LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LCA: Jacob Appelbaum on surveillance and censorship

LCA: Jacob Appelbaum on surveillance and censorship

Posted Jan 26, 2012 15:26 UTC (Thu) by lacos (subscriber, #70616)
Parent article: LCA: Jacob Appelbaum on surveillance and censorship

"There is a lot of money to be made in surveillance equipment, but the companies involved should be held culpable for the uses to which that equipment is put."

This is a horrible idea. The community has been fighting this idea for years. See for example software that can be used to decrypt/rip DVDs. Or BitTorrent, which is technically able to distribute large amounts of data without regard to copying terms. Or even the Tor network, which can be used to protect political dissent, but also for nefarious things that violate human rights. Or see the eternal "kitchen knife" example.

It's only a tool. The "how" and the "what for" depend on the end-user.

... Second, regarding Tor itself, Tor needs exit nodes to function. I'm not insane to associate my residential IP address with *possibly* criminal activity.

(Log in to post comments)

Only a tool

Posted Jan 26, 2012 15:40 UTC (Thu) by corbet (editor, #1) [Link]

I understand where you're coming from here, but... If it's "only" a tool designed to be installed at ISPs, intercept communications, and inject malware into target users' systems, to what other uses could it be put?

If I finally follow through on my childhood ambition to open up a roadside pipe bomb stand, can I really then say that I have no responsibility for what the end user does with my products? If I make equipment designed for wholesale spying by oppressive regimes - and I market and sell it to those regimes - is my position really different to the point that one should not even raise the question?

Only a tool

Posted Jan 26, 2012 16:20 UTC (Thu) by cdmiller (subscriber, #2813) [Link]

The tool analogy stands. TNT was created and used as a construction tool. Should we target the explosives maker because their largest customers turn out to be military rather than construction or fireworks folks? Should we attempt to censor tools and the knowledge necessary to create them? Should we hold the authors of packet sniffers and traffic analysis tools guilty for the actions of a government who uses them for nefarious purposes? I think not.

A concerned activist might be able to go after suppliers who violate the GPL with the surveillance equipment they sell...

Only a tool

Posted Jan 26, 2012 16:26 UTC (Thu) by felixfix (subscriber, #242) [Link]

Your pipebomb example is contrived, black and white. The real world has better examples.

Explosives are only tools, used extensively in mining for instance. No matter how well protected, it is sometimes stolen and used to rob banks or blow up cars. Would you ban all explosives? Would you charge those whose explosives were stolen with the crimes committed?

Guns have many uses; estimates range up to 2.5 million times a year in the US when someone uses a gun to deter crime, such as home burglaries or gay bashing, and my own limited experience with friends and neighbors thinks this might be low, altho it's anybody's guess how many of these deterred crimes would have actually happened. Those hoplophobes who hate guns would sue gun manufacturers when a gun is used for evil; but they ignore the good uses.

Cars are used in crimes, so are phones, bicycles, airplanes and boats, and we may as well get silly and throw in shoes and clothing and even food. Does anyone really need a car which can go as fast as 90% of the cars sold today? Should we take the really fast cheap ones, the "muscle" cars, off the market as being too commonly used for crimes such as speeding?

Governments make noises from time to time of banning pre-paid cell phones because they are hard to track and too often (by government standards) used by criminals. Should we ban all those?

Cash is awful, for government spying ends. The classic criminal tool is not guns or fast cars; it is a briefcase full of cash. You never see bad guys paying each other with checks or credit cards. Arguably cash is the most common crime tool and enabler. Should we ban cash?

Only a tool

Posted Jan 26, 2012 17:33 UTC (Thu) by corbet (editor, #1) [Link]

Is the example contrived? Is it really more black-and-white than "if it's a tool, it's OK to make regardless of its intent"? If you say "tools are tools, no exceptions" you have to accept examples like that. Either the pipe bomb stand is OK, or there are some "tools" whose existence you are unwilling to tolerate.

