On June 6, Peter G. Neumann, computer security's "designated holist"—a name given to him by ISCA's Information Security magazine—received an awardesigned to recognize not just his contributions to the field of systems design, but the broader impact his work has made to privacy, civil liberties, and democracy. Neumann was presented with the Lifetime Achievement Award at the Champions of Freedom event held by the Electronic Privacy Information Center (EPIC). During the reception, Neumann highlighted the need to counter the abuse of emerging technologies by promoting common sense, reality, and dependable engineering. Here, he elaborates on those ideas.
What was it like to receive EPIC's Lifetime Achievement Award? It seems like a good fit for someone who takes a big-picture view of systems, privacy, and behavioral and technological failures.
I was delighted to have Rush Holt introduce me, highlighting many of my holistically motivated interests. Rush has been enormously valuable when it comes to science and technology, including his efforts to help achieve greater integrity, fairness, and for quite a long time huge support for our community efforts to have much greater trustworthiness to our elections.
The recipients of the Champions of Freedom Awards were Alex Padilla and Matthew Dunlap, Secretaries of State for California and Maine, both of whom have been enormously effective in striving for greater integrity in elections. Ralph Nader was also present, having long been a champion of automobile and consumer safety. This was a delightful venue, and it was quite an honor to be among those leaders.
The event also genuinely reflected my long and polymorphic association with Marc Rotenberg (one-time executive director of Computer Professionals for Social Responsibility before he created EPIC 24 years ago).
"Altruism is perhaps the most important virtue we need to maintain, especially in times of adversity."
Can you share some of your remarks from the awards ceremony? I understand that you spoke about "altruism"—can you explain why you brought up that term, especially in the context of privacy and civil liberties?
I attempted to channel Stephen Colbert when I observed that there is an important word that was highly relevant to the common interests of everyone present, but which otherwise seems to be sorely lacking in Washington. That word is altruism ("unselfish concern for the welfare of others," including in this context their human rights and privacy). Rush, Ralph, and Marc all share that quality, as did one of my favorite mentors, Roger Nash Baldwin, who founded the ACLU (American Civil Liberties Union) in 1919.
Altruism is perhaps the most important virtue we need to maintain, especially in times of adversity. "And that's the word: Altruism."
With today's fake news and myriad forms of disinformation, perhaps we need a word similar to altruism for the "unselfish concern for the truth," which we might pronounce as all-true-ism.
What do you make of the fallout from the 2016 election?
As a civilization, we must work even harder to promote common sense, reality, the relevance of science and dependable engineering, and above all, the truth. All of these are fundamental to human rights, election integrity, freedom of speech, civil rights, and the preservation of democracy. The risks relating to technologies such as artificial intelligence, machine learning, the Internet of Things, and social media, are generally not sufficiently well understood from the perspective of security—especially in the absence of trustworthy systems and trustworthy people, and in the presence of misanthropes with no respect for values, ethics, morals, and established knowledge.
Are you optimistic about the GDPR (the European Union's General Data Protection Regulation) and other privacy initiatives?
Many efforts relating to security and privacy fall victim to the reality that our computer systems are still inherently untrustworthy, and easily attacked by the Russians, Chinese, corrupt insiders, and potentially everyone else. Everything seems to be hackable, or otherwise adversely influenced, including elections, automobiles, the Internet of Things, cloud servers, and more. Essentially, the needs for better safety, reliability, security, privacy, and system integrity that I highlighted 24 years ago in my book, Computer-Related Risks, are still with us in one form or another today. If we do not have systems that are sufficiently trustworthy, respecting privacy remains even more challenging.
Before 2016, do you think computer scientists were guilty of focusing too closely on the technical security of voting systems, and not enough on the hackability of human behavior? Aside from the public opprobrium that Facebook and other social media outlets have since faced, do you think we are doing better to incorporate the total scope of threats to free and fair elections?
Given the enormous risks of direct-recording election equipment (DREs) with only proprietary software, proprietary data formats, and proprietary data during elections, and no meaningful audit trails or possibilities for remediating obviously fraudulent results, our initial efforts were urgently devoted to making the case for voter-verified paper trails that would be the ballot choices of record. For example, I testified in January 1995 for the New York City Board of Elections, and David Dill, Barbara Simons, and I spoke in multiple hearings in 2003 before the Santa Clara County (CA) supervisors, who were planning to acquire $24-million worth of paperless DREs. Dan Boneh, David Dill, Doug Jones, Avi Rubin, Dave Wagner, Dan Wallach, and I participated for seven years beginning in 2005 in an NSF (National Science Foundation) collaborative effort called ACCURATE: A Center for Correct, Usable, Reliable, Auditable and Transparent Elections. (For more recent analysis, see Broken Ballots: Will Your Vote Count, by Doug Jones and Barbara Simons; http://www.timbergroves.com/bb/.)
It was evident that unauditable DREs were a huge weak link. On the other hand, I have long maintained that essentially every step in the election process represents a potential weak link to undermine democracy. For example, various dirty-tricks efforts in Richard Nixon's House, Senate, and Presidential elections were a harbinger of the use of non-technological tactics. The Kerry Swift-boating attacks in 2004 should have been another warning sign. However, the 2016 election should really bring Citizens' United, targeted disinformation, creative redistricting, and other issues to the forefront, although most of the computer scientists working in this area are generally still focused primarily on the computer systems, because the politicians have often been rather disinterested in the big picture or in the technology—apart from some recent concerns about Facebook, Cambridge Analytica, and related issues.
"As a civilization, we must work even harder to promote common sense, reality, the relevance of science and dependable engineering, and above all, the truth."
Redistricting and disenfranchisement are also huge concerns.
As I write this, the Supreme Court has just upheld Ohio's law to remove voters who are not voting "frequently enough." In addition, the Supremes seem to be unable to cope with mathematical reasoning and sound logic.
Leah, as you yourself have suggested to me quite incisively in a broader context, "if we can't agree on parameters for using or distributing a particular set of tools, we cede it to malicious forces as a matter of course."
When we spoke previously, you were working on an effort to develop new systems that could be much more trustworthy. Can you give me an update?
Certainly. Our hardware-software design and development efforts based on our CHERI (Capability Hardware Enhanced RISC Instructions) instruction-set architecture (ISA) began in 2010, and will now continue into early 2021. We are also formally verifying that the ISA satisfies certain critical properties. This is joint work between SRI and the University of Cambridge. Our website (http://www.cl.cam.ac.uk/research/security/ctsrd/) includes the latest hardware ISA specification (along with several variant possible CHERI implementations, and ongoing tech transfer), as well as our published papers.
©2018 ACM 0001-0782/18/12
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and full citation on the first page. Copyright for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or fee. Request permission to publish from [email protected] or fax (212) 869-0481.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2018 ACM, Inc.
No entries found