Transcript The Price of Freedom

The Price of Freedom
Martyn Thomas
Technology raises ethical
issues
"Everywhere we remain unfree and
chained to technology, whether we
passionately affirm or deny it. But we
are delivered over to it in the worst
way when we regard it as something
neutral."
Martin Heidegger, "The Question of Technology"
Vorträge und Aufsätze, 1954.
An Unprecedented
Technology
 The cost of computer processing falls 90% every six
years.
 The cost of storage falls >90% every 9 years
(accelerating).
 The cost of telecommunications falls >90% every six
years.
These changes are revolutionary
 Relative costs fall dramatically
 The unthinkable becomes commonplace in 20 years
 Even experts find it hard to imagine the
consequences
Information Technology,
1939
 The Hollerith Machine
Produced by DEHOMAG, a
subsidiary of IBM, and used
for the 1939 German census
and hence the Jewish
Registry. This was one of the
mechanisms through which
the Nazis were able to track
the Jewish populations and
accumulate information
regarding the "success" of
the Genocide
http://www.iath.virginia.edu/holocaust/infotech.html
Willy Heidinger (speaking about
the Hollerith Machine)
We are recording the individual characteristics of every single member
of the nation onto a little card....We are proud that we can contribute to
such a task, a task that provides the physician of our German body
politic with the material [he needs] for his examination, so that our
physician can determine whether, from the standpoint of the nation's
health, the data thus arrived at correlate in a harmonious, that is,
healthy, relationship -- or whether diseased conditions must be cured
by corrective interventions....We have firm confidence in our physician
and will follow his orders blindly, for we know that he will lead our
nation toward a great future. Heil to our German people and their
leader!
Source: "Festrede des Grunders, Generaldirektor Willy Heidinger," in
Denkschrift zur Einweihung der neuen Arbeitsstatte der Deutschen Hollerith
Maschinen Gesellschaft m.b.H. in Berlin, Lichterfelde am 8. Januar 1934
Further info: http://www.austhink.org/monk/DEHOMAG.doc
Hollerith data card for Buchenwald
prisoner Symcho Dymant.
http://www.ushmm.org/uia-cgi/uia_doc/photos/5262?hr=null
Your professional duty to
the public
To use your special expertise to protect
the public interest and human rights
safety-critical systems
we build systems whose safety we cannot assure
even heroic testing will not prove <10-5 pfh
we are asked for 10-9 pfh, so we use judgement:
when I hear the words ‘engineering judgement ‘, I
know they are just making up numbers.
Richard Feynman.
security and privacy...
The Importance of
Computer Security
To protect personal privacy
To protect national or business secrets
To allow confidential electronic transactions
e.g. solicitors, doctors
To prevent fraud
credit cards, on-line share trading, banking,
business-to-business
To prevent vandalism and sabotage
viruses/worms, Trojans
Security depends on identity.
Identification,
and what can go wrong
Who are you?
Identity theft
What system are you interacting with?
System impersonation
Is this transaction authentic?
Fraud, viruses and Trojans, electronic money,
electronic voting...
All typically depend on public key cryptography
Identity Theft
22-year-old San Diego college student Jessica Smith had
her car stolen with her handbag inside. Although the
car and bag were recovered, someone stole her identity.
She nearly got fired from her new job when a
background check showed that "she" had outstanding
warrants for prostitution. She was unable to obtain
credit, phone service or even to rent an apartment. She
obtained judicial documents explaining that her identity
had been stolen; nevertheless, she has been hauled into
police stations to be fingerprinted to prove that she is
indeed the person authorised to carry those documents.
Source: LA Times, 16 January 2000
Identity Theft
Increasingly common around the world.
http://www.consumer.gov/idtheft/
http://www.usdoj.gov/criminal/fraud/idtheft.html
a UK government site is being set up this year
Used by criminals and terrorists
Ironically, made easier by the introduction
of identity cards or universal ID numbers
US Social Security Number
biometric enrolment problems
System Impersonation
A cigarette machine was installed in a public
arcade, with payment by credit card and PIN.
The PIN was not checked, but the card stripe
and PIN were transmitted to a nearby
workshop, where the cards were reproduced
and used to withdraw cash up to the card
limit.
Imitation ATMs have been used for the same
purposes, which is why many now carry
warning signs. Be sceptical of new systems.
