IET
Decrease font size
Increase font size
Topic Title: Engineers and ethical responsibility regarding intrusion
Topic Summary: Where does the enineering profession stand on communication access?
Created On: 26 September 2013 04:10 PM
Status: Read Only
Related E&T article: Edward Snowden and the power of the privileged insider
Linear : Threading : Single : Branch
1 2 Next Last unread
Search Topic Search Topic
Topic Tools Topic Tools
View similar topics View similar topics
View topic in raw text format. Print this topic.
 26 September 2013 04:10 PM
User is offline View Users Profile Print this message



pwmchapman

Posts: 7
Joined: 09 February 2003

Not "shocked the world" but rather "forced the world to address the issue".

In the world of international espionage, if they can they will. No-one in the security industry was surprised by these revelations. However, they forced a reaction to a practice that has long been assumed is taking place.

There is no such thing as secure software. The operating system and other software running on a computer can always access encryption keys. The question is, who are these keys then shared with? As engineers we have a responsibility to create safe systems. We also have an ethical responsibility to determine to what extent we should facilitate intrusion and espionage. That is not an easy decision. We need to support the law enforcement authorities but oppose those who seek information on their political opponents (think Watergate and McCarthyism for example). We need an ethical position as a profession on how we should treat this issue.
 26 September 2013 08:42 PM
User is offline View Users Profile Print this message



westonpa

Posts: 1771
Joined: 10 October 2007

No I think shocked the world is nearer the truth. However that's not to say that for the most part a decent job is being done.

Regards.
 27 September 2013 02:02 PM
User is offline View Users Profile Print this message



jarathoon

Posts: 1032
Joined: 05 September 2004

Ethical positions are often heavily context dependent.

If we define an ethics we must also define the context within which it remains valid.

A tool designed by an engineer can be used for one purpose in one context and a quite different purpose in a changed context.

Engineers cannot control the context e.g. the changing nature and intent of governments, the changing nature of what may be defined as freedom of speech and the changing nature and effectiveness of parliamentary and regulatory oversight.

In regards to data we need to try to classify the problem...e.g.

1. communications data collection
- how is the data to be collected
- what data should be only collected on demand with a court order
- what data can be collected by default

2. communications data storage
- how is the data to be stored
- how long is the data to be stored

3. communications data disposal and limitations on use of old data
- how can we be sure it has been disposed of after the time limit on it's storage expires
- perhaps we need a clearer statue of limitations on discriminating against people using data over 3 to 7 years old (e.g. limit the use beyond this just in relation to the investigation of major crimes)
- we don't want students to bar themselves from politics or being a police commissioner just because someone kept a picture of them smoking a spliff at college for example

4. the nature of communications data access given to certain individuals, government organisations and foreign governments and who gives authorization for this

- who do we allow to see the data collected and on what terms
- access to information for a named individual who is suspected of some crime or actively conspiring to organise a crime
- access to information for a given set of circumstances e.g. we want to identify who was using a mobile phone within a certain time period in the vicinity of some recorded crime
- general trawls for information with little or no constraints on access

5. legal and regulatory control of how collected data can be collected, legally used or passed on to a third party
- legal and illegal uses as defined in law; how do we stop governments breaking the law or making the law too sweeping and too draconian in the midst of emotion following some criminal event.

6. preventing the data collected from secretly leaking out into a hidden black market for information
e.g. security employees leaking data, companies or individuals buying access, or politicians and civil servants giving access to national companies to help them compete with or steal information from foreign companies.

I am more worried about getting the balance of 3, 4, 5 and 6 right, than the security services collecting allowable data in the first place.

James Arathoon

-------------------------
James Arathoon
 27 September 2013 04:26 PM
User is offline View Users Profile Print this message



westonpa

Posts: 1771
Joined: 10 October 2007

Personally I think it would be better to have competent politicians who do not create terrorists in the first place and then we would not need to spy on everyone to detect them. How can a judge or politician who knows virtually nowt about electronic communications give any kind of oversight. It was only a short while back data was being lost by several government departments. In reality we are relying on the personal ethics of the people doing the job. Here we have NSA employees spying on their own significant others and these will just be the ones we know about.

http://news.yahoo.com/u-intern...ficant-140630189.html

It's 'human nature'.

Regards.
 27 September 2013 06:57 PM
User is offline View Users Profile Print this message



kengreen

Posts: 400
Joined: 15 April 2013

sorry fellas,

I think you all swimming in shark-infested waters but well outside the nets.

The basic failure that should be under consideration is the total cock up that today masquerades as a whole shower of computers; never has there been - I trust - such aNn exhibition of incompetent engineEering running riot without an overall control.

I willingly acceed that "programmers" earn huge salaries but that is no more proof of ability than it applies to Bill Gates? It has much more to do with the gymnastic act of patting your own back.