Assuming the latter, doesn't it make sense to ask which side of the line a device like FinFly stands on?

Again, I am aware of the dangers of this discussion. To have some government decree that free software and general-purpose computers are tools for hacking and infringement that should be banned is not even remotely unimaginable. I hope I don't have to say that I would be opposed to anything along those lines. But we'll not head off that prospect by refusing to discuss the culpability of those who make tools that are explicitly designed and marketed for illegal and immoral purposes. Indeed, I fear that there is a good chance that we could make it more likely.

Only a tool

Posted Jan 26, 2012 17:43 UTC (Thu) by felixfix (subscriber, #242) [Link]

I was more saying that your pipebomb example is too simple to be a useful example; very few programs are written with anywhere near that single minded clarity. Perhaps a better response would have been to say that if you want to ban roadside pipebomb stands, you have to also ban roadside stands, pipes, and matches, all of which are entirely innocent by themselves.

Only a tool

Posted Jan 26, 2012 17:50 UTC (Thu) by lacos (subscriber, #70616) [Link]

> If it's "only" a tool designed to be installed at ISPs, intercept
> communications, and inject malware into target users' systems, to what
> other uses could it be put?

Provided there are no other uses, you could consider them some kind of "weapon". Weapons are strictly regulated. So, regulate all these tools strictly as well. Tie them to a warrant or other authorization that's required for sting operations.

If someone in law enforcement pulls the trigger, there's an investigation afterwards. The manufacturer is *never* investigated; their responsibility probably ends with sticking to the sanctioned distribution channels. And there are cases when use of "lethal force" (ie. use of the "tool") is justified, even when the only purpose of the tool is to do harm.

If this process (or legal framework), which I did a horrible job to describe, works for *real* weapons, it should be good enough for wiretaps. If companies can manufacture arms and governments can sell them abroad, I don't think it would be *proportionate* to hold surveillance equipment manufacturers *more* responsible for 3rd party use of their products, especially if their distribution channels are strictly regulated.

Only a tool

Posted Jan 26, 2012 20:36 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

the identical tool could be used by companies to intercept communications and do malware checks on the data being passed, changing what goes to employee desktops to redirect bandwidth intensive stuff to an internal mirror server (or replace it with a video telling you that it's not allowed at work)

Only a tool

Posted Jan 26, 2012 21:28 UTC (Thu) by cmccabe (guest, #60281) [Link]

There's a difference between being legally culpable and morally responsible.

The question you have to ask before passing any law-- or making anything a crime-- is what the real-world consequences will be. Having laws that are overly broad like "you should be a good person" doesn't lead to more good people; it just leads to abuses of the law.

Making the writers of software responsible for every bad thing the users did would not lead to more moral people; it would just lead to fewer software writers.

Personally I find David Brin's ideas about the transparent society pretty interesting. I don't think the clock can be turned back on at least certain forms of surveillance.

Only a tool

Posted Jan 26, 2012 22:11 UTC (Thu) by corbet (editor, #1) [Link]

I agree on that difference. I honestly don't know if Jacob was saying that manufacturers of surveillance equipment should be legally sanctioned for their acts. "Culpable" ("guilty" or "blameworthy") does not necessarily imply that. Saying that somebody shares the blame for an evil act is not the same as sending in the SWAT team.

LCA: Jacob Appelbaum on surveillance and censorship

Posted Jan 30, 2012 6:28 UTC (Mon) by obi (guest, #5784) [Link]

I think the idea is not to hold the tool responsible, but to make companies accountable for their dealings with, for example, oppressive governments.

I find it difficult to accept how people are able to put their individual conscience/ethics/morals/standards on hold when working for a company, in the name of "being professional". I don't think a business should be excused for doing a faustian deal so to speak, just because it's work.

So my takeaway is that while the tools are indeed neutral and inherently amoral, it's only right that the companies and governments that use them are scrutinized and held to a high standard.

That's how I read the line:
"... but the companies involved should be held culpable for the uses to which that equipment is put."

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds