The Fourth Eye

The Moral Character of Cryptographic Work by Phillip Rogaway

Author(s):

http://web.cs.ucdavis.edu/~rogaway/papers/moral-fn.pdf

This brilliant essay by a cryptographer makes the case for the moral responsibility of science and engineers.

Building on the example of Russell-Einstein manifesto, joined by many other scientists speaking truth to power, and also the Nuremberg trials and the rise of the modern environmental movement, Phillip Rogaway reminds that “Technical work itself can implicate politics and …some scientists do take on overtly political roles.”  Stating that, “the nuclear bomb is the ultimate expression of coercive power; it is politics incarnate”, however we don’t need to spectre of mushroom clouds to deal with the political relevance of technology.
While the idea of social responsibility in science has waxed, it is currently waning and has become, “so rare as to be nearly a matter of myth…A refusal to direct the change we do is both morally bankrupt and ingracious. Our work as academics, we should never forget, is subsidized by society.”  His explanations?  The rise of radical individualism + extreme technological optimism. While cryptographers didn’t turn the internet into an instrument of total surveillance, our colleagues – fellow computer scientists and engineers – did that.
“…cryptography is about power.  It’s a realm in which governments spend enormous sums of money, and maybe not unwisely: the work shapes the outcome of wars, and undergirds diplomatic and economic maneuvering.” p 11
“Consider WikiLeaks.  The hope is not just that a better informed public will demand accountability and change. Rather, Assange sees governmental and corporate abuse as forms of conspiracy that could be throttled by the mere threat of leaks.  Conspiracies are like graphs, the conspirators nodes, the pairwise relations among them, the edges. Instead of removing nodes or disrupting links, you can weaken any conspiracy by suffusing it in an ever present threat of leaks.  The more unjust the conspiracy, the more likely leaks will occur, and the more damage they will do.  As elites become fearful to conspire, they do so reservedly.  The conspiratorial creatures blood thickens and it dies.” p. 17
Crypto for security = commercial and Crypto for privacy – social and political aims.  “Here the author distinguishes between pragmatic crypto – which is about trying to use cryptography to retain our predigital privacy – and cypherpunk crypto – the grander hope of using cryptography to precipitate sweeping social or political reforms. p.24
“It wasn’t until Snowden that I finally internalized that the surveillance issue was grave, was closely tied to our values and our profession, and was being quite misleadingly framed.” . 25

The framing determines what one thinks it is about:

– Law enforcement framing, privacy and security in conflict, we need balance, modern comms has destroyed the balance, crypto is especially threatening, bad guys are winning.  “beautifully crafted to frame matters in a way guaranteed to lead discourse where authority wants it to go.  It is a brilliant discourse of fear: fear of crime; fear of losing our parents’ protection’ even fear of the dark.  The narrative’s well-honed deceptiveness is itself a form of trade craft.” p 26

– Surveillance-studies framing, surveillance is power, nothing new but technology has given unprecedented power for monitoring, the Internet is being transformed to a facilitator for totalitarianism, is linked to cyber war and conventional war – surveillance and assassination by drones are one technical ecosystem. The law enforcement narrative is wrong to position privacy as an individual good when it is , just as much a social good.  It is equally wrong to regard privacy and security as conflicting values, as privacy enhanced sercurity as often as rubs against it.  Personal exploration will diminish in a world of mass surveillance.  Cryptography offers some hope.

“U.S. universities were thoroughly infiltrated with informants: selected students, faculty, staff, and administrators would report to an extensive network of FBI handlers on anything political going on on campus. The surveillance of dissent became an institutional pillar for maintaining political order.” p 27

A O Scott speaks of “epistemological vertigo” when reviewing CitizenFour, the Academy Award winning documentary about Snowden by Laura Poitras, “What do we know about what is known about us? Who knows it? Can we trust them? p. 29

“Ultimately, I’m not much interested in individual grievances over privacy; I am far more concerned with what surveillance does to society and human rights. Totalized surveillance vastly diminishes the possibility of effective political dissent. And without dissent, social progress is unlikely.”  Consider the burglary in 1971 of the FBI office in Media Pennsylvania (that revealed COINTELPRO) which included a feisty physics professor – would likely never have been done given surveillance we now live under

