[liberationtech] FW: The security and ethics

Graham Webster gwebster at uw.edu
Wed Feb 9 11:24:55 PST 2011 

Apologies for the fast follow-up. I did not mean to say there were _no_
certification mechanisms (obviously RSA does certification, as I assume do
other entities), but rather that the knowledge about whom to trust is not
widely distributed, as it is with lawyers or doctors. Perhaps a key
difference is that huge numbers of people _know_ how lawyers and doctors are
held accountable, whereas knowing what qualification would be appropriate
for an individual or organization's needs is not a common thing. -gw

On Wed, Feb 9, 2011 at 11:18 AM, Graham Webster <gwebster at uw.edu> wrote:

> David Rizk writes:
>
>  <<<Relatedly, I would also reject your analogy to basic literacy. Of
> course, *some* basic level of computer literacy is going to be essential for
> generations to come. But implementing advancing privacy and security
> protocols is not really analogous to the basic ability to read. To say that
> you can write, is not to say that you can write a competent and persuasive
> brief to a judge. You (wisely) hire a lawyer. Are you contending that,
> ideally, you would mount your own defense? Or would you prefer to get
> professional help?
>
> On the margins, I think we can agree, expertise is always going to be
> necessary. And just as lawyers help their clients comply with the law, and
> fend off attempts at enforcement, technologists should strive to make life
> as uncomplicated as possible for users -- while upholding their expectations
> and social norms (e.g., protecting their privacy, etc.).>>>
>
>
>
> I write:
>
> I think this analogy to lawyers is revealing. Part of the problem for many
> of the people who would use solutions outlined here, or people like me who
> have at times asked this list for practical advice, is that whereas lawyers
> must pass the bar and are generally held accountable to professional norms,
> there is no such licensing mechanism for a security expert.
>
> If I want to shore up my personal data management system for fieldwork in
> China (this is near in my future), I need to consult colleagues and multiple
> sources, evaluate whose advice best fits my threat profile, and work hard to
> implement my plans. For the scholarly example of my fellow China scholars,
> we often have to satisfy human subjects standards, but there are no
> standards for whom we might consult to get good advice.
>
> Certainly, licensing security experts could create an unacceptable
> centralized control over security. But some kind of credentialing would be
> very useful if individuals and organizations are to look for help (as I
> believe they must).
>
> Graham Webster
> Ph.D. student, Political Science
> University of Washington
> http://gwbstr.com
>
>
>
> On Wed, Feb 9, 2011 at 10:15 AM, David Rizk <drizk at stanford.edu> wrote:
>
>> Additionally, just as literary illiteracy and innumeracy are serious
>> education problems, so is technological illiteracy. So while I agree we
>> should be accessible, I reject the notion that the ideal is to not
>> understand the way that the world works. We reject it for other
>> important topics and we should reject it here too. We should embrace
>> understanding for this very important topic; most people actually get
>> the big picture and most of the little details when they stop
>> discouraging themselves.
>>
>>
>> Paul -- agreed. I think the points you've made are often lost on this
>> list.
>>
>> @Jacob, Jim: I understand that your points are directed mostly at users
>> who place themselves in harm's way, but I believe they lose validity as
>> universal tenets. Most people express their curiosity and find happiness by
>> learning about, and doing things, other than implementing advanced privacy
>> and security protocols. Expecting users to *want* *to learn* more about
>> our particular field misses the greater point.
>>
>> Consider the alternative: ideally, users should need to know less, rather
>> than more, about the way networks and security protocols
>> work. Ideally, users should be able to spend cycles on the things *they
>> care about* -- pursuing happiness, fomenting revolutions -- *without* worrying
>> about technical details. You may think hacking is happiness, but plainly,
>> most do not. If network and software engineers (and governments and lawyers)
>> were really successful at their jobs, ordinary users wouldn't be threatened
>> by any of this. We strive to realize this vision in the law, and I would
>> submit that the same should be true of code. For example, Yale's Robert
>> Ellickson points out that the law is irrelevant for most people most of the
>> time -- and this is regarded as a great thing!
>>
>> Relatedly, I would also reject your analogy to basic literacy. Of course,
>> *some* basic level of computer literacy is going to be essential for
>> generations to come. But implementing advancing privacy and security
>> protocols is not really analogous to the basic ability to read. To say that
>> you can write, is not to say that you can write a competent and persuasive
>> brief to a judge. You (wisely) hire a lawyer. Are you contending that,
>> ideally, you would mount your own defense? Or would you prefer to get
>> professional help?
>>
>> On the margins, I think we can agree, expertise is always going to be
>> necessary. And just as lawyers help their clients comply with the law, and
>> fend off attempts at enforcement, technologists should strive to make life
>> as uncomplicated as possible for users -- while upholding their expectations
>> and social norms (e.g., protecting their privacy, etc.).
>>
>> best, David
>>
>>  ----------------------------
>> David Wade Rizk
>> Stanford Law School
>> drizk at stanford.edu
>>
>> On Feb 9, 2011, at 9:26 AM, <P.A.Bernal at lse.ac.uk> wrote:
>>
>> Jacob, I'm certainly not advocating that we don't aim for understanding
>> the world 'as it is' - but sometimes you need to teach someone to drive
>> rather than how to design and build their own car, let alone the physics
>> behind the internal combustion engine. There's a balance to be found - and
>> as you say, creating a space in which we can find that balance is the key.
>>
>> What I was really looking for was a solution for the situation as it often
