The Great Software Debate: Technology and Ideology
Date: August 02, 2004Source: Open Society Institute
By:
... has taken a crack at this type of ethical dilemma by developing an ideology-based licensing regime, the hacktivismo enhanced-source software license: http://www.hacktivismo.com/news/modules.php?name=Content&pa=showpage&pid=17
This modified, open source license regime requires that applications be used for their intended purpose, to support Hacktivismo's political agenda: Assertions of liberty in support of an uncensored Internet. Martus, the secure, open source human rights monitoring application referred to above uses strengthened "anti-hacking"clauses in a standard open source software license to protect its application and users.
Making the application available with a license for intended use and clear instructions that it should be used legally in the environment in which it is deployed is probably the best solution for the developer to avoid both extremes. It creates a contract between the developer and the end user but leaves it up to the user in country to abide by both pre-requisites. Restricting the application's use in Russia altogether would probably be as ineffective as the PGP ban was here in the US. On the other hand providing pre-assigned keys is not really an option as neither the FSB or the developer would have the processes and resources in place to track every user that could pull it off an open source application catalog like SourceForge.
This example is not as extreme as it sounds. Commercial vendors are making their software code available to governments in order to meet their national security concerns in light of the global terrorist threat. In making the code available however, trust is being put in the various governments not to abuse or exploit this information.
Case #2 Ideology and Hacktivism: Denial of service attacks have brought down major websites like Yahoo and eBay causing millions of dollars in lost business and annoying service disruptions. They have even precipitated arrests for criminal mischief. However, the famous Chiapas denial of service (DoS) attack attributed to the Electronic Disturbance Theater was an act of civil disobedience, commonly referred to as hacktivism. Hacktivism promotes social causes online, in this case the plight of the indigenous people of Chiapas Mexico. In the current world context, what application of technology constitutes criminal behavior, terrorism or hacktivism/civil disobedience?
The originator of the Chiapas (DoS) attack argues that the Chiapas attack was technologically full of holes. It was acknowledged as easy to get around and obviously technologically flawed as DoS attacks go. It was designed as an act of civil disobedience to send a message clearly related to an issue of social importance. Finally, it was attributed to an organization with known credibility in the hacktivist community, a community driven to advocate for social justice through the creative use of technology. Given the new threats we face today, can we distinguish the nature and intent of these attacks by the sophistication of the software involved, the nature of the cause, the amount of damage done or the entity from which it emanates?
Just as we must be able to distinguish activism and civil disobedience from criminal behavior and environmental terrorism we must learn to distinguish between hacktivism and cybercrime / cyberterrorism. Billions of dollars of national security technology R&D coupled with a push to standardize privacy and surveillance laws internationally have the potential to make the Internet a much less open and democratic place than it has been. It may be far easier to mislabel hacktivism cyberterrorism or at least criminal mischief in the future. Yet activism and civil disobedience are valid forms of protest and should be protected civil liberties even as we address very valid national and global security concerns. There may well come a time when we have to include "traditional" hacktivists as arbiters of what constitutes hacktivism and what does not in a society that is more sensitive to national security concerns.
Case #3 Ideology and the Technical Fix: There are two parts that make up the Martus Human Rights application, a secure client and a secure server. The latter can sit in a different country to securely store human rights reports. The developer wishes to make Martus an open source application along with a modified open source license. However, doing so might open Martus up to dangerous hacking by those who would undermine the application and get to the human rights data it is designed to protect. Is the Hacktivismo modified licensing agreement the application's only protection against people who are already have no issue violating human rights? Doesn't the nature of the application disqualify its submission as an open source product?
In this case, the intelligent design of the application has not only informed its use but also its security. The basic application can be modified as open source software. However, the security it uses to protect users against access to their records is the same strong encryption protocol employed by secure tools such as PGP. This encapsulated module within the Martus product cannot be modified. On the server side, the application designed to store information does nothing but authenticate users and store their data. It cannot even read the encrypted messages. There is not a whole lot of sophistication built into the server side outside of doing very discreet and simple tasks. The processing decisions are made on the client side. Hence there is far less reason to release the server side software as open source because it would not be particularly useful to build upon. The entire application speaks to both development and use ideologies focusing on two objectives: Making it secure enough for the human rights constituency to be able to trust it, and freely available as open source so they can afford to use it.
Case 4 Ideology and Destructive Technology: We assume viruses are all bad. But what if for national security purposes a democratic government creates a virus that infiltrates a terrorist's PC and captures his keystrokes so that important information is uncovered that prevents an attack and saves thousands of innocent lives?
It sounds like a good idea, and is technically quite feasible. Can we be sure that such a virus does not fall into the wrong hands or that is not used improperly in the right hands? Just as a socially responsible application can be used for destructive purposes, so can a typically destructive application be used for benevolent purposes. The ideology of use and the user often determine the context. It is more logical to regulate applications typically used for destructive purposes than those purposed for benevolent use.
Case 5 Free Market Ideology and Technology: What is the responsibility of any commercial corporation that has developed its technology in a free and democratic society not to sell this same technology to repressive governments in order censor, secretly monitor or otherwise oppress its people?
At this crucial intersection between social welfare and free enterprise we have not found the appropriate answer in many contexts. The debate around the publish what you pay movement, conflict diamonds, generic drugs to the developing world and breaking the technology filtering regimes of oppressive countries all have their roots in better defining the traffic lights for this intersection. Often governments are left to regulate business interests as a result of public outcry after the damage has already been done.
Summary
Technology is neither an enabler nor a facilitator of civil society in its own right. Nor is it a decider of its own ethical or non-ethical use. The mechanism that ultimately decides the ideology behind any given technology is its application. It should not be surprising that software development, an area of computer science, presents the same range of ethical dilemmas that most of the other sciences do. In this new environment we live in that seeks to strike a balance between civil liberties and national security we must begin focusing the software ideology debate on the more important issues of what software is developed and deployed for. Software selection should be left to the same operational criteria that have always facilitated successful application deployment -- meeting a defined user need.
Jonathan Peizer is the Chief Technology Officer of the Open Society institute and co-founder of Aspiration. For the sake of transparency, Aspiration has received funding from both Microsoft and the Open Society Institute which has an Open Source Initiative. The Author uses both proprietary and open source environments in his work and has supported both types of environments in an operational and programmatic context. For further comment and other related issues, e-mail [email protected].
Add comment Email to a Friend