"Both US-persons and non-US-persons have a right to be free of routinized surveillance. This
right does not spring solely from the US Fourth Amendment; it is a human and natural right
as well."
This cannot be overstated. Americans are no better than the rest of the world. If anything, being the masters of mass surveillance makes us worse. We're creating the big brother blueprint.
As a non-US citizen, I've been repeatedly asking this about news stories emphasizing the collection of domestic communications as the bad thing. I thought your declaration of independence say that all humans are endowed with inalienable rights...
This is why the Founding Fathers weren't actually keen on a Bill of Rights. They feared that citizens would come to believe that their rights were granted by the document, rather than just been non-exclusively enumerated in it.
Wow does "UC Davis Professor" ever bury the lede here; Phil Rogaway is one of the most famous working cryptographers. He's also notable for having patented the best known AEAD scheme and granting a free license for all nomilitary use.
He's one of those people who's name you can't avoid repeatedly tripping over.
I took UC Davis's graduate Intro to Cryptography class from him. It was fun to see how much of crypto history he has been involved with.
Interestingly (given the subject matter of this post) he is also well known on campus for teaching a very good Technology Ethics class. (Sample material here.[1])
> ... and granting a free license for all nomilitary use.
I never thought about this. Maybe it would be a good idea to add such clause to applications I release. It wouldn't be compatible with GPL of course, but then again... not sure which one I care about more.
Apparently I can edit the link text, so I've done that. Normally, I'd just go with the title text, but that was was too long to fit, so I had to get a little creative. Thanks for the tip.
I completely agree, about the codes of conduct bit. Any software developer who's taken part in any of this, who's an ACM member, should be ousted for gross violations of the ACM Code of Ethics
I was basically coerced into joining, because if you pay $X to join, registration for IEEE conferences goes down by a much, much greater number.
Presumably, they have it set up this way because they ultimately make more money by selling your information to marketers (which they do).
So I would say that if the IEEE has a Code of Conduct, it completely lacks all legitimacy.
I hope some important IEEE people take note of this situation and correct it. Otherwise, I hope a more ethical organiziation arises that relegates IEEE to the dustbin.
"It is contrary to corporate responsibility for a company to
assist in the creation of artifacts, such as server farms,
routers, or analytic engines, intended for mass surveillance."
Is there a list of companies which supply equipment and/or services to the NSA?
If you look at the link to Crunchbase's profile for Paladin Fund - that company seems to be funding all the DOD contracting tech services companies....
Edit: Also - look at every investment In-Q-Tel has made.
"It is contrary to the ethical obligations of cryptographers, computer scientists, and engineers to participate in the development of technologies for mass surveillance. It is also a violation of professional codes of conduct."
I agree. All of us developers have obligations that are higher than achieving personal wealth, or being a family breadwinner. We are the literate elite of our times. This status gives us the potential for great monetary benefit doing something we like, but it also comes with its social responsibilities.
I used to work for Sophos, the Anti-Virus & computer security company.
It was made very clear to me when I joined that they did not want to employ anybody who had ever had anything to do with hacking or writing malware, and that any hint of this would be grounds for immediate dismissal.
It was also made very clear that any such individuals would be black-balled by the industry as a whole.
I can only presume that this scheme would cover cases of hacking or espionage by government employees, or other such abuses of trust.
Whilst I acknowledge comments that raise the spectre of McCarthy-esque witch-hunts, and I share the concerns, I do think that it would be entirely appropriate for this scheme to extend to other technology companies that bank on a trustworthy reputation, and who need to prove beyond doubt that they have not been infiltrated by individuals with a history of abusing privacy and subverting technology for malicious purposes.
To an extent, this is already covered by the codes of conduct required by institutions such as the ACM, IEEE, IET, BCS and so on. I wonder if they will step up to the plate and enforce their codes of conduct (and if necessary, update them in light of recent developments).
Also, employers do not normally require their programmers to be members of these institutions, and the level of membership is very low. I wonder if this should change, or if we should set up a new institution for this specific purpose?
I would love to have been a fly on the wall when the director of the NSA is meeting with the president telling him that the only way to ensure national security against terrorism is to start these mass surveillance systems.
"Okay", says the president. "I guess if it's the only way then I'm sure the people will understand it's in their best interest" slight chuckle escapes his lips at the end.
When it should have gone something like this.
"Bullshit! I will not sacrifice the freedoms that are the foundations of America, simply to make your job easier on you. If you can't do the job without destroying the very freedoms you should be protecting, I'll damn well find someone who can!"
Director of NSA: while stuttering "Well actually we could work together with the CIA and FBI as well as foreign intelligence to garner the necessary intel that would give us actual probable cause to start monitoring someone by legal means with a warrant and everything."
So presumably the author is OK with whatever surveillance the UC school system has? Unless the U.C. school system doesn't have network monitoring installed? Is he OK with with students torrenting terabytes of information of questionable legal origin? Because I guarantee that the UC IT department has some sort of network surveillance going on. Scanning emails, possibly. Monitoring bandwidth usage by specific MAC addresses. And probably much more than that.
