
The Moral Character of Cryptographic Work - cscheid
http://web.cs.ucdavis.edu/~rogaway/papers/moral.html
======
tptacek
For anyone here who doesn't know who the author is, Phil Rogaway is one of the
most important academic cryptographers; he's responsible for OAEP, PSS, OCB,
UMAC, FPE, and the constructions behind XTS, the universal standard for disk
encryption.

The meat of the paper is in Sections 2 (where the unintended power dynamics of
some modern academic crypto research projects is discussed) and 4 (where he
provides suggestions for important practical projects academic cryptographers
should tackle). Sections 1 and 3 are written for an audience of academics who
might be less familiar with the political implications of crypto than the
typical HN reader.

Essentially, Rogaway is trying to convince mathematicians to embrace the
practical and political impact of their work.

Colin Percival gets a nice mention towards the end of the paper. I'd be over
the moon if I were him. Congrats, Colin!

~~~
ropman76
This is a very good paper and it's disappointing that it didn't get higher on
HN. That being said I disagree with some of paper's points. I don't believe
that cryptographers should take on moral responsibility for how they perceive
their work may or may not be used. If a malware writer uses XTS to lock up a
hard drive should Dr Rogeway be morally responsible for that since he helped
create the constructions for XTS? I would argue "no" because there is a moral
separation between idea and implementation. We should not burden
cryptographers with moral baggage that should be placed on the people who
implement or set policy to implement.

~~~
dvanduzer
There is a clear distinction between a moral responsibility and a legal
liability. The moral duties of scientists versus policy makers have little to
do with the moral separation between idea and implementation.

------
pcl
From the abstract:

 _Cryptography rearranges power: it configures who can do what, from what._

I'd argue that the reverse is really the issue that needs more attention.
Online systems that do not provide strong cryptography rearrange power, as
compared to their offline equivalents.

It was not feasible to scan all phone calls for keywords in 1970, since that
required effort from humans to do the patching and listening. The power
dynamic changed when our industry brought those calls into a centralized,
trivially-storable clear-text format. Encrypting the conversations is simply a
partial return to the status quo of a few decades ago.

~~~
nathan_long
Good point. And even longer ago, all conversations required meeting, and were
private unless an eavesdropper was physically nearby.

Tech has created more extreme possibilities on both sides. On the privacy
side, it's possible to exchange messages at a distance in an unreadable and
nearly undetectable way. On the surveillance side, it's possible to eavesdrop
on nearly everyone (except the very sophisticated).

We can't and (don't want to) go back in time. The real question is "which
danger is greater: conspiracy or oppression?"

~~~
PhaseMage
> private unless an eavesdropper was physically nearby.

I completely agree with your post. I have an idea for how to resolve this via
networking topology. Right now, TCP/IP seems to me to be an engine for
centralizing power: Limited hop count and hierarchical address assignment
leads to star topologies, leading to economies of scale that again support
centralization.

I propose a network protocol stack that encourages a mesh topology, where it
actually makes economic sense to physically link my home to 2 or more of my
immediate neighbors. I surmise that all my neighbors (or all the neighbors of
the person I'm communicating with) would have to be my adversary in order to
spy on my communications (See secret splitting on Wikipedia). I feel that mass
surveillance doesn't scale with this topology.

I've been working for some time on designing such a networking protocol
stack... What do folks here think? Is this worth my time?

~~~
arghnoname
I think the typical approach to the bottleneck issue with regard to traffic
analysis attacks is that the machines on the edges can act as mixes. They can
essentially launder traffic from within their respective meshes so that any
intermediary between them can't do attribution. Of course, you have to trust
the mix! So what then? Then communication to them has to be encrypted and
onion routed, and moreover, continuously sent (even if what is encrypted is
the message, "No data here dummy, this is just chaff") and then that has to be
sent along, all so the mix doesn't know that you're actually communicating
anything.

It's a whole category of research really. Papers like Herd at Sigcomm and
Vuvuzela at SOSP are the two latest I've seen and following references there
should be helpful. I think if you look at Herd there are a few tricks in there
to lower the cost of all of the chaff with the superpeers (or whatever they
call them, I read it a while ago). A hybrid system that mixes meshnet schemes
for local peer to peer traffic with secret sharing schemes and mixnets for
more disparate networks seems workable to me. The question is what benefits
does the meshnet provide over the mixnet style schemes?

