---------- Forwarded message ---------- Date: Thu, 27 Sep 2001 16:17:45 -0400 From: "R. A. Hettinga" <rah@shipwright.com> To: dcsb@ai.mit.edu, cryptography@wasabisystems.com Subject: Diffie, Sterling, Lessig, et al., interviewed http://www.nytimes.com/2001/09/27/technology/circuits/27TECH.html?pagewanted... September 27, 2001 In the Next Chapter, Is Technology an Ally? By KATIE HAFNER OVER the last two weeks, computer scientists and others who think about technology have wondered aloud about its likely role in countering terrorism -- or in carrying it out. Have the limitations and dangers of technology been overlooked? Where, on the other hand, might technological innovation emerge or be redirected as a result of recent events? For Ray Kurzweil, an expert in artificial intelligence and an innovative figure in computing, the events are already accelerating technologies that allow work, and people, to be dispersed rather than centralized. Security experts like Peter Neumann point to the renewed interest - and perhaps unfounded confidence - in technologies to confirm identities and track movements. "Overendowing high-tech solutions is riskful," Dr. Neumann said, "in the absence of adequate understanding of the limitations of the technology and the frailties and perversities of human nature." Mr. Kurzweil and Dr. Neumann, a computer scientist at SRI International, a research group in Menlo Park, Calif., were among six technology experts invited by Circuits to assess the challenges ahead. The other participants were Bruce Sterling, a science fiction author who writes frequently about technology; Lawrence Lessig, a professor at Stanford Law School who has written extensively on law and the Internet; Severo Ornstein, a retired hardware engineer and one of the computer scientists who worked on the original Arpanet, the precursor to the Internet; and Whitfield Diffie, the inventor of public key cryptography, a method of encoding electronic communications. Each has been in the public eye for a decade or more, thinking and writing about the promise and peril of technology. Some are more sanguine than others about a high-tech society. Their discussion, conducted last weekend by e-mail, touched on technology's possible uses in fostering security and on the issues that will arise along the way. Here are excerpts from the conversation. Q. What role will technological innovation play in responding to terrorism? Lessig These attacks could spur a great deal of technological innovation. The hard question is whether the innovation will be tailored to protect privacy as well as support legitimate state interests in surveillance and control. We as a culture think too crudely about technologies for surveillance. The conflict is always framed as some grand either/or. But if we kept pressure on the innovators and, in particular, the government, to develop technologies that did both, we could preserve important aspects of our freedom, while responding to the real threats presented by the attacks. Kurzweil The Sept. 11 tragedy will accelerate a profound trend already well under way from centralized technologies to distributed ones and from the real world to the virtual world. Centralized technologies are subject to disruption and disaster. They also tend to be inefficient, wasteful and harmful to the environment. Distributed technologies, on the other hand, tend to be flexible, efficient and relatively benign in their environment effects. In the immediate aftermath of this crisis, we already see a dramatic movement away from meetings and conferences in the real world to those in the virtual world, including Web- based meetings, Internet-based videoconferencing and other examples of virtual communication. Despite the recent collapse of market value in telecommunications, bandwidth nonetheless continues to expand exponentially, which will continue to improve the resolution and sense of realism in the virtual world. We'll see a great deal of innovation to overcome many of the current limitations. Diffie Revision of the air traffic control system together with that of other industrial command and control phenomena will push reliability and security in computing and computer communications. Such systems may provide a testing ground for the command and control of ballistic missile defense systems in which response times may be slower but the spectrum of phenomena requiring analysis will be broader. Attempts to control the use of cryptography and other security measures will make the development of improved command and control networks more difficult and may impede this task by limiting the people who can contribute to approved government and contractor personnel. Lessig This "scenario of terror" was not low tech, for its impact was not just the impact of the souls who were lost. As powerful was the effect of a world watching as it occurred. The technology of a networked world meant that scores of television cameras would be trained on the south tower, to capture the horror of the delayed second impact. And the extraordinary impact of these killings in two cities is the product of a heavily integrated - technologically integrated - world community. Terrorists take advantage of this technology to have the effect they seek. Elsewhere, in places without this technology, it would not have the same effect. Diffie Larry, this is a great observation. I wonder if it will be possible to discover whether the attackers had that subtlety of thought. Q. Larry Lessig says that the hard question is whether innovation will be tailored to protect privacy as well as support legitimate state interests in surveillance and control. Do you agree that we as a culture tend to think too crudely about technologies for surveillance? Where do you think the trade-offs should be? Neumann The most elaborate technological measures are likely to be inadequate, misused and subverted. Surveillance is all too easily misused. Trapdoors in cryptography to facilitate law enforcement can be misused. Existing system security is seriously flawed. As a result, we must avoid expecting technological security measures to be adequate in protecting privacy. So, ultimately, we have a double-edged sword. Techniques to protect can be used to subvert, attack or otherwise compromise human rights, nation states and organizations. The problems are inherently human, and technology can be used for good or bad. Sterling The question is badly put. I don't worry much about Big Brother states surveilling average citizens. It's just not cost-effective, and what Mom says in Peoria just doesn't interest the serious power players in spydom. I do worry plenty about sneaky political operatives carrying out dirty-tricks campaigns against the private lives of prominent politicians. The payoff there is huge. It can destabilize legitimate governments more effectively than terrorism. I don't think there's a good trade- off here. If we're going to use surveillance as a weapon, then we should trust our democratic traditions and arm the population with it. Kurzweil The nature of these terrorist attacks and the organization behind it puts civil liberties in general at odds with legitimate state interests in surveillance and control. The entire basis of our law enforcement system, and indeed much of our thinking about security, is based on an assumption that people are motivated to preserve their own lives and well-being. That is the logic behind all of our strategies from law enforcement on the local level to mutual assured destruction on the world stage. But a foe that values the destruction of both its enemy and itself is not amenable to this line of attack. Lessig This is a critically important insight. The real problem we face is not slowness in technological innovation. The real problem is slowness in legal and civil rights innovation in response to the technological change. It was not until the late 1960's that the Supreme Court finally held that wiretapping was regulated by the Fourth Amendment. The reason for this failing has lots to do with the way lawyers think. We are reactive traditionalists. It is hard to think creatively. But if we used the same kind of innovative creativity that our Framers used in crafting our government, we could craft creative balances between technological capabilities and human weakness. Technologies can't be guaranteed to be used only for the good. But technologies placed within well-crafted institutional structures can be made more likely safe than not. Diffie (Disclosure: I am in the protection business.) In my view the natural trade-off is a broad public right to inquire (i.e., listen to the radio, point infrared sensors around, make video recordings, analyze the data from the sensors with computers, etc.) and the right of the individual to employ protection from surveillance (cryptography, insulated walls, wearing a mask, using pseudonyms, etc.). This presumes a commercial right to make and sell products that support the individual's desire for privacy. I read in the documents of the revolutionary era a recognition of a broad right of the individual to act on self-perceived interest and generally not to be required to cooperate with someone else's view of those interests. This seems to me roughly what freedom means. The trends in contemporary society that most bother me are not so much government use of wiretaps or video cameras but such things as the requirement that cash transactions over $10,000 be reported to the I.R.S., that I must show identification to travel, etc. Ornstein I think there is a genuine tension between the desire for security and for privacy/individual freedom. This is just an instance of the more general conflict between the needs and desires of the individual and those of the larger society. Today's technology permits small numbers of people to wreak a disproportionate amount of havoc. (Without jet airplanes, the hijackers couldn't have done much damage with their box cutters.) I suspect the debate about where to draw the security line will probably be ongoing and will depend on how much damage occurs in the future: The more damage, the tighter we'll circle the wagons. Copyright 2001 The New York Times Company | Privacy Information -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com