>> is on the ground, as described by a few posters on here, where people have
>> little time and lots of demands upon that little time, and who would like to
>> find good solutions to their problems but who don't have the expertise to
>> find their way through the technical language and literature.
>>
>> Paul Bernal
>>
>>
>> -----Original Message-----
>> From: liberationtech-bounces at lists.stanford.edu on behalf of Jacob
>> Appelbaum
>> Sent: Wed 2/9/2011 4:23 PM
>> To: liberationtech at lists.stanford.edu
>> Subject: Re: [liberationtech] FW: The security and ethics
>>
>> On 02/09/2011 06:54 AM, P.A.Bernal at lse.ac.uk wrote:
>>
>> Agreed - though privacy by design doesn't really go nearly far enough
>>
>> both in theory and in practice.... and in practice, of course, it's
>>
>> much more often 'surveillance by design' than privacy by design.
>>
>> That's what needs to be opposed, together with the laws that seem to
>>
>> support or even demand it.
>>
>>
>>
>> I agree. Surveillance by design is the normal behavior - it's both
>> easier and well tested as far as most implementors are concerned.
>>
>> I think privacy by design is a great buzz-phrase. Ultimately for a
>> discussion that critiques either advice or tools, it's probably not
>> possible to just toss around buzz-words or buzz-phrases
>>
>> For the purposes of this mailing list, though, there is a point I'd
>>
>> like to make from a lay-person's perspective: the technical language
>>
>> (not just the acronyms) that surrounds privacy is often highly
>>
>> confusing even to people with quite a lot of technical knowledge.
>>
>> What that means in practice is that people often just give up on it,
>>
>> particularly if they're short on time and have other highly pressing
>>
>> issues to deal with, as they generally do. Is there a way that this
>>
>> can be avoided? Often, of course, the level of technicality is
>>
>> unavoidable, but it would be great to try to cut through it at least
>>
>> to a degree.
>>
>>
>> I find this interesting on a few levels.
>>
>> If we asked this of people about basic literacy or mathematics, we'd be
>> pretty embarrassed. Rather than asking people to read to us or for us,
>> we learn to read. Rather than asking someone to balance our checkbook,
>> we learn to do it ourselves. This is a sub-goal of most educational
>> programs. Obviously the main goal is an understanding of actual
>> mathematics and literary challenges; learning about these topics is not
>> just about functionally balancing a checkbook.
>>
>> To that end, computers and networks are an important part of our lives.
>> Indeed, I think this is such a difficult topic precisely because a lack
>> of knowledge or a lack of technical knowledge may be physically
>> dangerous to people in the field. I don't want to exclude people from
>> the discussion, rather I think we should seek to normalize the knowledge
>> and embrace it when possible.
>>
>> To that end, I think that while we should try to make the language
>> accessible but we must not forget that the details do really matter.
>>
>> Additionally, just as literary illiteracy and innumeracy are serious
>> education problems, so is technological illiteracy. So while I agree we
>> should be accessible, I reject the notion that the ideal is to not
>> understand the way that the world works. We reject it for other
>> important topics and we should reject it here too. We should embrace
>> understanding for this very important topic; most people actually get
>> the big picture and most of the little details when they stop
>> discouraging themselves.
>>
>> If that means that people are going to give up on a discussion, I
>> suppose that we should simply hope they're not calling the shots for
>> other people who are less hopeless. There is little to do for people who
>> simply and silently give up.
>>
>> However, as a practical manner - I would prefer to encourage people to
>> help create a safe space. As my friend Ingy would say: "Hands need
>> holding; if you only live in the future, it's a future nobody will ever
>> see" and I tend to agree. There absolutely needs to be a desire on both
>> sides to make this happen. It would be great to know when to define the
>> technical language and when to break down the barriers; creating a safe
>> space is key to greater understanding all around.
>>
>> All the best,
>> Jacob
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>>
>> Should you need to change your subscription options, please go to:
>>
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>> If you would like to receive a daily digest, click "yes" (once you click
>> above) next to "would you like to receive list mail batched in a daily
>> digest?"
>>
>> You will need the user name and password you receive from the list
>> moderator in monthly reminders.
>>
>> Should you need immediate assistance, please contact the list moderator.
>>
>> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>>
>>
>> Please access the attached hyperlink for an important electronic
>> communications disclaimer: http://lse.ac.uk/emailDisclaimer
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>>
>> Should you need to change your subscription options, please go to:
>>
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>> If you would like to receive a daily digest, click "yes" (once you click
>> above) next to "would you like to receive list mail batched in a daily
>> digest?"
>>
>> You will need the user name and password you receive from the list
>> moderator in monthly reminders.
>>
>> Should you need immediate assistance, please contact the list moderator.
>>
>> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>>
>>
>>
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>>
>> Should you need to change your subscription options, please go to:
>>
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>> If you would like to receive a daily digest, click "yes" (once you click
>> above) next to "would you like to receive list mail batched in a daily
>> digest?"
>>
>> You will need the user name and password you receive from the list
>> moderator in monthly reminders.
>>
>> Should you need immediate assistance, please contact the list moderator.
>>
>> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20110209/1e6963d1/attachment.html>

More information about the liberationtech mailing list