Cybersecurity for the Public Interest

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly explaining that there's no way to provide this capability without also weakening the security of every user of those devices and communications systems.

It's an impassioned debate, acrimonious at times, but there are real technologies that can be brought to bear on the problem: key-escrow technologies, code obfuscation technologies, and backdoors with different properties. Pervasive surveillance capitalism -- ­as practiced by the Internet companies that are already spying on everyone­ -- matters. So does society's underlying security needs. There is a security benefit to giving access to law enforcement, even though it would inevitably and invariably also give that access to others. However, there is also a security benefit of having these systems protected from all attackers, including law enforcement. These benefits are mutually exclusive. Which is more important, and to what degree?

The problem is that almost no policymakers are discussing this policy issue from a technologically informed perspective, and very few technologists truly understand the policy contours of the debate. The result is both sides consistently talking past each other, and policy proposals -- ­that occasionally become law­ -- that are technological disasters.

This isn't sustainable, either for this issue or any of the other policy issues surrounding Internet security. We need policymakers who understand technology, but we also need cybersecurity technologists who understand­ -- and are involved in -- ­policy. We need public-interest technologists.

Let's pause at that term. The Ford Foundation defines public-interest technologists as "technology practitioners who focus on social justice, the common good, and/or the public interest." A group of academics recently wrote that public-interest technologists are people who "study the application of technology expertise to advance the public interest, generate public benefits, or promote the public good." Tim Berners-Lee has called them "philosophical engineers." I think of public-interest technologists as people who combine their technological expertise with a public-interest focus: by working on tech policy, by working on a tech project with a public benefit, or by working as a traditional technologist for an organization with a public benefit. Maybe it's not the best term­ -- and I know not everyone likes it­ -- but it's a decent umbrella term that can encompass all these roles.

We need public-interest technologists in policy discussions. We need them on congressional staff, in federal agencies, at non-governmental organizations (NGOs), in academia, inside companies, and as part of the press. In our field, we need them to get involved in not only the Crypto Wars, but everywhere cybersecurity and policy touch each other: the vulnerability equities debate, election security, cryptocurrency policy, Internet of Things safety and security, big data, algorithmic fairness, adversarial machine learning, critical infrastructure, and national security. When you broaden the definition of Internet security, many additional areas fall within the intersection of cybersecurity and policy. Our particular expertise and way of looking at the world is critical for understanding a great many technological issues, such as net neutrality and the regulation of critical infrastructure. I wouldn't want to formulate public policy about artificial intelligence and robotics without a security technologist involved.

Public-interest technology isn't new. Many organizations are working in this area, from older organizations like EFF and EPIC to newer ones like Verified Voting and Access Now. Many academic classes and programs combine technology and public policy. My cybersecurity policy class at the Harvard Kennedy School is just one example. Media startups like The Markup are doing technology-driven journalism. There are even programs and initiatives related to public-interest technology inside for-profit corporations.

This might all seem like a lot, but it's really not. There aren't enough people doing it, there aren't enough people who know it needs to be done, and there aren't enough places to do it. We need to build a world where there is a viable career path for public-interest technologists.

There are many barriers. There's a report titled A Pivotal Moment that includes this quote: "While we cite individual instances of visionary leadership and successful deployment of technology skill for the public interest, there was a consensus that a stubborn cycle of inadequate supply, misarticulated demand, and an inefficient marketplace stymie progress."

That quote speaks to the three places for intervention. One: the supply side. There just isn't enough talent to meet the eventual demand. This is especially acute in cybersecurity, which has a talent problem across the field. Public-interest technologists are a diverse and multidisciplinary group of people. Their backgrounds come from technology, policy, and law. We also need to foster diversity within public-interest technology; the populations using the technology must be represented in the groups that shape the technology. We need a variety of ways for people to engage in this sphere: ways people can do it on the side, for a couple of years between more traditional technology jobs, or as a full-time rewarding career. We need public-interest technology to be part of every core computer-science curriculum, with "clinics" at universities where students can get a taste of public-interest work. We need technology companies to give people sabbaticals to do this work, and then value what they've learned and done.

Two: the demand side. This is our biggest problem right now; not enough organizations understand that they need technologists doing public-interest work. We need jobs to be funded across a wide variety of NGOs. We need staff positions throughout the government: executive, legislative, and judiciary branches. President Obama's US Digital Service should be expanded and replicated; so should Code for America. We need more press organizations that perform this kind of work.

Three: the marketplace. We need job boards, conferences, and skills exchanges­ -- places where people on the supply side can learn about the demand.

Major foundations are starting to provide funding in this space: the Ford and MacArthur Foundations in particular, but others as well.

