Hacker News new | past | comments | ask | show | jobs | submit login
Statement of Condemnation of U.S. Mass-Surveillance Programs [pdf] (ucdavis.edu)
318 points by Nogwater on Sept 9, 2013 | hide | past | web | favorite | 59 comments



"Both US-persons and non-US-persons have a right to be free of routinized surveillance. This right does not spring solely from the US Fourth Amendment; it is a human and natural right as well."

This cannot be overstated. Americans are no better than the rest of the world. If anything, being the masters of mass surveillance makes us worse. We're creating the big brother blueprint.


As a non-US citizen, I've been repeatedly asking this about news stories emphasizing the collection of domestic communications as the bad thing. I thought your declaration of independence say that all humans are endowed with inalienable rights...


One big misunderstanding is that the Declaration of Independence is a legally binding document today. It was a declaration of war on the British Empire; it didn't really matter anymore than a statement of values of people who started the war once it was done with that.

I would look to treaties that we have signed to see what we currently legally state as human rights Treaties in Force [1]. Specifically this treaty: International Covenant on Civil and Political Rights [2]. Just make sure to check if your country is one of the countries that have agreed to the treaty and that the government who signed it is still in power.

[1]: Treaties in Force - http://www.state.gov/s/l/treaty/tif/index.htm

[2]: ICCPR - http://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx


Thanks for the links, especially ICCPR! I did know that the declaration of independence isn't legally binding, but it is a statement of principle on which America is founded, yes? Isn't it through some interpretation of it that America feels compelled to spread freedom and democracy outside its boarders? Don't get me wrong, I'm quite pro-American, but it seems weird that the US government is campaigning for our rights when our own governments are trampling on them (which I personally appreciate), but tramples on them (right to privacy in particular) when its own interests at stake.


The Declaration of Independence is rhetoric meant to justify a war. It's ironically contradictory--people talking about "all men being created equal" right before founding a country where blacks were enslaved, Indians were exterminated, women had few rights, and only land-owners could vote. The most sensible way to read that part of the Declaration of Independence is for the narrow statement that "white land owning males in the colonies are every bit as good as white land owning males in Great Britain." That plus Thomas Jefferson having a flair for the dramatic.

"People not in America are equal to people in America" has never been an animating principle of American society. The U.S. has a long and storied history of e.g. intervening in Latin America to keep it a brushfire-free back yard: http://en.wikipedia.org/wiki/Latin_America%E2%80%93United_St...


All that may be true, but as dalek_cannes says, it gives us perspective on how to understand the Constitution. In particular, it informs us that the Bill of Rights is not granting rights to the people, but is instead taking note of certain rights that all people have inherently.


I don't think it informs us of that at all. Even to the extent that it's anything more than rhetorical flourish, it's misleading to read the language in terms of modern understandings or schoolhouse revisionist history. At the time, there was this idea of the "customary rights of Englishmen" that isn't coextensive with "natural rights of all human beings" as we might think of it today. See: http://en.wikipedia.org/wiki/Rights_of_Englishmen. These are not "natural rights" in the sense of something you might find if you cut someone open and did an autopsy, but rather rights that arose out of the long-standing, practice of a people and which are enjoyed by those people.

It's quite clear that the Constitution simply recognized customary rights that existed, but that shouldn't be taken as a recognition of universal rights common to all people. Especially in light of all the countervailing evidence in the form of unequal treatment of nearly everyone who wasn't a white English male landowner. That evidence is inconsistent with the recognition of universal natural rights, but entirely consistent with the recognition of customary rights, which since the magna carta had applied to white English male landowners.


This is why the Founding Fathers weren't actually keen on a Bill of Rights. They feared that citizens would come to believe that their rights were granted by the document, rather than just been non-exclusively enumerated in it.


Wow does "UC Davis Professor" ever bury the lede here; Phil Rogaway is one of the most famous working cryptographers. He's also notable for having patented the best known AEAD scheme and granting a free license for all nomilitary use.


He's one of those people who's name you can't avoid repeatedly tripping over.

I took UC Davis's graduate Intro to Cryptography class from him. It was fun to see how much of crypto history he has been involved with.

Interestingly (given the subject matter of this post) he is also well known on campus for teaching a very good Technology Ethics class. (Sample material here.[1])

[1]: http://www.cs.ucdavis.edu/~rogaway/classes/


> ... and granting a free license for all nomilitary use.

I never thought about this. Maybe it would be a good idea to add such clause to applications I release. It wouldn't be compatible with GPL of course, but then again... not sure which one I care about more.


Uhh, how would you define "military"? I would guess you'd be ok software used on the DARPA created Internet... What about UN peace-keeping forces, or the customs, police and other armed forces (in various countries), in which functions would they be allowed to use such software?

Not to say which one is more important, but GPL (at least v2, haven't really studied v3 yet) is quite clear in its definitions and limitations. You'd do a good job defining "military" equally clearly and usefully for use in such licenses, but that might be quite a lot of work.

Incidentally, "do no evil" is not a very good license exactly for the lack of a definition of evil.


Apparently I can edit the link text, so I've done that. Normally, I'd just go with the title text, but that was was too long to fit, so I had to get a little creative. Thanks for the tip.


I completely agree, about the codes of conduct bit. Any software developer who's taken part in any of this, who's an ACM member, should be ousted for gross violations of the ACM Code of Ethics

http://www.acm.org/about/code-of-ethics


I don't know how ACM works. I'm in IEEE.

I was basically coerced into joining, because if you pay $X to join, registration for IEEE conferences goes down by a much, much greater number.

Presumably, they have it set up this way because they ultimately make more money by selling your information to marketers (which they do).

So I would say that if the IEEE has a Code of Conduct, it completely lacks all legitimacy.

I hope some important IEEE people take note of this situation and correct it. Otherwise, I hope a more ethical organiziation arises that relegates IEEE to the dustbin.


Codes of Ethics mean so little, this would be a good time to make them more than lip service.


Wait... there are people who still think the ACM has relevance?


What does the relevance of ACM have to do with the ethical obligations of professionals, be they computing, or otherwise?

It's like the way the notion of Conflict of Interest has been marginalized as illustrated by no-bid contracts awarded to corporations which have strong ties to high level government employees.

http://www.cs.cornell.edu/gries/howbushoperates/haliburton.h...

http://www.cbsnews.com/2100-250_162-575356.html

It's like hiring a former Monsanto lobbyist to be the head of the FDA. It is objectionable.

Just because some (mostly) Saudi nationals allegedly hijacked some airplanes 12 years ago that doesn't mean we have to discard our ideals in the name of some fictional "war" on an ideology.


When exactly did ACM lose its relevance?


It was at least before I started college in 2002. There were some remnants of it, such as a few professors who listed it on their CVs, and we did read the code of ethics in CS1. But nothing serious and active. Maybe it's different in different parts of the country.


The ACM is very relevant for academics who publish and attend conferences.


  "It is contrary to corporate responsibility for a company to
   assist in the creation of artifacts, such as server farms,
   routers, or analytic engines, intended for mass surveillance."
Is there a list of companies which supply equipment and/or services to the NSA?


Some people on reddit started looking into this: https://pay.reddit.com/r/conspiracy/comments/1kno70/i_think_...

but they stopped looking perhaps...

If you look at the link to Crunchbase's profile for Paladin Fund - that company seems to be funding all the DOD contracting tech services companies....

Edit: Also - look at every investment In-Q-Tel has made.


Yes. Look at the slides Snowden released when he blew the whistle.

http://images.techhive.com/images/article/2013/06/prism_vend...


Those are companies likely forced to cooperate. I doubt the NSA issues National Security Letters forcing hardware manufacturers to sell them products.


Says who?


"It is contrary to the ethical obligations of cryptographers, computer scientists, and engineers to participate in the development of technologies for mass surveillance. It is also a violation of professional codes of conduct."

I agree. All of us developers have obligations that are higher than achieving personal wealth, or being a family breadwinner. We are the literate elite of our times. This status gives us the potential for great monetary benefit doing something we like, but it also comes with its social responsibilities.


I would love to see everyone in the IT industry take a similar pledge.

If enough of us do we can choke off the oxygen supply to these organisations, especially if we make it an unattractive career prospect for undergrads.


Finally someone who actually gets it that mass surveillance is wrong in principle even when it does not have US citizens as subjects.

Thank you professor Rogaway.


> This right does not spring solely from the US Fourth Amendment; it is a human and natural right as well.

As a "non-US-person", I found myself particularly moved by this line.


I used to work for Sophos, the Anti-Virus & computer security company.

It was made very clear to me when I joined that they did not want to employ anybody who had ever had anything to do with hacking or writing malware, and that any hint of this would be grounds for immediate dismissal.

It was also made very clear that any such individuals would be black-balled by the industry as a whole.

I can only presume that this scheme would cover cases of hacking or espionage by government employees, or other such abuses of trust.

Whilst I acknowledge comments that raise the spectre of McCarthy-esque witch-hunts, and I share the concerns, I do think that it would be entirely appropriate for this scheme to extend to other technology companies that bank on a trustworthy reputation, and who need to prove beyond doubt that they have not been infiltrated by individuals with a history of abusing privacy and subverting technology for malicious purposes.

To an extent, this is already covered by the codes of conduct required by institutions such as the ACM, IEEE, IET, BCS and so on. I wonder if they will step up to the plate and enforce their codes of conduct (and if necessary, update them in light of recent developments).

Also, employers do not normally require their programmers to be members of these institutions, and the level of membership is very low. I wonder if this should change, or if we should set up a new institution for this specific purpose?


I would love to have been a fly on the wall when the director of the NSA is meeting with the president telling him that the only way to ensure national security against terrorism is to start these mass surveillance systems.

"Okay", says the president. "I guess if it's the only way then I'm sure the people will understand it's in their best interest" slight chuckle escapes his lips at the end.

When it should have gone something like this.

"Bullshit! I will not sacrifice the freedoms that are the foundations of America, simply to make your job easier on you. If you can't do the job without destroying the very freedoms you should be protecting, I'll damn well find someone who can!"

Director of NSA: while stuttering "Well actually we could work together with the CIA and FBI as well as foreign intelligence to garner the necessary intel that would give us actual probable cause to start monitoring someone by legal means with a warrant and everything."


I am so very proud to be at UCD right now.


I'd be interested in your (and Rogaway's) take on the UCD pepper spray incident, then. https://www.youtube.com/watch?v=yjXcaoEAkq4


US Davis paid a little over $600k to the 21 students and fired John Pike. According to SFGate the students will receive about $30k each and a written apology from the chancellor. The ACLU will get 250k for representing the students. That sounds like a reasonable outcome to me.

http://www.sfgate.com/bayarea/article/UC-Davis-pepper-spraye...


The reasonable outcome would not have included the pepper spraying of unarmed, seated, peaceful protesters in the eyes. Please don't whitewash this.


>The reasonable outcome would not have included the pepper spraying of unarmed, seated, peaceful protesters in the eyes.

You're right. Like most crimes, it would have been better if it hadn't been committed. I was thinking specifically about UCD's response, which I still think was reasonable, and timely. Pike lost his job, that's about all that the Uni has the power to do to him, and about all they ought to have the power to do to him. I am disappointed (but not surprised) that the DA didn't charge Pike with official oppression, or something (I'm not a DA, so I don't know what charges would be appropriate or winnable.) But police brutality is a serious problem everywhere in the US, not just the UCD campus. It is difficult to get police to find fault in the behavior of police, and also difficult to get DA's to charge police with a crime. Maybe we should expect more from UCD, but I think the responsibility lies elsewhere. I don't like it when organizations (such as UCD) are able to bring substantial pressure on law enforcement organizations for direct action. I also think it is worth mentioning that less than a year passed between the incident and the settlement, which is crazy fast. UCD could have opted for the ever popular wait-them-out strategy, in which case we'd all forget about it before anything useful happened.


