A Philosopher's Blog

The Ethics of Stockpiling Vulnerabilities

Posted in Business, Ethics, Philosophy, Politics, Technology by Michael LaBossiere on May 17, 2017

In May of 2017 the Wannacry Ransomware swept across the world, impacting thousands of computers. The attack affected hospitals, businesses, and universities and the damage has yet to be fully calculated. While any such large-scale attack is a matter of concern, the Wannacry incident is especially interesting. This is because the foundation of the attack was stolen from the National Security Agency of the United States. This raises an important moral issue, namely whether states should stockpile knowledge of software vulnerabilities and the software to exploit them.

A stock argument for states maintaining such stockpiles is the same as the argument used to justify stockpiling weapons such as tanks and aircraft. The general idea is that such stockpiles are needed for national security: to protect and advance the interests of the state. In the case of exploiting vulnerabilities for spying, the security argument can be tweaked a bit by drawing an analogy to other methods of spying. As should be evident, to the degree that states have the right to stockpile physical weapons and engage in spying for their security, they also would seem to have the right to stockpile software weapons and knowledge of vulnerabilities.

The obvious moral counter argument can be built on utilitarian grounds: the harm done when such software and information is stolen and distributed exceeds the benefits accrued by states having such software and information. The Wannacry incident serves as an excellent example of this. While the NSA might have had a brief period of advantage when it had exclusive ownership of the software and information, the damage done by the ransomware to the world certainly exceeds this small, temporary advantage. Given the large-scale damage that can be done, it seems likely that the harm caused by stolen software and information will generally exceed the benefits to states. As such, stockpiling such software and knowledge of vulnerabilities is morally wrong.

This can be countered by arguing that states just need to secure their weaponized software and information. Just as a state is morally obligated to ensure that no one steals its missiles to use in criminal or terrorist endeavors, a state is obligated to ensure that its software and vulnerability information is not stolen. If a state can do this, then it would be just as morally acceptable for a state to have these cyberweapons as it would be for it to have conventional weapons.

The easy and obvious reply to this counter is to point out that there are relevant differences between conventional weapons and cyberweapons that make it very difficult to properly secure them from unauthorized use. One difference is that stealing software and information is generally much easier and safer than stealing traditional weapons. For example, a hacker can get into the NSA from anywhere in the world, but a person who wanted to steal a missile would typically need to break into and out of a military base. As such, securing cyberweapons can be more difficult that securing other weapons. Another difference is that almost everyone in the world has access to the deployment system for software weapons—a device connected to the internet. In contrast, someone who stole, for example, a missile would also need a launching platform. A third difference is that software weapons are generally easier to use than traditional weapons. Because of these factors, cyberweapons are far harder to secure and this makes their stockpiling very risky. As such, the potential for serious harm combined with the difficulty of securing such weapons would seem to make them morally unacceptable.

But, suppose that such weapons and vulnerability information could be securely stored—this would seem to answer the counter. However, it only addresses the stockpiling of weaponized software and does not justify stockpiling vulnerabilities. While adequate storage would prevent the theft of the software and the acquisition of vulnerability information from the secure storage, the vulnerability would remain to be exploited by others. While a state that has such vulnerability information would not be directly responsible for others finding the vulnerabilities, the state would still be responsible for knowingly allowing the vulnerability to remain, thus potentially putting the rest of the world at risk. In the case of serious vulnerabilities, the potential harm of allowing such vulnerabilities to remain unfixed would seem to exceed the advantages a state would gain in keeping the information to itself. As such, states should not stockpile knowledge of such critical vulnerabilities, but should inform the relevant companies.

The interconnected web of computers that forms the nervous system of the modern world is far too important to everyone to put it risk for the relatively minor and short-term gains that could be had by states creating malware and stockpiling vulnerabilities. I would use an obvious analogy to the environment; but people are all too willing to inflict massive environmental damage for relatively small short term gains. This, of course, suggests that the people running states might prove as wicked and unwise regarding the virtual environment as they are regarding the physical environment.

 

My Amazon Author Page

My Paizo Page

My DriveThru RPG Page

Follow Me on Twitter

Truth, Loyalty & Trump

Posted in Ethics, Law, Philosophy, Politics by Michael LaBossiere on May 12, 2017

While the first hundred (or so) days of a president’s reign is something of an arbitrary mark, Trump seems to have ignited more controversy and firestorms than most presidents. Since Lincoln’s election lead to the Civil War, he still leads here—but Trump is, perhaps, just getting warmed up.

The most recent incident in the Trump reign is the firing of FBI Director James Comey. The narrative of why Comey was fired has served as yet another paradigm example of the nature of the Trump reign. The initial reason given was that Comey was fired for how he handled the Clinton email scandal. This story would convince only the most deluded—Trump and his fellows had praised Comey for his role in crashing Hillary’s chance of being elected. Trump’s minions also deployed to assert that Comey was fired because he had lost the confidence of the people at the FBI. This, like most assertions originating from the Trump regime, seems to be untrue. Trump himself seems to have presented what might be a real reason for Comey being fired: “When I decided to just do it, I said to myself, I said ‘You know, this Russia thing with Trump and Russia is a made-up story, it’s an excuse by the Democrats for having lost an election that they should have won.’ ” These claims are contrary to the reasons advanced by his minions; the claim that he decided to “just do it” is contrary to the earlier narrative that Trump had acted on the advice of others.

There is also reason to believe that Comey’s refusal to pledge personal loyalty to Trump at a dinner. Public officials, at least in the ideal, pledge their loyalty to the Constitution and not to specific individuals. Comey did promise to always be honest, apparently leading Trump to ask him to pledge “honest loyalty” which could be something that just emerged from Trump’s mouth rather than an actual thing. Trump seems rather worried that Comey might have recorded conversations with him; at least Trump is threatening Comey about such hypothetical tapes on Twitter.

When writing about the Trump reign, I feel as if I am writing about a fictional universe—what happens in Trump space seems to be stuff of bad alternative reality fiction. However, it is quite real—and thus needs to be addressed.

Starting on the surface, the Comey episode provides (more) objective evidence that the Trump regime engages in the untrue. As noted above, Trump’s minions presented one narrative about the firing that was quickly contradicted by Trump. Since all these claims cannot be true, a plausible explanation is that either Trump’s minions were lying or Trump was. Alternatively, those involved might have believed what they were saying. In this case, they would not be lying—although at least some of them would have said untrue things. This is because a lie requires that the liar be aware that what they are asserting is not true; merely being in error about the facts is not sufficient to make a person a liar.

Digging a bit deeper, Trump’s request for a pledge of loyalty seems to reveal his view of how the government should work—loyalty should be to Trump rather than to the Constitution. This is consistent with how Trump operates in the business world and the value he places on loyalty is well known.

While loyalty is generally a virtue, the United States professes to be a country that follows the rule of law and that places the constitution on the metaphorical throne. That is, public officials pledge their loyalty (as public officials) to the constitution and not to the person who happens to be president. This principle of loyalty to the constitution is critical to the rule of law in the United States. If Trump did, in fact, expect Comey to pledge loyalty to him, Trump was attacking a basic foundation of American democracy and our core political philosophy.

This is not to say that officials should lack all personal loyalty; just that their loyalty as public officials should be first and foremost to the Constitution. It could be argued that Trump was merely asking for an acceptable level of professional loyalty or that he was asking Comey to pledge his loyalty to the Constitution. While not impossible, it seems unlikely that Trump would ask for either of those things.

Comey’s unwillingness to pledge loyalty to Trump points to another likely reason for his firing. Trump presumably hoped that a loyal Comey would drop the investigation into Russian involvement with the Trump campaign. It seems likely that when it became clear that Comey was not going to let the matter go away, Trump fired him. The Russian Foreign Minister Sergey Lavrov engaged in a bit of wit about the Comey firing, asking reporters if Comey was fired and then responding with “You’re kidding, you’re kidding,” when the answer was given.

While some have claimed that Trump has created a constitutional crisis, this is clearly not the case. As others have pointed out, Trump has the authority to fire the director of the FBI for any reason or no reason. As such, Trump has not exceeded his constitutional powers in this matter. At the very least, the firing created “bad optics” and certainly created the impression that Trump fired Comey because Trump has something to hide. Since the Republican controlled congress seems to be generally unconcerned with the matter, Trump might be able to ride out the current storm and get an FBI director confirmed who will pledge loyalty to him and do to the investigation what Putin allegedly does to his political opponents. However, there are some Republicans who are concerned about the matter and they might be willing to work with Democrats and keep the investigation alive. It might turn out that Trump is innocent of all wrongdoing and that his angry blundering about was just that—angry blundering about rather than an effort to conceal the truth. Only a proper investigation will reveal the answer; unless the Russians decide to spill the vodka.

My Amazon Author Page

My Paizo Page

My DriveThru RPG Page

Follow Me on Twitter

Automation & Administration: An Immodest Proposal

Posted in Business, Ethics, Law, Philosophy, Politics, Technology by Michael LaBossiere on May 5, 2017

It has almost been a law that technological advances create more jobs than they eliminate. This, however, appears to be changing. It is predicted that nearly 15 million jobs will be created by advances and deployment of automation and artificial intelligence by 2027. On the downside, it is also estimated that technological change will eliminate about 25 million jobs. Since the future is not yet now, the reality might be different—but it is generally wise to plan for the likely shape of things to come. As such, it is a good idea to consider how to address the likely loss of jobs.

One short term approach is moving people into jobs that are just ahead of replacement. This is rather like running ahead of an inextinguishable fire in a burning building—it merely postpones the inevitable. A longer-term approach is to add to the building so that you can keep on running as long as you can build faster than the fire can advance. This has been the usual approach to staying ahead of the fire of technology. An even better and rather obvious solution is to get out of the building and into one that will not catch on fire. Moving away from the metaphor, this would involve creating jobs that are technology proof.

If technology cannot fully replicate (or exceed) human capabilities, then there could be some jobs that are technology proof. To get a bit metaphysical, Descartes argued that merely physical systems would not be able to do all that an immaterial mind can do. For example, Descartes claimed that the ability to use true language required an immaterial mind—although he acknowledged that very impressive machines could be constructed that would have the appearance of thought. If he is right, then there could be a sort of metaphysical job security. Moving away from metaphysics, there could be limits on our technological abilities that preclude being able to build our true replacements. But, if technology can build entities that can do all that we can do, then no job would be safe—something could be made to take that job from a human. To gamble on either our special nature or the limits of technology is rather risky, so it would make more sense to take a more dependable approach.

One approach is creating job preserves (like game preserves, only for humans)—that is, deciding to protect certain jobs from technological change. This approach is nothing new. According to some accounts, one reason that Hero of Alexandria’s steam engine was not utilized in the ancient world was because it would have displaced the slaves who provided the bulk of the labor. While this option does have the advantage of preserving jobs, there are some clear and obvious problems with creating such an economic preserve. As two examples, there are the practical matters of sustaining such jobs and competing against other countries who are not engaged in such job protection.

Another approach is to intentionally create jobs that are not really needed and thus can be maintained even in the face of technological advancement. After all, if there is really no reason to have the job at all, there is no reason to replace it with a technological solution. While this might seem to be a stupid idea (and it is), it is not a new idea. There are numerous jobs that are not really needed that are still maintained. Some even pay extremely well. One general category of such jobs are administrative jobs. I will illustrate with my own area of experience, academics.

When I began my career in academics, the academy was already thick with administrators. However, many of them did things that were necessary, such as handling finances and organizing departments. As the years went on, I noticed that the academy was becoming infested with administrators. While this could be dismissed as mere anecdotal evidence on my part, it is supported by the data—the number of non-academic administrative and professional employees in the academics has doubled in the past quarter century. This is, it must be noted, in the face of technological advance and automation which should have reduced the number of such jobs.

These jobs take many forms. As one example, in place of the traditional single dean, a college will have multiple deans of various ranks and the corresponding supporting staff. As another example, assessment has transformed from an academic fad to a permanent parasite (or symbiote, in cases where the assessment is worthwhile) that has grown fat upon the academic body. There has also been a blight of various vice presidents of this and that; many of which are often linked to what some call “political correctness.” Despite being, at best, useless, these jobs continue to exist and are even added to. While a sane person might see this as a problem to be addressed, a person with a somewhat different perspective would be inspired to make an immodest proposal: why not apply this model across the whole economy? To be specific, a partial solution to the problem of technology eliminating jobs is to create new administrative positions for those who lose their jobs. For example, if construction jobs were lost to constructicons, then they could be replaced with such jobs as “vice president of constructicon assessment”, ‘constructicon resource officer”, “constructicon gender identity consultant” and supporting staff.

It might be objected that it would be wrong, foolish and wasteful to create such jobs merely to keep people employed as jobs are consumed by technology. The easy and obvious reply is that if useless jobs are going to flourish anyway, they might as well serve a better purpose.

My Amazon Author Page

My Paizo Page

My DriveThru RPG Page

Follow Me on Twitter