This problem in our field has an interesting parallel with the field of public-interest law. In the 1960s, there was no such thing as public-interest law. The field was deliberately created, funded by organizations like the Ford Foundation. They financed legal aid clinics at universities, so students could learn housing, discrimination, or immigration law. They funded fellowships at organizations like the ACLU and the NAACP. They created a world where public-interest law is valued, where all the partners at major law firms are expected to have done some public-interest work. Today, when the ACLU advertises for a staff attorney, paying one-third to one-tenth normal salary, it gets hundreds of applicants. Today, 20% of Harvard Law School graduates go into public-interest law, and the school has soul-searching seminars because that percentage is so low. Meanwhile, the percentage of computer-science graduates going into public-interest work is basically zero.

This is bigger than computer security. Technology now permeates society in a way it didn't just a couple of decades ago, and governments move too slowly to take this into account. That means technologists now are relevant to all sorts of areas that they had no traditional connection to: climate change, food safety, future of work, public health, bioengineering.

More generally, technologists need to understand the policy ramifications of their work. There's a pervasive myth in Silicon Valley that technology is politically neutral. It's not, and I hope most people reading this today knows that. We built a world where programmers felt they had an inherent right to code the world as they saw fit. We were allowed to do this because, until recently, it didn't matter. Now, too many issues are being decided in an unregulated capitalist environment where significant social costs are too often not taken into account.

This is where the core issues of society lie. The defining political question of the 20th century was: "What should be governed by the state, and what should be governed by the market?" This defined the difference between East and West, and the difference between political parties within countries. The defining political question of the first half of the 21st century is: "How much of our lives should be governed by technology, and under what terms?" In the last century, economists drove public policy. In this century, it will be technologists.

The future is coming faster than our current set of policy tools can deal with. The only way to fix this is to develop a new set of policy tools with the help of technologists. We need to be in all aspects of public-interest work, from informing policy to creating tools all building the future. The world needs all of our help.

This essay previously appeared in the January/February issue of IEEE Security & Privacy.

Together with the Ford Foundation, I am hosting a one-day mini-track on public-interest technologists at the RSA Conference this week on Thursday. We've had some press coverage.

EDITED TO ADD (3/7): More news articles.

Posted on March 5, 2019 at 6:31 AM • 35 Comments

Comments

George H.H. MitchellMarch 5, 2019 8:09 AM

Not to oversimplify, but I think this is a corner case of a much bigger problem: we need politicians who are willing to consult experts in any field in which the politicians believe themselves mystically better informed than anyone else. A public interest technologist can't do us any good if a regulator insists on proceeding based on a gut feeling.

JamesMarch 5, 2019 9:08 AM

"Politicians" and "public interest" are mutually exclusive. The only time those two come close is when they are begging for votes. Then, they go on and sell off to the highest bidder. Some exceptions do exist though.

Petre Peter March 5, 2019 9:28 AM

Working at this intersection -technology, and policy - is intimidating for me. With technology, i have to be able to embrace change fast, looking for the right answer, while with policy i have to take my time and consider what i can actually accomplish. In effect, this discipline is asking me to be fast and slow but not at the same time-like playing chess with oneself at the Stark Trek table taking turns for each team. I am not sure how to test this schism because when i have to be part of both teams i can no longer distinguish between the mistakes of one team and the plans of the other. On the other hand, a phone can no longer be just a phone - the genie is out of the bottle and i wonder if i can switch between applications of applications as fast as my phone does.

Ivy LeeMarch 5, 2019 10:12 AM

It is a dubious proposition to assume that private foundations created and maintained by a tiny subset of extremely wealthy people will properly frame what's in the public's interest and what is not. More often than not, these organizations depict the public interest in a manner that is self-serving.

FaustusMarch 5, 2019 10:12 AM

I mostly use the internet like a big library. Some of the information is free; some I buy. I don't participate much in interactive forums, except here, because this is the least dumb place I have found on the internet. (I may very well be missing other worthy places due to my general lack of participation.)

I don't like the idea of a dedicated public interest technologist because it conflates politics and truth seeking. I have a low opinion of politics. I think it attracts pathological personalities and those that are not pathological when then arrive will be continually conditioned to become pathological upon arrival.

Can pathology be resisted? I don't really think so. The system shuts out anyone who doesn't play along. I think of Jimmy Carter and his attempt to do something different as President.

What great things has politics or government done in the last 20 years? Where is all the money going that the government is printing?

