[ISN] Diffie, Sterling, Lessig, et al., interviewed

From: InfoSec News (isnat_private)
Date: Sun Sep 30 2001 - 03:13:42 PDT

  • Next message: InfoSec News: "RE: [ISN] E-BOMB"

    Forwarded by: "Jay D. Dyson" <jdysonat_private>
    
    -----BEGIN PGP SIGNED MESSAGE-----
    
    Courtesy of Cryptography List.
    
    - ---------- Forwarded message ----------
    Date: Thu, 27 Sep 2001 16:17:45 -0400
    From: "R. A. Hettinga" <rahat_private>
    To: dcsbat_private, cryptographyat_private
    Subject: Diffie, Sterling, Lessig, et al., interviewed
    
    http://www.nytimes.com/2001/09/27/technology/circuits/27TECH.html?pagewanted=print
    
    
    September 27, 2001
    
    In the Next Chapter, Is Technology an Ally?
    
    By KATIE HAFNER
    
    OVER the last two weeks, computer scientists and others who think about
    technology have wondered aloud about its likely role in countering
    terrorism -- or in carrying it out. Have the limitations and dangers of
    technology been overlooked? Where, on the other hand, might technological
    innovation emerge or be redirected as a result of recent events?
    
    For Ray Kurzweil, an expert in artificial intelligence and an innovative
    figure in computing, the events are already accelerating technologies that
    allow work, and people, to be dispersed rather than centralized. Security
    experts like Peter Neumann point to the renewed interest - and perhaps
    unfounded confidence - in technologies to confirm identities and track
    movements.
    
    "Overendowing high-tech solutions is riskful," Dr. Neumann said, "in the
    absence of adequate understanding of the limitations of the technology and
    the frailties and perversities of human nature."
    
    Mr. Kurzweil and Dr. Neumann, a computer scientist at SRI International, a
    research group in Menlo Park, Calif., were among six technology experts
    invited by Circuits to assess the challenges ahead. The other participants
    were Bruce Sterling, a science fiction author who writes frequently about
    technology; Lawrence Lessig, a professor at Stanford Law School who has
    written extensively on law and the Internet; Severo Ornstein, a retired
    hardware engineer and one of the computer scientists who worked on the
    original Arpanet, the precursor to the Internet; and Whitfield Diffie, the
    inventor of public key cryptography, a method of encoding electronic
    communications.
    
    Each has been in the public eye for a decade or more, thinking and writing
    about the promise and peril of technology. Some are more sanguine than
    others about a high-tech society.
    
    Their discussion, conducted last weekend by e-mail, touched on technology's
    possible uses in fostering security and on the issues that will arise along
    the way. Here are excerpts from the conversation.
    
    Q. What role will technological innovation play in responding to terrorism?
    
    Lessig These attacks could spur a great deal of technological innovation.
    The hard question is whether the innovation will be tailored to protect
    privacy as well as support legitimate state interests in surveillance and
    control. We as a culture think too crudely about technologies for
    surveillance. The conflict is always framed as some grand either/or. But if
    we kept pressure on the innovators and, in particular, the government, to
    develop technologies that did both, we could preserve important aspects of
    our freedom, while responding to the real threats presented by the attacks.
    
    Kurzweil The Sept. 11 tragedy will accelerate a profound trend already well
    under way from centralized technologies to distributed ones and from the
    real world to the virtual world. Centralized technologies are subject to
    disruption and disaster. They also tend to be inefficient, wasteful and
    harmful to the environment. Distributed technologies, on the other hand,
    tend to be flexible, efficient and relatively benign in their environment
    effects.
    
    In the immediate aftermath of this crisis, we already see a dramatic
    movement away from meetings and conferences in the real world to those in
    the virtual world, including Web- based meetings, Internet-based
    videoconferencing and other examples of virtual communication.
    
    Despite the recent collapse of market value in telecommunications,
    bandwidth nonetheless continues to expand exponentially, which will
    continue to improve the resolution and sense of realism in the virtual
    world. We'll see a great deal of innovation to overcome many of the current
    limitations.
    
    Diffie Revision of the air traffic control system together with that of
    other industrial command and control phenomena will push reliability and
    security in computing and computer communications. Such systems may provide
    a testing ground for the command and control of ballistic missile defense
    systems in which response times may be slower but the spectrum of phenomena
    requiring analysis will be broader.
    
    Attempts to control the use of cryptography and other security measures
    will make the development of improved command and control networks more
    difficult and may impede this task by limiting the people who can
    contribute to approved government and contractor personnel.
    
    Lessig This "scenario of terror" was not low tech, for its impact was not
    just the impact of the souls who were lost. As powerful was the effect of a
    world watching as it occurred. The technology of a networked world meant
    that scores of television cameras would be trained on the south tower, to
    capture the horror of the delayed second impact. And the extraordinary
    impact of these killings in two cities is the product of a heavily
    integrated - technologically integrated - world community. Terrorists take
    advantage of this technology to have the effect they seek. Elsewhere, in
    places without this technology, it would not have the same effect.
    
    Diffie Larry, this is a great observation. I wonder if it will be possible
    to discover whether the attackers had that subtlety of thought.
    