It is a total disgrace that, whenever I desire to try out a new application, I have to download a special "driver" - this is a great evil that has bedevilled electronic engineering for as long as I can remember namely that each man believes that "he can do it better". You may by all means come knocking on my door bearing spiked clubs but the fact is that of those designers too many of you stink. It is not impoSssible to get togetheRr to agree a basic style: e.g. there is an almost infinite number of "designs" or power sUuppliers whose job is to supply regulated DC from raw AC mains but,analyse them, and you will find it difficult to finDd as many as three types?

The whole principle of modular construction of equipment is that a series of comparatively simple units is designed so that they can be connected in any configuration and there is no basis for claiming that the system cannot, or should not, be applied in the creation of software and especially so in view of the often outrageous charges made for them.

Few would denYy the incompetence of career politicians? All the more reason to supply them with, not just fool-proof computers, but with bloody-fool-proof equipment.

Engineering needs to put Iits own house iNn order before distributing brickbats.

NB my apologies for the obvious failures in this Post;I have to rely on an extraordinary piece of software that enables me to dictate into my computer; not only does it share my difficulties with Microsoft software but it hourly demonstrates the ridiculous
claims of artificial intelligence.


Ken Green
 28 September 2013 12:07 AM
User is offline View Users Profile Print this message



jarathoon

Posts: 1032
Joined: 05 September 2004

Ken,

I suspect that it would be possible for some cheeky young engineers to try to pass off a Turing Test Machine as a engineer on this forum for a while.

In textural form computers can easily pass themselves off as having some communicative intelligence, without actually being capable of thought.

In converting speech to text, there is no artificial intelligence, it is just a matter of brute force computing, statistics and databases as you know.

Back to the tiopic....

Given the resources available to the NSA and GCHQ combined, and the fact they only need attack communicating computers at their weakest point, keeping communications traffic secret from them using cheap short life internet connected technology and systems designed for flexible consumer use is never going to work well as a commercial proposition.

I agree though given the appauling over-complexity and low quality of most commercial software it might soon be the case that system security is no longer a commercial proposition against much weaker adversaries, for example highly organised criminal gangs. This could start the process of making the internet unusable for ordinary commercial purposes.

Such a situation would obviously be accelerated if some of the full array of software tools, technologies and tricks used by the governmental security services were to leak out into the wider world.

I agree engineering needs to put its house in order; however what sort of order do we want and how much are we willing to pay for it?

James Arathoon

-------------------------
James Arathoon
 28 September 2013 11:26 AM
User is offline View Users Profile Print this message



westonpa

Posts: 1771
Joined: 10 October 2007

They are not attacking our computers, they are 'spying' on communications sent/received. Nowadays the bulk of people's emails are stored on other people's computers, e.g., Google, Microsoft, etc., and the relevant agencies can already gain access to that legally. 'Most' people use web based email now and not pc based email. The only other thing you may then do is to take information from the transmission conduits. Now with regards to needing keys to encryption software that is so they can decrypt encrypted communications, be they the communication itself which is encrypted or else an attachment.

Now if you have been thought to have done something wrong and they take your pc then they do not need any access granted through 'drivers' because the only thing they would have any issue with is encrypted stuff or else 'deleted' stuff in which case they either use the keys or else other techniques.

You store something on a magnetic drive and it leaves a magnetic footprint and even if you overwrite it to a point it can be recovered. Even some of the 'shredders' do not actually work properly. Now if I want your browsing history I just get my warrant and ask Google, it's not that difficult, and if I did want access to your PC I just load some Trojan software onto a webpage you visit and hey presto when you access the webpage you give permission for that software to be downloaded by the fact your web browser accessed the web page. So basically I can access your PC each and everytime you visit a website or else connect up to the internet, because that requires a two way communication. But hey who is interested in what's on Ken's PC unless he does internet banking in which case that is more likely to be a criminal and not a spying agency. Just about everything else the government need to know about us is stored on their computers anyway, what do you actually think goes on with the data for your driving licence, NHS record, council tax record, etc., etc.

No one needs to waste their time with your drivers Ken, any hacker worth their salt could compromise your PC with ease if they wanted to or else lift your communications from the net.

Now the world of technology moves relatively fast and so even what I write above may now be out of date, so do not take it literally just in case.

Our ethical responsibilities are just to do our jobs to the best of our abilities and not carry out ciminal activities or else assist others to carry them out. Now if I am builder and I am asked to build a house then I do so in good faith and if sometime after a criminal mastermind wishes to take over that house then that is not my issue. If I however build a house which I know is to be used for criminal activities then my ethical responsibility would be to report that to the relevant authorities and then allow them to do their job.

Regards.
 28 September 2013 12:23 PM
User is offline View Users Profile Print this message



kengreen

Posts: 400
Joined: 15 April 2013

yes, I thought I would very likely stamp on a few toes.