I have immense respect for Bruce Schneier for various reasons:
-- He runs this amazing space without trying to track, monetize or over-control us. Unlike so many things that become corrupted over time. (I think of Google's "Don't be evil". Where has that gone?)
-- He hosts ideas that are opposed to his own without friction.
-- He works with great organizations like the EFF.
-- And most of all, he presents information in a balanced way, avoiding click-bait, sacrificing notoriety and money. It is a clear rule of our new world that the loudest and least nuanced views get all the attention, yet Bruce is willing to forgo them in the interest of a balanced view.

(Of course, the other shoe has to drop...)

However, I do detect a drift in Bruce's views. He perceives less security theater and gives more credit to NEEDING TO DO SOMETHING to keep us safe. (As far as I can see, we live in historically unprecedented times of safety, and that the threats of terrorism, crime, immigration, trafficking, and yes, cyber security, are vastly exaggerated in favor of giving the government (which can hardly tie its own shoes) more and more surveillance opportunities and control over our lives).

I sense a shift in Bruce's unconditional support for encryption and I predict that within a year he will agree that the government should have some sort of access to some class of encrypted information, and that these classes of exceptions will grow and grow over a short period of time.

Do I blame Bruce? No. It will be impossible for him to play the role of public interest technologist vis-a-vis the government if he doesn't horse trade. And he works for large corporations who have an interest in people perceiving that there are dangerous security threats. Any mind would be swayed by the social and economic pressures of such a situation. One need not be dishonest. Opinions are naturally influenced by one's environment.

Corporations are not perfect nor particularly fair. But compared to government, look what THEY have achieved in the last 20 years: Increased cancer survival, electric cars, autonomous cars, AI, space travel infrastructure, alternative energy, quantum computers, ubiquitous drones, to name a few. People like Musk and Bezos get very wealthy (and millions of their shareholders to a lesser extent), but most of that money goes to starting new, cutting edge corporations that address our social needs in a way that government has abdicated.

A corporation is going to solve the global warming/carbon problem, not goverments and NGOs jetting off (spewing carbon) to another conference in an exotic locale. And corporations employ people. Most people. Jobs are important. And corporations need customers, which is why they are most likely to resolve the issue of how people will still be able to eat and live when modern technology makes their 40 hour/week presence at a job unnecessary.

If people don't care enough about carbon to cut their personal production of it through their lifestyle, if people continue to use facebook after they know the way it abuses them, if people hate Amazon but won't stop ordering from them, we have a social problem. If we don't care enough about anything to inconvenience ourselves, how is getting the government involved going to help anything? Fascism is the government fit for a population that won't take responsibility for its own actions and we are getting more and more fascism on all sides.

Technologists should not feed themselves to the beast of government. Stay independent. Don't put yourself in a position where you have to sacrifice your ideals to be invited to the table.

KarellenMarch 5, 2019 11:09 AM

Public-interest technology isn't new. Many organizations are working in this area, from older organizations like EFF and EPIC

You missed the big one, which is older still, and probably a large part of the inspiration behind the two you mentioned, the Free Software Foundation.

JamesMarch 5, 2019 11:21 AM

@Faustus:
There is no doubt that technologists (including tech corps) are doing an excellent job when it comes to innovation. And yes, innovation costs money, lots of money. The most "hated" corporations out there (Google, Facebook, Amazon, Microsoft) are also world leaders in innovation. But they also have to make money for their shareholders, and that mandates being in bed with politics/governments by bribes/lobby, compliance, etc. Nobody got obscenely rich by being totally honest and having strong moral standards, period. Big companies afford buying politicians and pushing legislation that's favorable to them, it has always been like this and will always be. At least for most technology companies, you have the choice not to use their services. But what do you do about banks, wireless carriers, internet service providers, health care, hospitality, and others that usually cost you money and you do have to use at some point ? You pay them and they still slice,dice and sell your data. Big tech companies at least give you free services, and they usually tell you (yeah, most times buried deep in pages of terms and fine print) that what you give them belongs to them, they don't care about your privacy, and if you want privacy go someplace else. But what about the ones you pay and they still sell your data ?

FaustusMarch 5, 2019 12:45 PM

@James

I basically agree with you. But government is the problem in this, not the solution. If they are for sale, competition forces companies to pay them. I think that government corrupts the companies by forcing them to pay protection money to operate.

And government protects data brokers, like credit agencies, by protecting them from the lawsuits that would be the common law response to these data abuses, and that would naturally curb them.

And government funds and consumes a large part of the data that is stolen from you when you simply seek essential services. There is almost no chance govt will curb the data collection that it so enthusiastically supports.

As far as I can see, nobody is particularly punctilious when morals stand in the way of what they particularly want. We should seek solutions that serve everyone rather than scapegoating particular groups for the selfishness we all exhibit.

MowMarch 5, 2019 1:07 PM

I'm a sys admin near the D.C. region. I have seen instances of policymakers or their advisors making ridiculous statements such as "encryption keeps the NSA and FBI out but let's foreign governments in".

