1 Dec 2015

The ethics of mass surveillance

From Nine To Noon, 9:30 am on 1 December 2015

In the age of mass surveillance, computer scientists need a stronger code of ethics to prevent a dystopian future, says a US cryptographer visiting New Zealand to warn of the dangers.

Professor Phillip Rogaway, a cryptographer and computer scientist from the University of California will deliver a public lecture at Auckland University next week.

He has argued that the Edward Snowden leak, which made confidential US documents available, had provided a glimpse into the new political reality of global systems for mass surveillance, which threatened democracy and violated fundamental human rights.

Professor Phillip Rogaway

Professor Phillip Rogaway Photo: Supplied / University of California

He said this had raised the question of why there was not a stronger sense of social responsibility among scientists and engineers, and has called for a stronger code of ethics for computer scientists, as they were the ones who created the systems that were used by authorities and breached human rights.

Speaking to Nine to Noon today, Prof Rogaway said surveillance data should only be collected from specific targets for a specific cause.

"That is not what is happening at all. Information is being collected en mass - pretty much every telephone call people make, every google search query they make, every instant message they send, are all being recorded and monitored.

"It extends beyond metadata - entire email contents are certainly retained - the extent to which telephone data is maintained in bulk has never been made clear."

He said some of the research he had carried out showed that many of his colleagues in the cryptographical community felt a distance from the consequences of their work.

"This is endemic across science. We have this kind of extreme specialisation, each of us works on our little piece of the puzzle and how it all fits and actually impacts peoples lives is rarely in the front of the mind.

"The cryptographic community is a very small one. The majority of people in the community are interested in abstract mathematical puzzles that are motivated by problems in privacy and security, but don't necessarily directly address any particular human problem. The plan is very long range somehow, that maybe eventually these ideas will be useful, but for the here and now, that has not been the focus."

Prof Rogaway said the study of cryptography extended beyond incription, and went into issues of authenticity, which was arguably more important to e-commerce businesses than privacy.

His proposed code of ethics has been welcomed by many in the community, but Prof Rogaway said some did not want to individually involved.

"In an open letter we approached nearly 100 US-based cryptographers and found that just over half were willing to sign on to the letter after many rounds of changes. The people who did not want to sign on has a variety of reasons, but the most common was that they didn't feel they were somehow experts in this domain, or they thought that engaging in something ostensibly political they would somehow weaken their standing as academic cryptographers."

He said these sentiments were, in some ways, dangerous.

"Scientists actually need to impact public policy when they have the knowledge to do so, but these are prevailing sentiments."

He pointed out that very soon after the first round of Snowden revelations, he attended an event honouring computer scientists, where there was nothing but comments about all the wonderful things computer science had contributed to society, but almost nothing about the threat of that science turning the internet into an "amazing tool for ubiquitous surveillance".

Prof Rogaway said the code of ethics was needed, because the work cryptographers carried out was intensely political, whether they chose to recognise it or not.

"It determines who can and can't do what - this is somehow the basic motivation when you set up cryptographic problems, you're trying to deny particular parties the ability that other parties are enabled."

He said the authorities had spun a "very effective narrative" in which cryptography was a threat and enabled bad guys to accomplish evil purposes, and the threats would stop if the authorities had have better information, these threats will stop.

"I don't think it's a very honest accounting of what is actually going on. If we start illegalising the use of cryptography, or making it very difficult, we don't actually deny use of cryptography from those who would really like to use it - a smart programmer could write these in a day or so, and he also has many other means and his disposal, like face to face meetings.

"Trying to ban or curtail cryptographic use will have no effect on terrorism. What it will affect is ordinary peoples' ability to feel secure when they interact with each other electronically."