Say you're a high-tech software security firm in the U.
S. that sells a spyware application that lets your corporate customers monitor
all the encrypted traffic going through their servers. A benign reason that a customer of
yours wants to buy your software is to catch encrypted malware that might
otherwise mess up the customer's system operations. But that's not the only way your software product could be
used.
Say a repressive government wants to ferret out members
of an opposition group who are trying to organize a grass-roots protest
campaign. The protesters use
encrypted Internet communications to do so, and using the software your company
makes, the repressive government finds out who the protest ringleaders are,
rounds them up, and decapitates them all at sunrise. Should you have sold your software to that government?
Quandaries like these are at the heart of a dispute
between the U. S. Department of Commerce and Silicon Valley
computer-security-software firms.
According to a recent New York
Times report, back in May the Commerce
Department proposed new export restrictions on a wide variety of security
software. Following howls of
protest by software firms, the proposal was shelved, but the Obama
administration has continued to prosecute isolated cases of software showing up
in Iran or Syria, which are the only two countries that are currently subject
to export bans specifically targeted at surveillance technology.
Unfortunately, such bans are not
that difficult to evade, given enough resources. Modern-day gun runners (code runners?) can have the stuff
sent to dummy firms in non-banned countries, and then turn around and send it
from there through a few more countries to its true banned destination. According to the report, that is
exactly what a couple of alleged smugglers from the United Arab Emirates did to
get products from computer-security firm Blue Coat Systems to Syria, where the
use of that software by the Syrian government was detected and published by a
Canadian firm, which told the U. S. Commerce Department about it.
A number of my recent blogs have
dealt with aspects of cyberwarfare, and the increasing arms trade in software such
as Blue Coat's products is one more sign that warfare and its associated
activities such as spying are moving rapidly into the cyber arena. Trade restrictions on conventional arms
are a familiar part of the diplomatic landscape, but deciding which physical
weapons to keep to ourselves is easier than dealing with certain kinds of
security software. A nuclear weapon
is good for only one thing, for instance, but the type of security system that
companies like Blue Coat sell can be used for either good or bad reasons, as my
example shows.
The current compromise restricts
direct sales of such software to Iran and Syria, but as we've seen, it's pretty
easy to evade even those restrictions.
The fact of the matter is that small countries can buy pretty much
anything they want, given enough time and determination, and larger countries
such as China have enough resources to develop their own spyware.
So it looks like the most
realistic position these days is to realize that one way or another, bad
governments (whatever your criterion of "bad" is) will probably be
able to spy on Internet traffic and do other things online that we would wish
they couldn't do. In such an
environment, what are the prospects for free speech, freedom of association,
and other democratic activities that presume citizens are not under the constant
baleful glare of Big Brother, whose cybernetic eye never closes?
A little historical perspective is
in order here. Things like the U.
S. Constitution's Bill of Rights are fairly recent innovations. For most of recorded history, nobody
except maybe a few favored upper-class rich people had anything resembling what
we consider to be legal rights.
Even in peacetime, if you were a peasant or a slave, and the king or
some rich guy came along and took away your donkey, your land, or even your
life, there wasn't much you could do about it. In the West, the rise of Enlightenment ideas about universal
rights took centuries to develop, and it was by no means clear when the
founders of the United States wrote them into the Constitution, that the
experiment would work. But work it
did, and recognition of these rights achieved a high point in 1948 when the
United Nations adopted its Universal Declaration of Human Rights, which
includes the right to freedoms such as privacy and speech.
As the old saying goes, the price
of liberty is eternal vigilance.
And lately, even in the U. S., we have seen actions at the highest
levels of government that smack of the suppression of free speech. I have not read The Silencing: How the
Left Is Killing Free Speech, a book by conservative commentator Kirsten
Powers, but reports of the book cite incidents in which the Obama White House
banned conservative Fox News correspondents from certain press briefings. These are isolated incidents, but they
indicate that at least in some circles, the fundamental right of free speech
has lost some of its appeal when other urgent issues come to the fore.
It's a far cry from disinviting
reporters to spying on everyone's Internet traffic, but the idea is the
same: control of what people are
saying to other people. The
Silicon Valley contingent has a lot to say about open-source software and the
idea that "information wants to be free." But the fact that repressive governments can use
computer-security products for suppression of freedom is a grim reminder that
engineers have to use their imaginations when they make new tools. Imagining how you, a presumably nice
guy or gal, would use your newly invented computer-security product is one
thing. But you should also try the
experiment of thinking about how some evil genius could use your product—and
then maybe try to do something that would make it harder for the bad guys to
succeed.
Sources: The New
York Times report by James Risen, "Battle Heats Up over Exports of
Surveillance Technology" appeared on Oct. 31, 2015 online at http://www.nytimes.com/2015/11/01/world/middleeast/battle-heats-up-over-exports-of-surveillance-technology.html. I also referred to a discussion of
Kirsten Powers' book at RealClearPolitics, http://www.realclearpolitics.com/articles/2015/05/10/the_lefts_crusade_against_free_speech_126535.html,
and the U. N.'s Universal Declaration of Human Rights at http://www.un.org/en/documents/udhr/.
No comments:
Post a Comment