I have no idea how to get involved or if I'm even qualified to be involved. I have no legal background. No background in AI. Minimal background in cryptocurrncies.

What are the actual pre-requisites needed for someone in tech to get involved and how can someone get involved?

JamesMarch 5, 2019 1:46 PM

@Faustus:
I never said the government is the solution, indeed they are the problem. I guess the "government of the people, by the people, for the people" days are long gone. They weird thing is governments are somehow punishing the people for the problems they (the governments) created. As in some places you cannot take a dump without showing ID, heavy censorship, no flight lists, an insatiable appetite for data, more police/military on the streets then in '43, outlawing encryption, and so on. In my opinion education would solve 80% of the contemporary problems. But hey, who needs educated people ?

JamesMarch 5, 2019 2:10 PM

@Mow: It's sad to see people in charge of things they don't understand, unfortunately it happens all the time. A lot of shit happened because the qualified sysadmin/engenner/etc said "hey we need to fix/upgrade/change this" and the O guy said "forget about it, it costs too much, if it ain't broken don't fix it".

FaustusMarch 5, 2019 2:19 PM

@ James

Again, I largely agree. It is interesting: There seems little need to focus on what we agree on, so I often respond about where I differ. But we are 95% aligned.

I used to think education was great. But I had some disappointing experiences. I was very interested in psychology. I was on a student steering committee in my department. But when I observed that there were so many different and contradictory theories in psych and little attempt to reconcile them or explain the contradictory profusion, it was like I farted. It was the dirty little secret. The desire to understand the mind had been subordinated to academic politics. I lost interest after that.

And school has become unreasonably expensive. So many people who are too young to understand the implications build up crippling debt. Trump can go bankrupt again and again, but these young people, who really should have been advised more carefully, are now mostly stuck with immense debt forever. Medicine or law might provide a corresponding income. But over $100K of debt for a non applied degree is a terrible mistake for most people. Young people need better guidance and an educational cost that better tracks their prospects, as well as the option everyone else has of declaring bankruptcy.

I also don't think we are doing kids any favor by educating them massively in finding problems in a system that they have not yet participated in. Almost every 20 year old radical turns into a relatively conservative 40 year old once they have invested themselves in a job and a family. At which point they will wish they had learned something that would help them support themselves and their family rather than an ideology that they have long since discarded.

Certainly young people should be taught the real facts of the brutality of history and the mistakes our countries have made, in the hopes of not repeating them. But aggressively criticizing a world you have not yet contributed to makes as much sense as my viciously criticizing an athlete in a sport that I cannot do myself. "Healer, heal thyself" is my motto.

Jesse ThompsonMarch 5, 2019 2:34 PM

I think the part of the discussion about Public Interest Technologists that is really missing here is the concept that no human can reliably tell you what is actually in the public interest.

The founders of this country (The US) relied on a method of checks and balances not only to help ensure that corruption was kept out of public interest, but to define what public interest even meant. The entire goal of democracy is to ensure that all voices are heard and are weighed in some fashion prior to a decision being arrived at.

If we still believe in the democratic process, then we cannot presume to create some layer of field-experts embedded into policy making who will just keep everyone else honest by way of their magical access to some higher moral understanding. We still have to create some process (and if we're being democratic about it, some adversarial process) whereby what each party thinks is moral (including the corrupt ones only seeking to line their own pockets or increase their own influence) get to compete in some arena where the product of compromise is more likely to actually reflect the public interest than any one person's utopian fancies.

Satoshi reached precisely this kind of balance when (t)he(y) created the world's first globally accessible notarization ledger that requires trust in no single authority to participate in or to verify.

In short, we cannot hope to simply dominate myopic or greedy actors by sheer force of will.. or even by sheer force. Our only hope is to devise ever better systems that use this self-interest as fuel in competitions that drive more public interests.

Of course that's not easy, but it's certainly not any harder than trying to wage war of direct resistance against actors who do things against what we personally perceive to be moral.

JamesMarch 5, 2019 2:37 PM

@Faustus:
That's exactly the problem, that education is not great. It should be great, but unfortunately it's far from it. Forcing people into debt for education is modern day slavery, plain and simple. Lots of problems emerge from here...

Indeed we agree 95 to 100% of the time. Nice and educative posts btw.

JamesMarch 5, 2019 2:40 PM

@Jesse Thompson:
The US is not a democracy, is a republic. There are some (big) differences. In fact the last viable democracies were in the ancient Rome, Greece ...

FaustusMarch 5, 2019 2:48 PM

@ Jesse Thompson

I think you hit the nail on the head nicely. Any constructive approach to government has to recognize our self interest and drop the pretense that somebody or some group operates at a higher level than self interest.

JamesMarch 5, 2019 3:02 PM

Not to hijack the original topic anymore, or Mr. Schneier will probably start deleting posts as off topic. Policy will never solve the encryption "problem". The cat is out of the bag, and has been for a few centuries. Encryption is math, and you cannot ban math. Encryption is not only whatsapp or telegram or signal, encryption is also one time pads, that are 100% unbreakable, and even a 4yo can use them. The new trend is that everyone is a criminal by default, until proven otherwise. What happened to "semper necessitas probandi incumbit ei qui agit" ? The encryption debate has nothing to do with fighting crime, it only has to do with control, period. Yeah most people do have something to hide, it's called private life. What's the problem with that ?

Lawrence D’OliveiroMarch 5, 2019 3:45 PM

“There's a pervasive myth in Silicon Valley that technology is politically neutral. It's not...”

If you were meaning “politically neutral” in the sense of “making no difference to politics”, then while your claim would be true, I would also say it’s a strawman. What is true is that there is no predictable direction in which a piece of technology will have its political effect. Technology can be used for good or ill, and it can benefit one group in society at the expense of another. And often that will happen even if you decide not to take any action. Because not deciding is also a decision, after all.

vas pupMarch 5, 2019 4:27 PM

@Faustus:
"I don't like the idea of a dedicated public interest technologist because it conflates politics and truth seeking."

@George H.H. Mitchell • March 5, 2019 8:09 AM

"we need politicians who are willing to consult experts in any field in which the politicians believe themselves mystically better informed than anyone else."

Those two posts caught my attention. I just recall being programmer many years ago and my super told me "Apply logic when you do programming, but do not look for logic in policy." So, politicians think they could change human nature, natural science/math laws by their own sometimes delusional vision of the world or just not understanding the nature of relations they are trying to regulate whatsoever.

My suggestion is to have kind of business analyst between honest politician (yeah, very difficult) and technologist as kind of translator/communicator between them in order to educate both sides on technology and the law making process.
Sometimes, it is like in the song when nobody is bad, but there is just misunderstanding.

Impossibly StupidMarch 5, 2019 4:42 PM

Another nice, big topic from Bruce. :-)

It's an impassioned debate

Not really. The math is clear for these things in the same way the science is clear for many other issues. An agenda of false balance allows the water to be muddied by special interests. There is no debate over the fact that weakening cryptography makes everyone less secure. Neither would there be a debate were it a separate issue that evidence of crimes would be easier to gather if encryption could be nullified. The problem is conflating the two, and trying to impose bad encryption on everyone for everything, when instead the proper approach would be to mandate circumventable encryption only for those transactions/communications that are otherwise reasonably subject to disclosure.

We need policymakers who understand technology, but we also need cybersecurity technologists who understand­ -- and are involved in -- ­policy. We need public-interest technologists.

The problem is that you still need to address those special interests who sow division in the public and deny the scientific underpinnings of what technologists bring to the table. Even the public denies what is in their best interest! What we more fundamentally need is better science communication, and serious consequences for those who instead deliberately choose to spread harmful lies.

That quote speaks to the three places for intervention.

In my experience, the bulk of the failings fall squarely on the "misarticulated demand" side of things. I look around me and I see a world full of talent that is tired of working on projects that aren't serving the public interest. There's simply no place for them to go, and no job market that actually addresses their wants and needs. I have applied for a technology position at the EFF, and it was handled in the exact same dehumanizing way I've come to expect from any other soulless corporate HR machine. I've even tried to do volunteer work for non-profits, but they often want you to jump through the same kinds of privacy-eroding hoops that were put in place for (I assume) criminals who are appointed to court-ordered community service.

That means technologists now are relevant to all sorts of areas that they had no traditional connection to: climate change, food safety, future of work, public health, bioengineering.

And the job boards lock them out of those openings because the algorithms don't make them a good enough match. But that's still ultimately a "demand" failing, because the companies aren't doing a good job of writing ads for technology-related positions that are more than just a list of "hot" skills. I swear, I want to scream/laugh/cry every time I see a job posted that highlights HTML knowledge as though it were some special, magical skill that is hard to find in a Senior Software Engineer.

The world needs all of our help.

Yeah, but it doesn't want our help.

Sancho_PMarch 5, 2019 5:42 PM

Well, here in the EU politicians are willing to consult experts, called external consultants. Similar to the Big Four in industry, there are some biggies serving governments and the public sector. Their main tool is converting “scientific knowledge” to economically reasoned governing.
“Policy adviser” comes close, but (in the EU):
No one man show, this is really big business, keep out.
No chance there without big revolving doors.

