[liberationtech] The Future of CPSR

Chris Palmer chris at eff.org
Tue Jan 25 18:44:59 PST 2011 

I am a big CPSR fan --- I moderated a panel (poorly!) at the Technology In Wartime conference, which was a great conference.

One thing I'd love to see CPSR do is to take up its original mission once again: establish a professional ethic against the development of weapons. In the 1980s it was nuclear weapons and other physical weapons controlled by software; nowadays, the weapons themselves take the form of software: censorship systems, surveillance systems, and software to break into other people's computers to censor, surveil, and destroy them. (For a good set of sales demos by a prominent weapons dealer, see http://www.immunityinc.com/webex.shtml.) We've seen these weapons in action in Tunisia, China, Iran, the United Kingdom, and the United States --- and that's just recently.

In my area, security engineering, there is considerable confusion and fuzziness among practitioners  about where the ethical boundaries are, or even how to go about determining what they might be. Sometimes, the ethical boundaries are "obvious" (riiiight) but the community lacks norms and enforcement.

Other times, the ethical confusion is very hard to resolve: e.g., did Firesheep do more harm than good? Is Stuxnet a net good, and/but could it be turned against innocent/peaceful industrial control systems? Is it better to develop a powerful attack capability or a powerful defense capability --- it seems we can't have both since both sides in a struggle use the same platforms?

I don't anticipate that there can be any single answer to questions like these, nor do I expect CPSR to deliver A Verdict. But CPSR could be a rallying point, helping the security engineering community cohere around rough consensus and running norms. It could foster a difficult conversation that I actually don't see happening all that much, not even in the "white hat" community. (Although here is an example of a pundit broaching a key topic: http://blogs.csoonline.com/do_we_need_whistle_blower_laws_in_security)

Random thoughts, I could be off-base as always. :)


-- 
Chris Palmer
Technology Director, Electronic Frontier Foundation

More information about the liberationtech mailing list