Class 27 (last one!) CS 480-008 5 May 2016 On the board ------------ 1. Last time 2. Rogaway's essay --context --what's his argument? --what arguments does he mention against mass surveillance? 3. Discussion --------------------------------------------------------------------------- 1. Last time --Correction: key management in What's App --HTTP vs HTTPS cookies --HTTPS --ForceHTTPS 2. Rogaway --What is the context for his work? * Who is Phil Rogaway? * What is the academic context for his essay? (Theoretical crypto.) * Sociopolitical context? (mass state surveillance, Snowden revelations, etc.) --What is his argument? * What are the facts? * What are the logical conclusions? * What are the judgments? --What are his arguments against mass surveillance? 3. Discussion --Why are we reading this? Many reasons: * We spent a healthy fraction of the semester learning how to attack systems... * ... and we've studied adversaries. Who is the adversary? How much power do they have? (Depending on who the adversary is, the answer could be: "a lot.") * Rogaway's points are important for _any_ ambitious person (Rogaway and his colleagues, most academics, you) to keep in mind. * Great piece of writing: ** beautifully written, stylistically. pay attention to the sentences, how they flow, their organization into paragraphs, the word choice, etc. ** anticipates objections: treats them fairly, and then presents arguments against them ** reference to many, many specifics ** highly credible: *** acknowledges his own imperfection *** makes his interest and stance clear *** but communicates his expertise through tone, meticulous references, content ** places his work in context: the beginning treats Russell-Einstein, and so does the end. connects his essay to that tradition in an explicit way. --Do you agree or disagree? --What are the lessons? * p7: "right livelihood": what's he talking about? * p8: data mining: what's he talking about? how is big data actually used by corporations and governments? what are the applications? ** recommendation services, yes ** what else? --Why, in the view of Rogaway and others, is it not an acceptable solution to just gather all data but then only use it judiciously and carefully? --What is his point about how language affects thought? * secure messaging vs private messaging * the use of "power" in CS/EE: *** wattage *** adversary's computational abilities never an acknowledgment of real power (spying, coercion, etc.) * framing of security vs. privacy. FBI director example. What's Rogaway saying here? --Speaking of language, what does the quotation on p24 ("I really don't see how things could be better for our purposes") mean? --What is he implying about iO, FHE, and advanced crypto constructs? what do (a)--(d) on p22 mean? --How does "power" (Rogaway's word) exert its influence? ** stockpile vulnerabilities ** subvert CAs ** backdoor crypto (encourage adoption of weak crypto) ** subvert software update ** infiltrate private companies ** undermine crypto implementations example: https://theintercept.com/2015/02/19/great-sim-heist/ ** redirect online discussions --Eisenhower's military-industrial complex used to be military-industrial-academic... [Disclaimer: what follows below is less technical than the topics that we have covered this semester, though the subject is linked to those topics. As the content is not fully technical, I will just state that you are of course free to form your own opinion about these issues (or take a class on this subject! NYU's Helen Nissenbaum is a leader on these topics). In the meantime, I offer some counter-arguments to frequent assertions and questions about privacy-versus-security and mass surveillance. Some of these assertions and questions came up during our class discussion on Thursday.] "I believe the author doesn't address the concern that privacy and security are inherently in conflict." --> He does. What he's getting at, in comparing the law enforcement view vs. the surveillance studies view (pp25-27), is that to ask the question in the terms above (which is rehearsed on p25, item 3) is to have bought into a particular framing about what "privacy" *means* and what "security" *means*. An alternate view, advanced by others and rehearsed by Rogaway, is that security and privacy are not in conflict (especially when we recognize privacy as a social good). Think of the cases where political organizations in the US have been infiltrated. Alternatively: if everything you do is watched, do you really feel secure? (just because the bad guys are also watched?) "But I have nothing to hide". (Me neither.) --> but that doesn't mean you or I want everything we do watched --> and even if you are happy to have all details of your life exposed, what you do today may be interpreted differently by others, now or in the future (things taken out of context, etc.) --> and when everything is watched, and you know it, it tends to encourage conformity, self-censorship (especially online), more narrow views, and less dissent. See p27 See also https://www.hrw.org/report/2014/07/28/liberty-monitor-all/how-large-scale-us-surveillance-harming-journalism-law-and --> another response: you still benefit from living in a society with free speech, with a diversity of views, with the possibility of dissent, with freedom of association, with freedom of the press (and whistleblowing), and so forth. And, when there is pervasive surveillance, these things are diminished. "But the data will be used judiciously" --> How do you know? --> Would you trust the most morally-acting of your friends with this power? --> These agencies are staffed with people, just like you and me. (See the point immediately above.) --> The data is sometimes used in ways that no one intended. There have been life and death consequences: https://theintercept.com/2014/02/10/the-nsas-secret-role/ "Aren't the scientists in SIGINT following an internal moral compass?" --> Indeed, I would guess that most of the people who work in SIGINT are well-intentioned, patriotic, sincere, ambitious, diligent, and highly competent. But this doesn't undermine the arguments above because many of your and my friends are also well-intentioned, patriotic, sincere, etc. So the uncomfortable question arises: why would we grant, to people we don't know and cannot identify, a power that we would not grant to the people closest to us, whom we trust? --> Once the power is given, and once the data is collected, the harm is done.