
The Moral Failure of Computer Scientists - ___ab___
http://www.theatlantic.com/technology/archive/2015/12/the-moral-failure-of-computer-science/420012/?single_page=true
======
adrtessier
Yes, cryptographers should take on the surveillance state.

So should developers, and entrepreneurs, and politicians, and the common
citizen that thinks AES is some foreign sports conference or IND-CCA is a new
trade agreement.

I'm growing tired of watching journos try to point the fingers of "encryption
is good, says cryptographers" and "encryption is bad, says this guy in a
federal law enforcement position" and completely miss the greater point that
_unless everyone takes on the surveillance state_ , _everyone will lose_. The
intelligence community is made up of humans. Some of them are there
idealistically; others are there solely for power, just like in any
megapolitical organization.

Should <x> take on the surveillance state is a shit clickbait title. It can
always be reduced to:

Should you take on the surveillance state?

If you care at all about a semblance of privacy and the expression of
individual ideas, the answer is always _yes_. Of course, there's a whole lot
less to write about there to generate ad revenue.

Any approach in which a single subculture, whether it is thought leaders or
soccer moms, tries to enact meaningful change in a system that at least
pretends to be a representative democracy, will not be enough to reach a
critical mass to actually do something. Cultures correct negative behavior
through consistent reinforcement of a norm. Until people want privacy as a
norm, and _fight for_ privacy as a norm, the flames fueling a surveillance
state are simply being retarded, not extinguished.

~~~
api
It's hard to take on the surveillance state when you have to make a living and
all the money and jobs are in surveillance and surveillance based business
models.

~~~
adrtessier
I think there is a distinction to be made between surveillance and data, and I
do not necessarily think you need to go full cypherpunk to make a meaningful
difference. The cat is well out of the bag on data collection and analytics
and it will be that way forever.

However, people working within institutions that contain sensitive data can
help affect positive change from the inside as well as the outside. Be a voice
for the security of user data within your organization, and do what you can to
meaningfully contribute to methods that increase user anonymity and business
models that do not require being excessively intrusive into the personal
details of others. There is something you can do everywhere, and it is far
better to have people privacy-minded even inside of the classical
"surveillance" companies than having these companies run recklessly without a
voice for the user. In fact, it may even have more impact than yet another
frontend for yet another OTR implementation.

------
r-w
I wish this article were more particular about what cryptologists are doing
wrong? What exactly could they have done instead? Without that info, it just
seems like pointing a finger at cryptologists and saying, “This is _your_ job!
_Do_ something!”

~~~
tptacek
That's probably not a fair criticism. This is reporting about an extremely
famous cryptographer pointing his finger at other cryptographers.

Here's more about it:

[https://news.ycombinator.com/item?id=10657540](https://news.ycombinator.com/item?id=10657540)

~~~
waqf
Thanks for that pointer. I agree with GP's criticism, though, at least the way
the article is written. I was trying to understand it through the lens of the
nuclear analogy and failing drastically, because whereas those scientists were
developing PRO-nuclear technology, these ones are (a priori, to first order)
developing ANTI-surveillance technology.

~~~
ethbro
The nuclear analogy is a little odd, given that one of the reasons we don't
have even more nuclear weapons / more states with nuclear weapons / nuclear
weapons out in the wild is not technological... but because of international
treaties and enforcement.

------
nickpsecurity
In short: no. This is a political problem that must be solved by laws that
people push for. People have been supporting surveillance state or apathetic.
Hence, it's winning and their combo of police power + secrecy + immunity is
stronger than crypto.

~~~
drdaeman
Strongly disagree.

Legal protection provides a recourse after everything happens. Technological
measures don't let it happen in the first place. Or, well, to be more correct
- make it significantly harder to happen.

Consider: we can send all our email as non-enveloped postcards and rely on the
laws that our correspondence privacy is protected. But for some reason we
don't. Why we still send send out our Internet correspondence completely
unprotected is beyond me.

It is important that we have laws, so we can get a legal recourse if something
goes wrong. But it's extremely naive to think that no one would violate those
laws just because they are in place.