For the economical part our society worships the endless, unlimited growth.
Public interest, whatever it would be, is not growth.

This is not evil, it is what is needed for tomorrow. Not for the future.

GweihirMarch 5, 2019 6:51 PM

Well said. In particular, the clueless, destructive and highly dangerous bumbling about that politics does on technological issues has to stop.

Bruce SchneierMarch 5, 2019 6:57 PM

@George H.H. Mitchell:

"...we need politicians who are willing to consult experts..."

Definitely agree.

Getting this right determines whether we succeed or fail in this century.

TõnisMarch 5, 2019 9:01 PM

@Faustus.

"However, I do detect a drift in Bruce's views. He perceives less security theater and gives more credit to NEEDING TO DO SOMETHING to keep us safe … I sense a shift in Bruce's unconditional support for encryption and I predict that within a year he will agree that the government should have some sort of access to some class of encrypted information, and that these classes of exceptions will grow and grow over a short period of time."

It is disappointing. Right from the get-go in this blog entry:

"On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals."

This type of rhetoric suggests that the authorities in various jurisdictions share the moral high ground in this "Crypto War," that they're not really interested in our communications, only the communications of "terrorists and criminals." It's one point away from "What about the children?!?" The sentence should read, "On one side is the surveillance state, which wants to be able to break encryption, to access devices and communications of everyone." Even the term "law enforcement" is, in the view of this American, offensive; it denotes that police should be mindlessly enforcing laws instead of serving as peace officers.

We don't need politicians consorting with experts. We need Americans and other free people with balls resisting authoritarianism, speaking out forcefully against the surveillance state. I'm not only opposed to backdoors and weakened encryption because it's ineffective or impossible, I'm opposed to it because it's anti-liberty and otherwise wrong. The people calling for backdoors, broken/weakened encryption, etc. are enemies of liberty, whether it's in the name of protecting children, catching criminals and/or terrorists, or "national security." "But what if there's a warrant?!?!?" Nonsense. It's too late, and there's too much to lose, when secret courts (and judges in regular courts) rubber stamp warrants just to give "law enforcement" the "tools" it claims to need. And those corporations (telcos, ISPs, etc.) who collude and conspire with the architects and administrators of the surveillance state to violate the privacy of the people are enemies of liberty: traitors.

CharlesMarch 6, 2019 3:28 AM

@George H.H. Mitchell • March 5, 2019 8:09 AM

"we need politicians who are willing to consult experts in any field in which the politicians believe themselves mystically better informed than anyone else."

A politician is a person elected to be in a position of authority, or power, by first acquiring enough popular support and money which results in votes at the voting booth. Any expert in any given field, normally thru academia because of profiteering nature of private enterprises, can give sound advise to any particular politician, but she/he must still adhere to the popular voice of both money and vote. Thus a sound advise is often mixed in with some flavorful study of the popular voice. This results in a additional layer of advise which I believe commonly referred to as "think tanks" of various NGOs that exist thru out the political landscape, so politicians are not alone to blame, IMHO.

65535March 6, 2019 5:49 AM

@ Mow

“I'm a sys admin near the D.C. region… I have no idea how to get involved or if I'm even qualified to be involved. I have no legal background. No background in AI”-Mow

Yes, that is a problem.

You could expand your career by “consulting” to lawyers and politicians as a side job – as George H.H. Mitchell and Bruce S. has said.

The next best thing is for you to get a pre-law, paralegal or if you are dedicated a law degree – any of those would help.

The real problem is a bunch of old legal hacks and lawyers close to politicians who know nothing and care nothing about cyber human rights wispering in politician's ear.

We need young lawers to double major in computer science and law. The old hacks have to go.

It may take of few major law firms getting hacked or burned by technology before these type of lawyers who are close to politician to cause a shift in they cycber human rights area. Maybe even a few Senators and Congress persons getting hacked could light a fire under cyber privacy laws.

The biggest problem is the NSA/FBI type TLAs spending Billions of tax payer money to keep their position on the gravy train by brain washing both politician and lawyers. This has to stop.

All of know that both lawyers and politician can easily be bought by tech giants like Giggle. There has to be a new breed of honest lawyers and polictians who are also cyber security trained and whol will not sell out to giant Tech firms that are soley in the busness of data mining. That is a big bill to fill.


CassandraMarch 6, 2019 7:43 AM

Re: Politicians that listen

It might be helpful to restrict the power of lobbyists, as no matter how willing a politician is to listen, their attention is a limited resource, and there are very well funded groups who specialise in obtaining and directing a politicians attention.