Discusses the urgent need for secure messaging, and outlines a provable security treatment for one approach.  He also describes Bigkey cryptography, operations depending on enormous keys – megabytes to terabytes long.
US government funding for crypto mainly comes from the military.  “From 2000 to 2010, fewer than 15% of the papers at CRYPTO that acknowledged U.S. extramural funding acknowledged DoD funding.160 In 2011, this rose to 25%. From 2012 to 2015, it rose to 65%.161 Nowadays, many cryptographers put together a large patchwork of grants, the largest of which are usually DoD.” p. 36
“the mission of DARPA is “to invest in the breakthrough technologies that can create the next generation of [U.S.] national security capabilities.” Having begun in the wake of Sputnik, the agency speaks of avoiding technological surprise—and creating it for America’s enemies.. 36
“In his farewell address of 1961, President Dwight D. Eisenhower introduced the phrase, and concept, of the military-industrial complex. In an earlier version of that speech, Eisenhower tellingly called it the military-industrial-academic complex.” p 37
“Academic freedom. Those of us who are academics at universities enjoy a tradition of academic freedom. This refers to your right—and even obligation—to think about, speak about, and write about whatever you want that is connected to your work, even if it goes against the wishes of power: your university, corporations, or the state. While academic freedom seems to be in decline,170 at least for now, it recognizably persists. Normally, scientists and other academics don’t actually need or use their academic freedom: all they really need is funding and skill.171 But crypto-for- privacy may be a rare topic where academic freedom is useful.172 I suggest that people use this gift. Unexercised, academic freedom will wither and die. Many nonacademics also have something akin to academic freedom: sufficient autonomy to work on what they think is important, without losing their jobs, even if it’s not what their employer really wants or likes.◃ Use the academic freedom that you have.” p 38
“Christopher Soghoian insightfully remarks: “It’s as if the entire academic medical community smoked 20 cigarettes a day, used intravenous drugs with shared needles, and had unprotected sex with random partners on a regular basis.” p. 40-41
Don’t cutesy the adversary – “The adversary as a $53-billion-a-year military-industrial-surveillance complex and the adversary as a red-devil-with-horns induce entirely different thought processes.” p. 41
We need to expand the cryptographic commons
We need to use the right words, “The word privacy, its meaning abstract and debated, its connotations often negative, is not a winning word. Privacy is for medical records, toileting, and sex — not for democracy or freedom. The word anonymity is even worse: modern political parlance has painted this as nearly a flavor of terrorism. Security is more winning a word and, in fact, I spoke of secure messaging instead of private messaging or anonymous messaging because I think it better captures what I want conveyed: that a communication whose endpoints are manifest is not at all secure. A person needs to feel insecure if using such a channel. But even the word security doesn’t support a good framing of our problem: we should try to speak of thwarting mass surveillance more than enhancing privacy, anonymity, or security. As discussed before, we know instinctively that ubiquitous surveillance is incompatible with freedom, democracy, and human rights.189 This makes surveillance a thing against which one can fight. The surveillance camera and data center make visual our emerging dystopia, while privacy, anonymity, and security are so abstract as to nearly defy visual representation. Concretely, research that aims to undermine objectionable surveillance might be called anti-surveillance research.190 Tools for this end would be anti- surveillance technologies.191 And choosing the problems one works on based on an ethical vision might be called conscience-based research” p. 43
How we act in aggregate matters, “This essay might seem to focus on the ethical weight of each scientist’s personal, professional choices. But I am actually more concerned about how we, as cryptographers and computer scientists, act in aggregate. Our collective behavior embodies values—and the institutions we create do, too. I do not intend to criticize any particular individual. People should and will work on what they think to be most valuable. The problem occurs when our community, as a whole, systematically devalues utility or social worth. Then we have a collective failure. The failure falls on no one in particular, and yet it falls on everyone.” p. 43
“As computer scientists and cryptographers, we are twice culpable when it comes to mass surveillance: computer science created the technologies that underlie our communications infrastructure, and that are now turning it into an apparatus for surveillance and control; while cryptography contains within it the underused potential to redirect this tragic turn….I am not optimistic…At best, cryptography might be a tool for creating possibilities within contours circumscribed by other forces.” p. 44
Some hope – including 1 billion WhatsApp users, 2 million Tor users, statement on Australia’s Defence Trade Controls Act  (signed by a whole 10 Australisn – out of 228 – sigh)

Leave a Reply