Even more, I believe that technological measures must come first. Because if a
law comes first, the public relaxes, thinks they're safe now, and few bother
about actually putting a lock on the door.

~~~
nickpsecurity
"Legal protection provides a recourse after everything happens. Technological
measures don't let it happen in the first place. Or, well, to be more correct
- make it significantly harder to happen."

It actually prevents many things when the law is clear. Your email example
misses the entire point. So, let's use it to illustrate the point. I create an
encryption system to protect email. It gets large uptake to point NSA and FBI
are pissed by it. With current _laws_ , they will feel free to:

1\. Hit me with a FISA warrant to order a backdoor or key leak.

2\. Hit me with court order to do the same.

3\. Parallel construct some dirt on me.

4\. Use NSA TAO or TAREX to smash my systems for their benefit.

5\. Use FBI to raid my stuff or seize my property.

6\. Have me audited by SEC or IRS depending on my company structure.

We've seen stuff like this happen to leakers, supporters of Wikileaks,
companies resisting subversion, etc. You can build all the tech in the world
but it's not that helpful if legal system is set up to destroy the user or
developer easily. Those laws need to be rolled back. Only the people can do
that. They don't give a shit enough to act. So, it's a political problem
rather than technical one.

Feel free to continue to deploy and use tech to protect yourself. Just know
the bigger problem is what's enabling their surveillance dragnet and police
state problem in first place. The things that can get you with or without
crypto. The things that have to go away to maintain democracy.

~~~
drdaeman
Ah, sorry, I see your point now. I suppose I got it wrong when I replied to
your comment. Yes, I fully agree with you here on the point that the laws that
_allow_ this are wrong and they must be rolled back. Those are legal issues
and they must be fixed as such.

I must make it clear that I stand that _both_ legal and technological measures
are necessary and are equally important. And I believe that neither would work
_well_ without the other one.

Current _mass_ surveillance relies on lack of technical measures that protect
from one. So, I believe that if everyone and their dog encrypts their
correspondence in a secure manner, it would cause much greater hit on mass
surveillance programs than any lawmaking could do. Please note I don't say
that lawmaking is not necessary here. On the contrary, it is equally important
to prevent TLAs from even trying to break technological measures and hold them
responsible for their actions.

~~~
nickpsecurity
"I must make it clear that I stand that both legal and technological measures
are necessary and are equally important. And I believe that neither would work
well without the other one."

100% agree. The overall solution will combine technological methods and legal
reforms. We continue developing and implementing what technical solutions we
can for privacy and security in general. Just have to never fool ourselves on
what it will take to stop the huge internal threat.

------
tptacek
Whoah: this title sucks all the oxygen out of what is a very interesting
article centering on an interview with Phil Rogaway, one of the world's great
cryptographers.

The title should instead be the one The Atlantic chose, which closely mirrors
Rogaway's recent paper: "The Moral Failure of Computer Scientists".

Submitters to HN are meant to use the original title from the article where
possible, unless that title is so bad it detracts from the article.

~~~
dang
Sorry, our mistake. Fixed.

~~~
tptacek
J'ACCUSE! Please, sir, read the HN guidelines, which I've helpfully linked
here:

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

Please don't editorialize titles. We ban accounts that do that, so please
don't do that.

We've asked you this before!

------
lukifer
At last, we've found the counter-example to Betteridge's Law of Headlines.

~~~
r-w
There are _many_ counter-examples. The important part isn’t that the answer is
“no”, as the Law states, but that the story is tired enough to need a question
in its headline in the first place. Andrew Marr’s explanation focusses
especially on this aspect of the Law: “A headline with a question mark at the
end means, in the vast majority of cases, that the story is tendentious or
over-sold. It is often a scare story, or an attempt to elevate some run-of-
the-mill piece of reporting into a national controversy and, preferably, a
national panic. To a busy journalist hunting for real information a question
mark means ‘don’t bother reading this bit’.” He makes a few assumptions, but I
think the overall takeaway of “question mark equals clickbait” rings true.

~~~
DyslexicAtheist
the title has been changed to include a ? when posting here it seems, (or they
changed it on theatlantic.com). Nevertheless your comment about ? equalling
clickbait really made me think.

Edit: ok I just realized that the summary at the top was used as the title
when posting here. I don't feel there is anything wrong with this.

~~~
r-w
Agreed.