~~~
PhaseMage
Thanks for the pointers, I'll look them up!

> The question is what benefits does the meshnet provide over the mixnet style
> schemes?

My Isochronous grid/mesh protocol is designed to operate at the network layer.
The TCP/IP Internet has: * High and Unbounded Latency * Wasteful, Underused
Links * Low Redundancy * A Tendency to Centralize Power * Choke-point
Surveillance and Censorship * Disaster Vulnerabilities * Tragedy of the
Commons

I think a mesh network with non-centralized per-byte pricing can make a big
dent in all of these.

A meshnet built on top of a starnet is like trying to build a road network on
top of a train network: It's not economically feasible and ultimately
pointless.

~~~
arghnoname
I see. I'm not sure if all of these things are fundamental to TCP itself, but
instead are economic and regulatory results. Something to think about. It's
not my area so I don't have specific cites, but data centers are effectively
meshes. I know there has been work on different ways to transit data within
them other than stock TCP/IP. Network coding, for instance, is a pretty cool
way to splat data among a whole bunch of interconnected people and UDP to all
your peers is a good medium to do it over. There's also work on multipath TCP
(MCTCP, others) to help utilize other idle links.

I'd check the literature on that, typically under the data center track at
networking conferences.

------
AdmiralAsshat
_They lead one to ask if our inability to effectively address mass
surveillance constitutes a failure of our field. I believe that it does. I
call for a community-wide effort to develop more effective means to resist
mass surveillance._

What's funny is that you could talk to any number of law enforcement officials
who believe that the moral failing is on the cryptography community for _not_
providing a "backdoor" into encrypted communications. Or to restate, "Please,
Apple, think of the children!"

Morality is, unfortunately, subjective. Part of the argument is in convincing
your opponent that your morality is superior to theirs. Or, perhaps, that
their stance violates their own sense of morality.

~~~
afarrell
> Morality is, unfortunately, subjective.

Genuine question: What do people who believe this use as their reason for
refraining from harming others for personal gain? I understand that simple
intuitive preferences against seeing others suffer will often work, but what
do you do about instances where either the rewards of screwing someone over
are very great or where your intuition tells you that you would get a lot of
pleasure from seeing someone in pain?

I know that I don't really have anything to support my belief that there
exists an objective morality which is hard-to-determine.

~~~
username223
"Act only according to that maxim whereby you can, at the same time, will that
it should become a universal law." The Categorical Imperative and its weaker
brethren like the Golden Rule are remarkably widespread.

------
pdkl95
> This makes cryptography an inherently political tool.

It always was.

Many developers like to stay out of politics. Concentrating on difficult
technical problems is hard enough; adding in politics is therefor adding in
unnecessary complexity. As the wonderful Tom Lehrer put it in his song
"Wernher Von Braun"[1],

    
    
        Don't say that he's hypocritical,
        Say rather that he's apolitical.
    
        "once the rockets are up, who cares where they come down?
        That's not my department," says Wernher von Braun.
    

The problem with this is similar to the problem of abstaining from the vote:
it's absolutely _not_ a neutral position. Choosing to abstain from politics in
general, like those that choose to abstain from the vote, is _de facto_ a vote
for the status quo and majority rule.

Not only is cryptography an inherently political tool, almost _all software_
is political.

Software does not exist in a vacuum; the entire point of most software is that
it has an impact on business, society, and the world. With the discovery of
the General Purpose Computer, this impact can be very large.

It's easy to see why cryptography disrupts existing power structures. It
should be similarly easy to see how software _already_ overturned the
traditional power structures in places like the stock market, manufacturing,
and retail.

So please, consider what impact your software might have when you are writing
it, or if someone _already_ has a goal in mind. Maybe, in some cases, it's
better to walk away. It;'s a hard question, but the answer is not to say "I'm
staying out of politics". To quote Quinn Norton and Eleanor Saitta from their
talk[2] at 30c3, there is "no neutral ground in a burning world".

[1]
[https://www.youtube.com/watch?v=QEJ9HrZq7Ro#t=16](https://www.youtube.com/watch?v=QEJ9HrZq7Ro#t=16)

[2]
[https://www.youtube.com/watch?v=DWg2qEEa9CE](https://www.youtube.com/watch?v=DWg2qEEa9CE)

------
dang
Posted a few days ago at
[https://news.ycombinator.com/item?id=10655418](https://news.ycombinator.com/item?id=10655418),
but got so little discussion that we won't treat it as a dupe but have instead
merged the threads.