However most of these responses illustrate my oft repeated remark that it is always a good idea to "read, mark and inwardly digests" the originating subject matter.

My point had nothing to do with espionage, criminal activities or the egos of programmers. I believe that I achieved my purpose in drawing attention to the appalling quality of the software that drives today's computers and to the very serious matter of the industry following the American inclinations in that everyone does as (s)he believes - in short that discipline is a dirty word for a technique that hinders our God-given rights and freedoms.

At this moment I'm thinking of a television documentary following an investigation into large airliners who were developing the unpleasant habit of shedding engines. It was discovered that fitters were ignoring the rules and loading/unloading these monster engines in a much more simple way using a forklift; as a result they were bending the engine mountings which thereafter suffered metal fatigue!

All that I ask is that engineering in all its aspects moves into the professional world in which nothing is acceptable except the very best and to teach that to be"professional" has nothing whatever to do with the length of a working day nor with the remuneration.

Ken Green
 28 September 2013 01:25 PM
User is offline View Users Profile Print this message



westonpa

Posts: 1771
Joined: 10 October 2007

Originally posted by: kengreen
yes, I thought I would very likely stamp on a few toes.
However most of these responses illustrate my oft repeated remark that it is always a good idea to "read, mark and inwardly digests" the originating subject matter.

My point had nothing to do with espionage, criminal activities or the egos of programmers. I believe that I achieved my purpose in drawing attention to the appalling quality of the software that drives today's computers and to the very serious matter of the industry following the American inclinations in that everyone does as (s)he believes - in short that discipline is a dirty word for a technique that hinders our God-given rights and freedoms.


Well Ken please yourself kindly read the topic heading and keep to it and if you wish to go on about something different then click on the small icon which says 'new topic' and start one.

Did you note the text also in the first post and from the person who raised the new topic "In the world of international espionage, if they can they will. No-one in the security industry was surprised by these revelations. However, they forced a reaction to a practice that has long been assumed is taking place."

Here's a suggested heading for you 'The appaling state of computer software'. In essence follow your own advice.

Regards.
 28 September 2013 05:50 PM
User is offline View Users Profile Print this message



kengreen

Posts: 400
Joined: 15 April 2013

Western Pa,

Sorry, dear boy but I was under the delusion that that was precisely what I was doing.

If I caused pain then I willingly say: "sorry". But regrettably I can see nothing to retract.

Ken
 29 September 2013 11:38 AM
User is offline View Users Profile Print this message



westonpa

Posts: 1771
Joined: 10 October 2007

Ken,

The topic is more or less about espionage and that was made quite clear by the person who raised it. You lecture others on how they should read your words and yet you wrote 'My point had nothing to do with espionage, criminal activities'. So basically your point had zero to do with the topic, according to your own words.

So why are they in this topic?

Start a new one if you want to write about something else and then see of people want to talk to you about it. With regards to your comments on the appaling state of software etc., then people can discuss that with you in your new topic.

Now if that is too difficult for you then by all means ask for some assistance and we can advise you.

Regards.
 29 September 2013 01:52 PM
User is offline View Users Profile Print this message



kengreen

Posts: 400
Joined: 15 April 2013

oh westonpa,,

I'm inclined to think that this subject has been thoroughly explored in both breadth and depth. I can but speak for myself and I am finished with it.

Regards,

Ken
 29 September 2013 01:52 PM
User is offline View Users Profile Print this message



kengreen

Posts: 400
Joined: 15 April 2013

oh westonpa,,

I'm inclined to think that this subject has been thoroughly explored in both breadth and depth. I can but speak for myself and I am finished with it.

Regards,

Ken
 29 September 2013 02:55 PM
User is offline View Users Profile Print this message



westonpa

Posts: 1771
Joined: 10 October 2007

Well that's good news.

If however you do wish to raise a new topic, I shall be more than happy to post some comments.

Regards.
 03 October 2013 08:58 PM
User is offline View Users Profile Print this message



jarathoon

Posts: 1032
Joined: 05 September 2004

An exceptionally well composed and written piece by John Lanchester in the Guardian.

"The Snowden files: why the British public should be worried about GCHQ"

"When the Guardian offered John Lanchester access to the GCHQ files, the journalist and novelist was initially unconvinced. But what the papers told him was alarming: that Britain is sliding towards an entirely new kind of surveillance society"

http://www.theguardian.com/wor...files-john-lanchester

It's certainly worth thinking further about his proposal for a digital bill of rights.

James Arathoon

-------------------------
James Arathoon
 04 October 2013 10:32 PM
User is offline View Users Profile Print this message



westonpa

Posts: 1771
Joined: 10 October 2007

Digital bill of rights, are you joking? No law will protect you from this type of spying, that's the whole point. Modern technology is advancing far quicker than laws can and so your only real defence is to utilise the skills and abilities of those who develop the software which can be used to maintain your privacy or else just be ordinary and do nowt wrong in which case why would anyone really want to look at you?