Shit happens everywhere. How you deal with the shit after it happens is what separates the scumbags from the good guys.

Would we be so upset with Obama if the response to the NSA revelations was the firing of the NSA leadership, a solid investigation of wrongdoings, firing of those found to have been guilty of abusing their powers, and reparations to those wrongfully convicted under evidence unlawfully gathered by the NSA?


I'm not going to hold my breath for that but it would be a very welcome change from the current responses.


He isn't whitewashing anything. He is talking about AFTER the incident. Certainly the best scenario would have been the incident NOT happening in the first place. Since it did happen though college paid. That is what he is talking about.


Okay. But moving forward that's not a bad outcome.


When the incident occurred, the Chancellor promised to conduct an investigation that would conclude in 30 days to determine what happened.

30 days later I got an email from the Chancellor. There was no mention of the pepper spraying -- she was instead asking for money. Looking myself for the results of the investigation, it found her largely at fault for gross mismanagement of the situation. So she asked for money instead.

There are major major donors to the University, the kind of people who have buildings named after them. I had heard that these people demanded the resignation of the chancellor, along with the academic senate and most of the students. She's still there, asking for donations.


Thank you for this followup. I'd written the Chancellor's office, but never received a reply.


Quite cheap for undermining democracy, free speech and the right to protest.


What a nauseating comment. How hypocritical of Rogaway to take a moral stand on any issue, it implies, living as he does on land stolen from Aboriginal Americans.


Your colorful indignation is misplaced. I imply nothing about anyone's stand on the issue of mass surveillance - didn't even address the matter.

You should instead have inferred my disapproval of UCD cheerleading.

Nevertheless I regret mentioning Rogaway. Upon re-reading his statement I see he footnotes his affiliation with UCD but makes no claim to represent.


Where can I sign it? (Would love to, although I am a mere non-US programmer. He should turn this to a petition.)


So presumably the author is OK with whatever surveillance the UC school system has? Unless the U.C. school system doesn't have network monitoring installed? Is he OK with with students torrenting terabytes of information of questionable legal origin? Because I guarantee that the UC IT department has some sort of network surveillance going on. Scanning emails, possibly. Monitoring bandwidth usage by specific MAC addresses. And probably much more than that.


Will this department stop taking DoD money?


Amen.


An appropriate response, since the politics of this have taken on such a dogmatic, black-and-white quality. In the same thread: calls for McCarthy-like blacklisting of programmers based on ideology. Never any nuance in these discussions: either say 'Amen' or Burn in Hell.


"The hottest places in Hell are reserved for those who remain neutral in time of great moral crisis." — Dante Alighieri


Off-topic, but....

Wait, what? I recently read Mark Musa's translation of the Commedia, and that doesn't make any sense at all. The hottest places in hell are reserved for various forms of fraud, IIRC.

The only link I can find about the quote with more information is:

http://whatwillmatter.com/2011/11/observation-the-hottest-pl...

"In the Inferno, Dante and his guide Virgil, on their way to Hell, pass by a group of dead souls outside the entrance to Hell. These individuals, when alive, remained neutral at a time of great moral decision. Virgil explains to Dante that these souls cannot enter either Heaven or Hell because they did not choose one side or another."

As I recall, those are the only souls whom Dante doesn't identify and have a little chat with.


I get that as a quote this is relevant, but if I don't know who Alighieri is or what he did, this seems like an unsupported moral assertion. Obviously it struck you as memorable.

But would you really claim that the person who does nothing is _worse_ than the one who actually perpetrated crime?


Avoiding ridicule is just a Wikipedia entry away...


I wish he'd just said "I agree", so that you didn't find yourself a soapbox so high up in the comments...


Like everyone, I've read a lot about the aftermath of Snowden's disclosures. This is the first time I've read an official condemnation from an industry leader. Amen.


Bruce Schneier is pretty bold as well.


He joined EFF Board of Directors this year. He has clearly changed his tone after Snowden leaks.

https://www.eff.org/press/releases/renowned-security-expert-...




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: