[liberationtech] FW: The security and ethics

Graham Webster gwebster at uw.edu
Wed Feb 9 11:18:46 PST 2011 

David Rizk writes:

 <<<Relatedly, I would also reject your analogy to basic literacy. Of
course, *some* basic level of computer literacy is going to be essential for
generations to come. But implementing advancing privacy and security
protocols is not really analogous to the basic ability to read. To say that
you can write, is not to say that you can write a competent and persuasive
brief to a judge. You (wisely) hire a lawyer. Are you contending that,
ideally, you would mount your own defense? Or would you prefer to get
professional help?

On the margins, I think we can agree, expertise is always going to be
necessary. And just as lawyers help their clients comply with the law, and
fend off attempts at enforcement, technologists should strive to make life
as uncomplicated as possible for users -- while upholding their expectations
and social norms (e.g., protecting their privacy, etc.).>>>



I write:

I think this analogy to lawyers is revealing. Part of the problem for many
of the people who would use solutions outlined here, or people like me who
have at times asked this list for practical advice, is that whereas lawyers
must pass the bar and are generally held accountable to professional norms,
there is no such licensing mechanism for a security expert.

If I want to shore up my personal data management system for fieldwork in
China (this is near in my future), I need to consult colleagues and multiple
sources, evaluate whose advice best fits my threat profile, and work hard to
implement my plans. For the scholarly example of my fellow China scholars,
we often have to satisfy human subjects standards, but there are no
standards for whom we might consult to get good advice.

Certainly, licensing security experts could create an unacceptable
centralized control over security. But some kind of credentialing would be
very useful if individuals and organizations are to look for help (as I
believe they must).

Graham Webster
Ph.D. student, Political Science
University of Washington
http://gwbstr.com



On Wed, Feb 9, 2011 at 10:15 AM, David Rizk <drizk at stanford.edu> wrote:

> Additionally, just as literary illiteracy and innumeracy are serious
> education problems, so is technological illiteracy. So while I agree we
> should be accessible, I reject the notion that the ideal is to not
> understand the way that the world works. We reject it for other
> important topics and we should reject it here too. We should embrace
> understanding for this very important topic; most people actually get
> the big picture and most of the little details when they stop
> discouraging themselves.
>
>
> Paul -- agreed. I think the points you've made are often lost on this list.
>
> @Jacob, Jim: I understand that your points are directed mostly at users who
> place themselves in harm's way, but I believe they lose validity as
> universal tenets. Most people express their curiosity and find happiness by
> learning about, and doing things, other than implementing advanced privacy
> and security protocols. Expecting users to *want* *to learn* more about
> our particular field misses the greater point.
>
> Consider the alternative: ideally, users should need to know less, rather
> than more, about the way networks and security protocols
> work. Ideally, users should be able to spend cycles on the things *they
> care about* -- pursuing happiness, fomenting revolutions -- *without* worrying
> about technical details. You may think hacking is happiness, but plainly,
> most do not. If network and software engineers (and governments and lawyers)
> were really successful at their jobs, ordinary users wouldn't be threatened
> by any of this. We strive to realize this vision in the law, and I would
> submit that the same should be true of code. For example, Yale's Robert
> Ellickson points out that the law is irrelevant for most people most of the
> time -- and this is regarded as a great thing!
>
> Relatedly, I would also reject your analogy to basic literacy. Of course,
> *some* basic level of computer literacy is going to be essential for
> generations to come. But implementing advancing privacy and security
> protocols is not really analogous to the basic ability to read. To say that
> you can write, is not to say that you can write a competent and persuasive
> brief to a judge. You (wisely) hire a lawyer. Are you contending that,
> ideally, you would mount your own defense? Or would you prefer to get
> professional help?
>
> On the margins, I think we can agree, expertise is always going to be
> necessary. And just as lawyers help their clients comply with the law, and
> fend off attempts at enforcement, technologists should strive to make life
> as uncomplicated as possible for users -- while upholding their expectations
> and social norms (e.g., protecting their privacy, etc.).
>
> best, David
>
> ----------------------------
> David Wade Rizk
> Stanford Law School
> drizk at stanford.edu
>
> On Feb 9, 2011, at 9:26 AM, <P.A.Bernal at lse.ac.uk> wrote:
>
> Jacob, I'm certainly not advocating that we don't aim for understanding the
> world 'as it is' - but sometimes you need to teach someone to drive rather
> than how to design and build their own car, let alone the physics behind the
> internal combustion engine. There's a balance to be found - and as you say,
> creating a space in which we can find that balance is the key.
>
> What I was really looking for was a solution for the situation as it often
> is on the ground, as described by a few posters on here, where people have
> little time and lots of demands upon that little time, and who would like to
> find good solutions to their problems but who don't have the expertise to
> find their way through the technical language and literature.
>
> Paul Bernal
>
>
> -----Original Message-----
> From: liberationtech-bounces at lists.stanford.edu on behalf of Jacob
> Appelbaum
> Sent: Wed 2/9/2011 4:23 PM
> To: liberationtech at lists.stanford.edu
> Subject: Re: [liberationtech] FW: The security and ethics
>
> On 02/09/2011 06:54 AM, P.A.Bernal at lse.ac.uk wrote:
>
> Agreed - though privacy by design doesn't really go nearly far enough
>
> both in theory and in practice.... and in practice, of course, it's
>
> much more often 'surveillance by design' than privacy by design.
>
> That's what needs to be opposed, together with the laws that seem to
>
> support or even demand it.
>
>
>
> I agree. Surveillance by design is the normal behavior - it's both
> easier and well tested as far as most implementors are concerned.
>
> I think privacy by design is a great buzz-phrase. Ultimately for a
> discussion that critiques either advice or tools, it's probably not
> possible to just toss around buzz-words or buzz-phrases
>
> For the purposes of this mailing list, though, there is a point I'd
>
> like to make from a lay-person's perspective: the technical language
>
> (not just the acronyms) that surrounds privacy is often highly
>
> confusing even to people with quite a lot of technical knowledge.
>
> What that means in practice is that people often just give up on it,
>
> particularly if they're short on time and have other highly pressing
>
> issues to deal with, as they generally do. Is there a way that this
>
> can be avoided? Often, of course, the level of technicality is
>
> unavoidable, but it would be great to try to cut through it at least
>
> to a degree.
>
>
> I find this interesting on a few levels.
>
> If we asked this of people about basic literacy or mathematics, we'd be
> pretty embarrassed. Rather than asking people to read to us or for us,
> we learn to read. Rather than asking someone to balance our checkbook,
> we learn to do it ourselves. This is a sub-goal of most educational
> programs. Obviously the main goal is an understanding of actual
> mathematics and literary challenges; learning about these topics is not
> just about functionally balancing a checkbook.
>
> To that end, computers and networks are an important part of our lives.
> Indeed, I think this is such a difficult topic precisely because a lack
> of knowledge or a lack of technical knowledge may be physically
> dangerous to people in the field. I don't want to exclude people from
> the discussion, rather I think we should seek to normalize the knowledge
> and embrace it when possible.
>
> To that end, I think that while we should try to make the language
> accessible but we must not forget that the details do really matter.
>
> Additionally, just as literary illiteracy and innumeracy are serious
> education problems, so is technological illiteracy. So while I agree we
> should be accessible, I reject the notion that the ideal is to not
> understand the way that the world works. We reject it for other
> important topics and we should reject it here too. We should embrace
> understanding for this very important topic; most people actually get
> the big picture and most of the little details when they stop
> discouraging themselves.
>
> If that means that people are going to give up on a discussion, I
> suppose that we should simply hope they're not calling the shots for
> other people who are less hopeless. There is little to do for people who
> simply and silently give up.
>
> However, as a practical manner - I would prefer to encourage people to
> help create a safe space. As my friend Ingy would say: "Hands need
> holding; if you only live in the future, it's a future nobody will ever
> see" and I tend to agree. There absolutely needs to be a desire on both
> sides to make this happen. It would be great to know when to define the
> technical language and when to break down the barriers; creating a safe
> space is key to greater understanding all around.
>
> All the best,
> Jacob
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
>
> Please access the attached hyperlink for an important electronic
> communications disclaimer: http://lse.ac.uk/emailDisclaimer
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
>
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20110209/daeece33/attachment.html>

More information about the liberationtech mailing list