontline, which is where I came into this discussion - it is about balance. Most of the people involved, in my limited experience, know very well that they are making a 'balancing' decision in relation to their lives! They're risking their lives for something they think is worth that risk - perhaps they don't know enough about the ways in which they are risking their lives, about the flaws and dangers inherent in their technology for example, but they know there are risks, and often they have a very good grasp of the seriousness of that risk as their friends and families are those who have been captured or tortured or killed. They have to balance that risk against the importance of their cause. If they can get a better understanding of the technological side of that risk, all the better - and if they can be persuaded to make better decisions as to how to minimise that risk, even better still.

Paul


-----Original Message-----
From: Jim Youll [mailto:jyoull at alum.mit.edu]
Sent: Wed 2/9/2011 5:47 PM
To: Bernal,PA  (pgr)
Cc: jacob at appelbaum.net; liberationtech at mailman.stanford.edu
Subject: Re: [liberationtech] FW: The security and ethics
 
Pardon the intrusion here. I've watched/skimmed with interest several product announcements and ensuing debates.

All people want good solutions to problems in every facet of daily life.

But these aren't ordinary problems where maybe a credit card is used a couple of times by a bad guy if information leaks out. The technology is new. Most of it has some sort of flaw. When it's not in the code or algorithms (cryptography works very well), it's in the processes around the crypto, or in the"make it work in everyday life" translation from theory to practice, which is very hard and perhaps impossible to do exceedingly well given the immature state of the technology we use.

How can /any/ hosted solution that you didn't roll yourself, or that isn't encrypted end-to-end, be trusted with a life? Remember, that confident-sounding website or "cloud service" is really just a bunch of computers in a rack in a dark, windy room somewhere.

Personal security is not about balance at all. It's about creating a substantial-enough IMbalance that attackers are forced to other means to subvert. Ideally, they are forced into the physical realm, where at least a surveillance/suspect can see or otherwise sense their presence. Right now, many "technological solutions" are making intruders' work easier, not harder. In technology, it is actually typical (and arguably rational) to build a wall tall enough that opponents run around the end rather than climbing over.

There will never be a satisfactory answer to the "I want to tell lots of people something secret - but only good people who are on my side" request. Never. Once it's out, it's out. Even this list surely has subscribers who not only disagree with the ideas put forth on it, but who may be working to counter whatever is discussed here. If they aren't subscribers now, they may be archive readers later. Who's who once N > 2 and the other guy is someone you've known since grade school? Hard to say.

- jim


On Feb 9, 2011, at 9:26 AM, <P.A.Bernal at lse.ac.uk> wrote:

> Jacob, I'm certainly not advocating that we don't aim for understanding the world 'as it is' - but sometimes you need to teach someone to drive rather than how to design and build their own car, let alone the physics behind the internal combustion engine. There's a balance to be found - and as you say, creating a space in which we can find that balance is the key.
> 
> What I was really looking for was a solution for the situation as it often is on the ground, as described by a few posters on here, where people have little time and lots of demands upon that little time, and who would like to find good solutions to their problems but who don't have the expertise to find their way through the technical language and literature.
> 
> Paul Bernal
> 
> 
> -----Original Message-----
> From: liberationtech-bounces at lists.stanford.edu on behalf of Jacob Appelbaum
> Sent: Wed 2/9/2011 4:23 PM
> To: liberationtech at lists.stanford.edu
> Subject: Re: [liberationtech] FW: The security and ethics
> 
> On 02/09/2011 06:54 AM, P.A.Bernal at lse.ac.uk wrote:
>> Agreed - though privacy by design doesn't really go nearly far enough
>> both in theory and in practice.... and in practice, of course, it's
>> much more often 'surveillance by design' than privacy by design.
>> That's what needs to be opposed, together with the laws that seem to
>> support or even demand it.
>> 
> 
> I agree. Surveillance by design is the normal behavior - it's both
> easier and well tested as far as most implementors are concerned.
> 
> I think privacy by design is a great buzz-phrase. Ultimately for a
> discussion that critiques either advice or tools, it's probably not
> possible to just toss around buzz-words or buzz-phrases
> 
>> For the purposes of this mailing list, though, there is a point I'd
>> like to make from a lay-person's perspective: the technical language
>> (not just the acronyms) that surrounds privacy is often highly
>> confusing even to people with quite a lot of technical knowledge.
>> What that means in practice is that people often just give up on it,
>> particularly if they're short on time and have other highly pressing
>> issues to deal with, as they generally do. Is there a way that this
>> can be avoided? Often, of course, the level of technicality is
>> unavoidable, but it would be great to try to cut through it at least
>> to a degree.
> 
> I find this interesting on a few levels.
> 
> If we asked this of people about basic literacy or mathematics, we'd be
> pretty embarrassed. Rather than asking people to read to us or for us,
> we learn to read. Rather than asking someone to balance our checkbook,
> we learn to do it ourselves. This is a sub-goal of most educational
> programs. Obviously the main goal is an understanding of actual
> mathematics and literary challenges; learning about these topics is not
> just about functionally balancing a checkbook.
> 
> To that end, computers and networks are an important part of our lives.
> Indeed, I think this is such a difficult topic precisely because a lack
> of knowledge or a lack of technical knowledge may be physically
> dangerous to people in the field. I don't want to exclude people from
> the discussion, rather I think we should seek to normalize the knowledge
> and embrace it when possible.
> 
> To that end, I think that while we should try to make the language
> accessible but we must not forget that the details do really matter.
> 
> Additionally, just as literary illiteracy and innumeracy are serious
> education problems, so is technological illiteracy. So while I agree we
> should be accessible, I reject the notion that the ideal is to not
> understand the way that the world works. We reject it for other
> important topics and we should reject it here too. We should embrace
> understanding for this very important topic; most people actually get
> the big picture and most of the little details when they stop
> discouraging themselves.
> 
> If that means that people are going to give up on a discussion, I
> suppose that we should simply hope they're not calling the shots for
> other people who are less hopeless. There is little to do for people who
> simply and silently give up.
> 
> However, as a practical manner - I would prefer to encourage people to
> help create a safe space. As my friend Ingy would say: "Hands need
> holding; if you only live in the future, it's a future nobody will ever
> see" and I tend to agree. There absolutely needs to be a desire on both
> sides to make this happen. It would be great to know when to define the
> technical language and when to break down the barriers; creating a safe
> space is key to greater understanding all around.
> 
> All the best,
> Jacob
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> 
> 
> Please access the attached hyperlink for an important electronic communications disclaimer: http://lse.ac.uk/emailDisclaimer
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech



Please access the attached hyperlink for an important electronic communications disclaimer: http://lse.ac.uk/emailDisclaimer

More information about the liberationtech mailing list