An appropriate response, since the politics of this have taken on such a dogmatic, black-and-white quality. In the same thread: calls for McCarthy-like blacklisting of programmers based on ideology. Never any nuance in these discussions: either say 'Amen' or Burn in Hell.
Like everyone, I've read a lot about the aftermath of Snowden's disclosures. This is the first time I've read an official condemnation from an industry leader. Amen.
[+] [-] rooshdi|12 years ago|reply
This cannot be overstated. Americans are no better than the rest of the world. If anything, being the masters of mass surveillance makes us worse. We're creating the big brother blueprint.
[+] [-] dalek_cannes|12 years ago|reply
[+] [-] gaius|12 years ago|reply
[+] [-] tptacek|12 years ago|reply
[+] [-] B-Con|12 years ago|reply
I took UC Davis's graduate Intro to Cryptography class from him. It was fun to see how much of crypto history he has been involved with.
Interestingly (given the subject matter of this post) he is also well known on campus for teaching a very good Technology Ethics class. (Sample material here.[1])
[1]: http://www.cs.ucdavis.edu/~rogaway/classes/
[+] [-] viraptor|12 years ago|reply
I never thought about this. Maybe it would be a good idea to add such clause to applications I release. It wouldn't be compatible with GPL of course, but then again... not sure which one I care about more.
[+] [-] Nogwater|12 years ago|reply
[+] [-] rob05c|12 years ago|reply
http://www.acm.org/about/code-of-ethics
[+] [-] javert|12 years ago|reply
I was basically coerced into joining, because if you pay $X to join, registration for IEEE conferences goes down by a much, much greater number.
Presumably, they have it set up this way because they ultimately make more money by selling your information to marketers (which they do).
So I would say that if the IEEE has a Code of Conduct, it completely lacks all legitimacy.
I hope some important IEEE people take note of this situation and correct it. Otherwise, I hope a more ethical organiziation arises that relegates IEEE to the dustbin.
[+] [-] fnordfnordfnord|12 years ago|reply
[+] [-] skwirl|12 years ago|reply
[+] [-] biot|12 years ago|reply
[+] [-] samstave|12 years ago|reply
but they stopped looking perhaps...
If you look at the link to Crunchbase's profile for Paladin Fund - that company seems to be funding all the DOD contracting tech services companies....
Edit: Also - look at every investment In-Q-Tel has made.
[+] [-] bengrunfeld|12 years ago|reply
http://images.techhive.com/images/article/2013/06/prism_vend...
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] geertj|12 years ago|reply
I agree. All of us developers have obligations that are higher than achieving personal wealth, or being a family breadwinner. We are the literate elite of our times. This status gives us the potential for great monetary benefit doing something we like, but it also comes with its social responsibilities.
[+] [-] marcuspovey|12 years ago|reply
If enough of us do we can choke off the oxygen supply to these organisations, especially if we make it an unattractive career prospect for undergrads.
[+] [-] jacquesm|12 years ago|reply
Thank you professor Rogaway.
[+] [-] RyanMcGreal|12 years ago|reply
As a "non-US-person", I found myself particularly moved by this line.
[+] [-] w_t_payne|12 years ago|reply
It was made very clear to me when I joined that they did not want to employ anybody who had ever had anything to do with hacking or writing malware, and that any hint of this would be grounds for immediate dismissal.
It was also made very clear that any such individuals would be black-balled by the industry as a whole.
I can only presume that this scheme would cover cases of hacking or espionage by government employees, or other such abuses of trust.
Whilst I acknowledge comments that raise the spectre of McCarthy-esque witch-hunts, and I share the concerns, I do think that it would be entirely appropriate for this scheme to extend to other technology companies that bank on a trustworthy reputation, and who need to prove beyond doubt that they have not been infiltrated by individuals with a history of abusing privacy and subverting technology for malicious purposes.
To an extent, this is already covered by the codes of conduct required by institutions such as the ACM, IEEE, IET, BCS and so on. I wonder if they will step up to the plate and enforce their codes of conduct (and if necessary, update them in light of recent developments).
Also, employers do not normally require their programmers to be members of these institutions, and the level of membership is very low. I wonder if this should change, or if we should set up a new institution for this specific purpose?
[+] [-] androtheos|12 years ago|reply
"Okay", says the president. "I guess if it's the only way then I'm sure the people will understand it's in their best interest" slight chuckle escapes his lips at the end.
When it should have gone something like this.
"Bullshit! I will not sacrifice the freedoms that are the foundations of America, simply to make your job easier on you. If you can't do the job without destroying the very freedoms you should be protecting, I'll damn well find someone who can!"
Director of NSA: while stuttering "Well actually we could work together with the CIA and FBI as well as foreign intelligence to garner the necessary intel that would give us actual probable cause to start monitoring someone by legal means with a warrant and everything."
[+] [-] frob|12 years ago|reply
[+] [-] dandrews|12 years ago|reply
[+] [-] asgard1024|12 years ago|reply
[+] [-] JonFish85|12 years ago|reply
[+] [-] aet|12 years ago|reply
[+] [-] maxk42|12 years ago|reply
[+] [-] pekk|12 years ago|reply
[+] [-] bengrunfeld|12 years ago|reply
[+] [-] chopin|12 years ago|reply