Most of these spy agencies are spending most of their time spying on each other and on those from other countries, they have little time or concern for James.

Regards.
 06 October 2013 08:32 PM
User is offline View Users Profile Print this message



jarathoon

Posts: 1032
Joined: 05 September 2004

Originally posted by: westonpa

Digital bill of rights, are you joking? No law will protect you from this type of spying, that's the whole point.



I agree. Governments will want to use any means they can to spy on their populations and their communications, my point isn't that we should try to stop them. My point is that we should have an intelligent debate about the potential consequences and unintended consequences of doing this.

The point of a digital bill of rights would not to concentrate on the regulation of the data collection and storage aspect. We can assume this is going on and that the nature and scope of it will change with time.

The problem really is on what happens to the data once it has been collected and stored somehow.

In my classification scheme above I am most concerned about getting 3, 4, 5 and 6 right, than stopping 1 and 2.

Lets take the Madeleine McCann case which is now back in the news.

http://www.theguardian.com/uk-...rmation-disappearance

Old mobile phone data now analysed in new and different ways that could perhaps lead to a breakthrough in the case. I very much agree with this use. I think it is fair for the police to obtain data for all mobile phone use in the vicinity of a crime scene, within a reasonable time frame before and after, and then for further investigative work to identify the people using them. (It is quite common for people to return to scene of the crime for instance, if they haven't straight away fled the area). I doing think this amounts to data trawling. It is targeted detective work, to discover who was in the area, and to get statements from as many as possible, to eliminate them as suspects from the investigation.

Now what if in the course of doing this detective work, they find a politician known for promoting family values cheating on their partner, or find a bunch of other people involved in some form minor or petty criminality, what should they do?

At the moment they act by the convention that means they will effectively turn a blind eye if it suits the needs of their investigation.

What I mean by supporting a digital bill of rights is we need to better clarify what is proportionate and what is not proportionate when it comes to how we use stored data, because there can be unintended consequences. Perhaps unintended consequences that are harmful to a free society and the values that maintain sustain it.

For example, would it be proportionate to set up a petty crimes investigations unit that delt with all the petty crime that was uncovered by chance as a by-product of major criminal investigations.

Here methods deemed proportionate for investigating one class of crime, would in effect leak across into the investigation of much lesser crimes or circumstances that might be indicative of a crime. Proportionality could be lost perhaps without public debate deciding where the balance lies.

If a serious crime investigation picks up issues that might effect a teachers CRB record, what then? And so on and so forth.

The trouble with randomly trawling data stores for evidence of crimes is that it will probably get more false positives than you can cope with effectively. Lots of data may be provisionally stored pending full investigation. Data only becomes meaningful and truly representative of reality if you do the necessary detective work to constrain the possibility space.

For example someone reading terrorist propaganda websites might be simply researching terrorism for a book or magazine article, rather than looking to promulgate doctrines that might incite people to violence.

Someone regularly reading anti-nuclear websites, might not be anti-nuclear, but might wish to engage more in understanding any valid critique they may have.

Evidence that might seem to imply one thing at first sight, could in fact may be evidence for something completely different or even opposite to your first thesis.

James Arathoon

-------------------------
James Arathoon
 07 October 2013 08:27 AM
User is offline View Users Profile Print this message



IanDarney

Posts: 32
Joined: 18 January 2003

I suggest that the IET sets up a sub-committee to formulate a policy on the use of data storage for surveillance by the security services. It is engineers who provide the means by which the data can be stored and manipulated. We cannot pretend that the use of the technology is nothing to do with us.

There could be an IET member at GCHQ who has identified corruption in the organisation. If he blew the whistle, how would the IET react? Leave him to the tender mercies of the right-wing politicians, or provide legal support?

The first item on the table would be the recommendation made by John Lanchester in his report on the Snowden files.

Ian Darney
 09 October 2013 03:57 PM
User is offline View Users Profile Print this message



jarathoon

Posts: 1032
Joined: 05 September 2004

Ian,

I have just sent an email to Alan Berry who helps co-ordinate the IET IT and Communication policy panels, to flag up that his discussion as taken place and specifically to your comments on the matter.

I will let you know when I get a response.

James Arathoon

-------------------------
James Arathoon
 10 October 2013 06:48 PM
User is offline View Users Profile Print this message



westonpa

Posts: 1771
Joined: 10 October 2007

Originally posted by: jarathoon
I will let you know when I get a response.


Well you will not need to let GCHQ know!

Regards.
Statistics

See Also:



FuseTalk Standard Edition v3.2 - © 1999-2014 FuseTalk Inc. All rights reserved.