    Q. Larry Lessig says that the hard question is whether innovation will be
    tailored to protect privacy as well as support legitimate state interests
    in surveillance and control. Do you agree that we as a culture tend to
    think too crudely about technologies for surveillance? Where do you think
    the trade-offs should be?
    
    Neumann The most elaborate technological measures are likely to be
    inadequate, misused and subverted. Surveillance is all too easily misused.
    Trapdoors in cryptography to facilitate law enforcement can be misused.
    Existing system security is seriously flawed. As a result, we must avoid
    expecting technological security measures to be adequate in protecting
    privacy. So, ultimately, we have a double-edged sword. Techniques to
    protect can be used to subvert, attack or otherwise compromise human
    rights, nation states and organizations. The problems are inherently human,
    and technology can be used for good or bad.
    
    Sterling The question is badly put. I don't worry much about Big Brother
    states surveilling average citizens. It's just not cost-effective, and what
    Mom says in Peoria just doesn't interest the serious power players in
    spydom. I do worry plenty about sneaky political operatives carrying out
    dirty-tricks campaigns against the private lives of prominent politicians.
    The payoff there is huge. It can destabilize legitimate governments more
    effectively than terrorism.
    
    I don't think there's a good trade- off here. If we're going to use
    surveillance as a weapon, then we should trust our democratic traditions
    and arm the population with it.
    
    Kurzweil The nature of these terrorist attacks and the organization behind
    it puts civil liberties in general at odds with legitimate state interests
    in surveillance and control. The entire basis of our law enforcement
    system, and indeed much of our thinking about security, is based on an
    assumption that people are motivated to preserve their own lives and
    well-being. That is the logic behind all of our strategies from law
    enforcement on the local level to mutual assured destruction on the world
    stage. But a foe that values the destruction of both its enemy and itself
    is not amenable to this line of attack.
    
    Lessig This is a critically important insight. The real problem we face is
    not slowness in technological innovation. The real problem is slowness in
    legal and civil rights innovation in response to the technological change.
    It was not until the late 1960's that the Supreme Court finally held that
    wiretapping was regulated by the Fourth Amendment.
    
    The reason for this failing has lots to do with the way lawyers think. We
    are reactive traditionalists. It is hard to think creatively. But if we
    used the same kind of innovative creativity that our Framers used in
    crafting our government, we could craft creative balances between
    technological capabilities and human weakness. Technologies can't be
    guaranteed to be used only for the good. But technologies placed within
    well-crafted institutional structures can be made more likely safe than not.
    
    Diffie (Disclosure: I am in the protection business.)
    
    In my view the natural trade-off is a broad public right to inquire (i.e.,
    listen to the radio, point infrared sensors around, make video recordings,
    analyze the data from the sensors with computers, etc.) and the right of
    the individual to employ protection from surveillance (cryptography,
    insulated walls, wearing a mask, using pseudonyms, etc.). This presumes a
    commercial right to make and sell products that support the individual's
    desire for privacy.
    
    I read in the documents of the revolutionary era a recognition of a broad
    right of the individual to act on self-perceived interest and generally not
    to be required to cooperate with someone else's view of those interests.
    This seems to me roughly what freedom means. The trends in contemporary
    society that most bother me are not so much government use of wiretaps or
    video cameras but such things as the requirement that cash transactions
    over $10,000 be reported to the I.R.S., that I must show identification to
    travel, etc.
    
    Ornstein I think there is a genuine tension between the desire for security
    and for privacy/individual freedom. This is just an instance of the more
    general conflict between the needs and desires of the individual and those
    of the larger society.
    
    Today's technology permits small numbers of people to wreak a
    disproportionate amount of havoc. (Without jet airplanes, the hijackers
    couldn't have done much damage with their box cutters.) I suspect the
    debate about where to draw the security line will probably be ongoing and
    will depend on how much damage occurs in the future: The more damage, the
    tighter we'll circle the wagons.
    
    Copyright 2001 The New York Times Company | Privacy Information
    
    
    
    - -- 
    - -----------------
    R. A. Hettinga <mailto: rahat_private>
    The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
    44 Farquhar Street, Boston, MA 02131 USA
    "... however it may deserve respect for its usefulness and antiquity,
    [predicting the end of the world] has not been found agreeable to
    experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
    
    
    
    - ---------------------------------------------------------------------
    The Cryptography Mailing List
    Unsubscribe by sending "unsubscribe cryptography" to majordomoat_private
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2
    Comment: See http://www.treachery.net/~jdyson/ for current keys.
    
    iQCVAwUBO7OetblDRyqRQ2a9AQFEsgP/dCAj2er7XPlSSc2WX6GMFDc9qvayJdF7
    8ZJ6h96bHA3/Qm45reX4Vl2xCRKfA/LBfeqRWAGdGbWVx1dVyBGuXBuyMq+HLEeb
    z0YiMVENs4a4wZIesmfU1+CXxd2WsWq4S6wo/I6Ygj6spTLoUYO/WB8auG5IR/ao
    lrIrUyr4eFY=
    =y0bc
    -----END PGP SIGNATURE-----
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Sun Sep 30 2001 - 05:50:00 PDT