An aside about the latest plans to
combat credit card fraud losses
Credit card companies are introducing
PINs instead of signatures. Chip and PIN
A major effect is to shift the burden of
proof for responsibility for fraudulent
transactions from the banks to the
customer.
Before, if the signature didn’t match, they
refunded the charge. Now, they assume
you used the PIN or gave it to someone.
An ethical dilemma:
Cryptography
Public Key cryptography provides a way of
concealing data, and of securing
transactions, signing them and preventing
them from being altered.
It depends on:
technology that allows pairs of related keys
to be made, where if either key is used to
encrypt, only the other can be used to
decrypt, yet knowledge of one key does not
permit the other to be calculated.
Security through
Cryptography
Also depends on:
assurance that the secret key remains secret.
Some trusted means of establishing the
authenticity of a particular public key.
See http://www.pki-page.org/
Used, for example, for digital signatures.
Cryptography is a Good
Thing:
it allows citizens to communicate privately if
they wish
it allows doctors and lawyers to exchange
confidential information electronically
it allows the creation of digital signatures that
can have legal force
it protects against fraud, Trojan attacks and
impersonation.
Cryptography may be
a Bad Thing:
If it is used by criminals to conceal
criminal conspiracy
If it inhibits the legitimate surveillance of
suspects by intelligence services
If it increases the cost of necessary
policing
… or if it introduces an infrastructure that
actually reduces privacy.
An Ethical Dilemma
Do you have any right to privacy, or does
the public concern that you might be a
paedophile or terrorist overrule all other
considerations?
An example of UK law: RIP
Regulates who may intercept and why.
Allows authorities to demand decryption keys.
You must hand over the key, or face 2 years in prison
You may be instructed to keep the demand secret, or
face 5 years in prison.
ISPs must maintain an interception capability
Irish ISP’s in contrast, are prohibited from
interception, by their national law.
Reasons for Interception
(a) in the interests of national security;
(b) for the purpose of preventing or detecting crime or of preventing disorder;
(c) in the interests of the economic well-being of the United Kingdom;
(d) in the interests of public safety;
(e) for the purpose of protecting public health;
(f) for the purpose of assessing or collecting any tax, duty, levy or other
imposition, contribution or charge payable to a government department;
(g) for the purpose, in an emergency, of preventing death or injury or any
damage to a person's physical or mental health, or of mitigating any injury
or damage to a person's physical or mental health; or
(h) for any purpose (not falling within paragraphs (a) to (g)) which is
specified for the purposes of this subsection by an order made by the
Secretary of State.
Who may intercept?
(a) a police force;
(b) the National Criminal Intelligence Service;
(c) the National Crime Squad;
(d) the Commissioners of Customs and Excise and their department;
(e) any of the intelligence services;
(f) any such public authority not falling within paragraphs (a) to (e)
as may be specified for the purposes of this subsection by an order
made by the Secretary of State.
International Policies
The only countries with laws explicitly forcing disclosure
of keys are the UK, India and Singapore
[Encryption is otherwise banned or restricted in
Belarus, Brunei, China, Iran, Iraq, Kazakhstan,
Mongolia, Myanmar (Burma), Pakistan,
Russian Federation, Saudi Arabia, Tunisia,
Turkmenistan, Uzbekistan, Vietnam].
Source: EPIC’s International Survey of Encryption Policy 2000, via www.fipr.org
Related UK Issues:
at least 4,285,000 CCTV cameras have been
installed in the UK, some with facial recognition,
many with number-plate recognition.
1000 UK cities have CCTV: <10 in the USA
Echelon: most electronic communications are
scanned, decrypted if necessary, and recorded.
Wherever you go on the internet, or use a cellphone, or any electronic card, or your car, you
leave a visible trail that can be obtained by
public authorities and others.
As computer professionals:
Do you believe that a nationwide ID card
system can be introduced without
problems of forgeries, false acceptance
and false rejection?
Do you believe the ID database can be
made secure from hacking?
Do you believe that electronic voting
systems are secure against deliberate
election fraud?
Summary
Our technology is already so advanced, and is
developing so rapidly, that expert knowledge is
needed to understand its impact on society.
Professionalism carries a responsibility to act
ethically and to inform democratic debate
Ethical issues rarely have easy solutions. It is
important that there is continual, informed,
public debate about the sort of society we want
to create.
It is not sufficient to trust Governments to
act in the interests of all their citizens