~~~
cscheid
Huh, thank you. I missed it back then, and assumed that when the submission
went through it meant that the dupe detector okayed it.

------
moyix
This is an important message to consider, and not just for cryptography.
_Everyone_ can benefit from thinking about the moral and social consequences
of what problems they choose to work on, who they do them for, and what values
the institutions they contract with hold.

------
jroitgrund
The biggest thing I took away from this was reading the slides and seeing the
FBI's suicide letter to Martin Luther King.

I didn't know about that, and reading that right after seeing the jury dury
article on the front page today is chilling to say the least.

------
PhaseMage
I completely agree that Cryptography researchers should evaluate their work
against their moral values. I feel the same thing about pretty much all
engineering... I've been focusing on trying to design moral networking
protocols.

------
jvvw
This was one of the factors (certainly not the only one) that made me move out
of the field of cryptography - I was doing work related to attempting to break
a major cryptosystem and I realised that I wasn't completely sure what the
right course of action was ethically in the slim chance that I succeeded. My
background was in pure mathematics and up until I moved into cryptography, it
seemed obvious that openess of information was an obvious good. However, once
in the crypto field, it became much a much more ambiguous issue.

------
zby
Cyber-security in general is political. This guy is a cryptographer - so it is
natural that he formulated this for his own area - but it is too narrow.

Hackers are now routinely the foot soldiers of the cyber-war of everyone
against everyone - we need to think more about our own rules instead of
following orders.

------
bryanhm
Here we have what I think is a display of an intelligent mind specialized in
one area, funded by a state institution, and weak at resolving moral
conflicts. Computer scientists (and any self-respecting scientists) HAVE to
separate their ethics from the interests of state institutions. Phrases in the
paper resembling something like "where the cryptographer has a duty to serve
the public and keep their self-interest in check" indicate this. I've read a
paper recently on designing systems to have security exceptions for law
enforcement and calling them "exception requirements" or something to that
effect. This is the sort of thing a good study of ethics can help to resolve.

~~~
jvdh

      Computer scientists (and any self-respecting scientists) HAVE to separate their ethics from the interests of state institutions.
    

Why? The paper argues exactly to the opposite in the first part, describing
the atomic-bomb scientists, and the Russell-Einstein Manifesto.

In my opinion, cryptographers and computer scientists have ignored morally
questioning their work for too long. Reality is now catching up on this, with
techniques for surveillance. The paper argues this for cryptography, in my
view this is even more generally applicable.

~~~
bryanhm
Why do scientists/cryptographers have to judge ethics for themselves? Not sure
what you're asking. Bertrand Russell judged the bomb to be a danger for
humanity and chose to express his own views on it.

~~~
jvdh
Medical ethics committees have ethicists, but the main advice is from medical
experts. I would not want anybody else judging the ethics of medical
experiments, as no one else has the expert knowledge. I see absolutely no
reason why this should different for computer scientists and cryptographers.

No one else understands the implications of an experiment or a new
methodology. I was at a meeting recently discussing ethics committees for
computer science. A medical expert gave his opinion and said (paraphrasing): I
fail to see the problem with digitalisation, we have had medical records on
paper for years, now they are on a computer, what is the difference?

I don't mean to say that every scientist should do this individually. They
should discuss this with colleagues, and with an ethics committee, which
should contain subject matter experts, but also ethicists.

------
kluck
It is the responsibility of the inventor to think ahead as far as possible
about how an invention may do good and/or harm.

------
gcb0
everyone has those talks 30yrs ago when crypto was labeled munition by the
usa.

if this article has any content that warrant discussion, is how out of touch
with reality the social sciences are.

... and sadly, yet another proof of how necessary Snowden was.

------
NHQ
OBVIOUSLY CHAOTIC NEUTRAL

------
sneak
So I guess we have a moral imperative to fork Chrome to actually enforce cert
pinning even against locally-installed roots, then?

~~~
shkkmo
Enforce cert pinning? No. Notify when it is overridden by locally-installed
roots? Yes.