Perhaps a strictly enforced spending limit for legal and/or natural persons to prevent single companies, PACs, other organisations, conglomorates, or extremely rich individuals from dominating the information that politicians get to see and having undue influence.

In addition, funding public bodies, like the Congressional Research Service that provide impartial advice to politicians could be improved. There are equivalents in other jurisdictions.

As it is, no matter how much respected experts in a field make information available, it is mediated though lobbying, where money counts. Government dominated by the wishes of business is a corporatocracy or an example of corporate capitalism. Of course, some people see nothing wrong in this.

Cassandra

George H.H. MitchellMarch 6, 2019 7:58 AM

Thanks for the support. Unfortunately, I have no idea how to fix the problem in an era when at least one commercial enterprise has become disgustingly and highly successful by devoting itself entirely to encouraging distrust of anyone professing expert knowledge of anything. Any ideas?

FaustusMarch 6, 2019 4:17 PM

@ George H.H. Mitchell

"at least one commercial enterprise has become disgustingly and highly successful by devoting itself entirely to encouraging distrust of anyone professing expert knowledge of anything."

OK, I'll bite! Which "one" are you talking about?

Of course, what we are missing in this conversation are two major facts:

1. Experts are hardly ever in agreement about anything. You can find experts that agree with almost any opinion. (And the one you agree with is the one you'll choose to believe.)

2. Most political disagreements are based on preexisting political views and are not going to be turned around by expert opinion. The propaganda just might make a little more sense. Better understanding of encryption, for example, is not going to change a significant number of people's stand on encryption as far as I call tell. Its enemies just might say fewer silly things.

Alyer Babtu March 6, 2019 4:53 PM

From the original post, there are needed

"technology practitioners who focus on social justice, the common good, and/or the public interest."

As @Jesse Thompson points out, the determination of the social or common good is not primarily a question in technology. It is a different set of questions with its own ways of proceeding. It requires an architectonic and prudential view of the whole. Politics in its essence is for this. Corruption and subversion to the private good is typical but not intrinsic or inevitable. (There are modern examples where the ideal was closely approximated, e.g. the strong showing of the Popular Party in Italy in the 1920s, whose leader Luigi Sturzo said if they could not win by honest means they did not need to win.)

Once the politics is straightened out, there is a chance the right technical questions will be asked.

I don’t think the analogy with law is valid. Law is already part of the common good, as it is concerned with justice. Technology is secondary.

CassandraMarch 7, 2019 2:30 AM

@Faustus

I think I should take issue with what you have written:

1. Experts are hardly ever in agreement about anything. You can find experts that agree with almost any opinion. (And the one you agree with is the one you'll choose to believe.)

This is an oft repeated canard. Experts are generally in agreement in a field, disagreeing only on the details. You can always find contrary opinions held by a (usually) small minority of people, and often a single 'plucky maverick', but giving equal weight to minority opinions in disagreement with a general consensus is how the media manufacture 'controversy'. Opinion based on sound evidence works.

2. Most political disagreements are based on preexisting political views and are not going to be turned around by expert opinion. The propaganda just might make a little more sense. Better understanding of encryption, for example, is not going to change a significant number of people's stand on encryption as far as I call tell. Its enemies just might say fewer silly things.

Most (but not all) politicians sway with the political wind. You are right that they seek opinions that justify their ideology, but if there is overwhelming public support for something such that it affects their polling, they are likely to modify their positions. Using manufactured 'controversy' (see above) to justify ignoring a broad consensual opinion of experts is a known strategy of disreputable politicians.

Experts can be wrong. Good experts change their minds when presented with well-founded evidence of a better or different approach. Bad 'experts' cherry-pick 'evidence' to suit their opinions, and this can be exposed. One way of accelerating the exposure of opinion-based experts is to encourage the use of critical thinking in the general population.

And to try and drag this back on-topic, critical thinking is essential for security. We should all come from Missouri.

Cassandra

FaustusMarch 7, 2019 7:59 AM

@ Cassandra

I think it is easy to overestimate agreement with one's own views. https://en.wikipedia.org/wiki/False_consensus_effect We tend to read things that that make sense to use (i.e. that we agree with). And today's tech puts us in filter bubbles and feeds us the same viewpoint continually because it recognizes that we don't relate to the other viewpoints.

I would say that this forum is a forum of experts and we never agree on anything of public significance. Of course, we may choose to just not consider people we disagree with "experts", but that is simply more ignoring experts.

You are certainly aware that in court cases it is almost always possible to "rent" an expert with the opinion you desire.

Unless one is an expert oneself in the field we don't even have the means to reliably identify experts. And I have observed and confronted actual experts here who are actually just wrong about specific matters of fact. Experts make mistakes too. Maybe more mistakes, because they are speaking from the frontiers of knowledge.

Every advance in science was once a minority opinion. Truth is not subject to vote.

1&1~=UmmMarch 7, 2019 2:42 PM

@Alyer Babtu:

"Corruption and subversion to the private good is typical but not intrinsic or inevitable."

History shows that it is inevitable in hierarchical power structutes even if they start out being uncorrupt.

It would appear that any concentration of power simply encorages a certain percentage of the population to obtain it, and use it for their own ends with good or bad being just a point of view.

Through the centuries and millennia many people have tried and failed to make things truly democratic that is to remove or dilute the power concentration, this has failed except in a few very small places (Swiss Cantons were probably the last).

Due to various reasons true democracy has been replaced by 'representational democracy' which is a hierarchical power structure that then becomes perverted from within by the encoragment or incentivisation of those outside seeking to gain by it.

To say,

"Once the politics is straightened out, there is a chance the right technical questions will be asked."

Is kind of the wrong way around, politics can not be "straightened out" unless those who benifit from it are removed, and 'the people' take up their responsabilities honestly to not just themselves but their neighbours and even those that they do not know or might even hate for some reason. Can you actually see that happening in a country with tens if not multiple hundreds of millions of voices without the use of technology?

How do you keep the technology honest or atleast neutral to influence, as Stalin noted it's not who votes or how they vote that decides the result, importantly it's the system used to count the votes that decides the outcome. Thus those designing and operating such a system have significant power as 'King Makers' if they chose to be.

One of the biggest technological failures is the security of function against corruption. In 'minds eye theory' it should be easy to design secure systems, yet history shows 'we fail in practice' in oh so many ways more often than not. Mostly at the specification or design levels because we fail to see how scaling up introduces complexities we have failed to realise exist. Yet we should know as history repeatedly points out 'the devil is in the details'. But even in the unlikely event we would somehow see and correctly deal with everything at the design stage, we have many stages there after to get it wrong, such as implementation, maintenance, installation, etc the list is long and as history shows not just error prone but fairly easily subject to subversion.

Personally I have little or no confidence we can get information systems right due to the way we currently go about thinking up and implementing them.

Because not only can we not envisage complexity and scalability correctly we actually incentivise failure by the way we go about the process.

In essence we want everything for nothing now, and the only way that can happen is by not paying for work to be done or for the resources used. People can not survive unless they have some way to obtain not just their basic needs but also the training and experience to develop the skills required to carry out the work effectively. As technology advances the skills required become increasingly significant. If you look at astronauts they spend around two decades to get the basic skills looked for, then around two years training for individual missions that might only be just one or two hours space walking. The more complex information systems become the more they approach this training to work ratio.

However there is a quite prevalent but incorrect assumption that skills can be purchased not developed which gives rise to the so called 'throw money at the problem' solution, which unsuprisingly almost always fails.

In part because we still lack the measurands to assess not just a finished information system but one in progress. This inability gives an opportunity for the entire production process to be gamed in oh so many ways by either side, mostly detrimentaly. Thus there is in effect a war in progress between those that produce information systems and those that aquire them for use.

The process is therefore another form of 'politics' with it's own changing rules as each side competes for what it sees is an acceptable exchange. In essence just a power struggle where deceit is just another tool in the armoury to gain a short term advantage.

History shows such a competative method leads to the build up of power structures which @Bruce had started looking at with the idea of large corporates being the equivalent of Barons and workers the equivalent of surfs.

History shows one constant though which is those who 'earn their living no questions asked' as guard labour are attracted to power hierarchies like the proverbial flies to a manure pile. Their basic rule of existance being 'following orders', which became in effect no defence at the Nuremburg trials over seven decades ago and has been the cause of much individual conflict since, as it requires the ability to distinguish between lawful and unlawful orders, a competence few inteligent lawyers poses, let alone others who by definition of guard have not been selected for their intelligence. Whilst the worst of guard labour have recognisable names some anthropologists tend to refer to them by the basic rule of their existance that is 'authoritarian followers', their primary purpose being to ensure a power structure has the ability to enforce power regardless of it's legitimacy.

GeorgeMarch 10, 2019 3:16 AM

@Faustus wrote,

"Corporations are not perfect nor particularly fair. But compared to government, look what THEY have achieved in the last 20 years: Increased cancer survival, electric cars, autonomous cars"

The bottom line is monetary. Money is the string that moves the society and governments are no exceptions to it. Early hybrid buyers were banking on government subsidies to EVs. The carbon accord or whatever it's currently named will deduce large portions of government money (from all over the world) into electric vehicles related expenditure. Pure EVs will need extensive public infrastructure, most of which will be paid with government money.

It is the "politics" of things.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.