Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Embedded Ethics (EuroBSDcon 2019)


Published on

More and more we see technology, both hardware and software, intersect with fundamental issues like privacy, democracy and human rights. The opaqueness of tech makes it a handy instrument of oppression and manipulation. We have taught the population to trust us. We have constructed a world in which they have to exist, with little to no oversight or transparency. We build critical infrastructure on hardware and software that even we cannot audit. How can we wield that responsibility? How do we protect those that speak up? How do we protect the population?

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Embedded Ethics (EuroBSDcon 2019)

  1. 1. @pati_gallardo Turtle Sec @pati_gallardo
  2. 2. @pati_gallardo Patricia Aas C++ Programmer, Application Security Currently : TurtleSec Previously : Vivaldi, Cisco Systems, Knowit, Opera Software Master in Computer Science Pronouns: she/her @pati_gallardo Turtle Sec
  3. 3. @pati_gallardo My hobbies include: - Reading election documents - Petitioning more documents - Imagining how to hack elections 3
  4. 4. @pati_gallardo I’m not cynical. I’m an idealist. I believe in democracy. 4
  5. 5. @pati_gallardo I also believe that election processes have become more fragile, even broken, through the introduction of computers. 5
  6. 6. @pati_gallardo 6 So I am Annoying As a Service
  7. 7. @pati_gallardo Embedded Ethics EuroBSDcon 2019 Patricia Aas @pati_gallardo Turtle Sec
  8. 8. @pati_gallardo We have made a digital world and we made everyone live there. @pati_gallardo 8
  9. 9. @pati_gallardo They never had a choice. @pati_gallardo 9
  10. 10. @pati_gallardo And we have failed to make them literate in this world. @pati_gallardo 10
  11. 11. @pati_gallardo When we fail them, they often don’t even understand how we failed them. @pati_gallardo 11
  12. 12. @pati_gallardo Most journalists I talk to about election security never write anything. They don’t understand what I’m saying. They don’t understand the implications. And if they do, they don’t understand how to communicate it to regular people. 12
  13. 13. @pati_gallardo We made a digital world. And we struggle to protect it because those that make decisions don’t understand it. We sold a story that it’s magic. And now we can’t explain what’s wrong. 13
  14. 14. @pati_gallardo We can’t explain how we sold their privacy. @pati_gallardo 14
  15. 15. @pati_gallardo We can’t explain how we broke democracy. @pati_gallardo 15
  16. 16. @pati_gallardo We can’t explain how we embed devices in their bodies that we don’t fully understand and we are not fully protecting. @pati_gallardo 16
  17. 17. @pati_gallardo We can’t explain how this white male dominated industry keeps on creating things that are unsuited for people of color or women. 17
  18. 18. @pati_gallardo We can’t explain, because they don’t understand what we’re saying. 18
  19. 19. @pati_gallardo They don’t understand what we’re saying... @pati_gallardo 19
  20. 20. @pati_gallardo ...they don’t even believe us @pati_gallardo 20
  21. 21. @pati_gallardo 21 Social ConsciousInnate Workplace culture National Culture We don’t do that Right vs Wrong
  22. 22. @pati_gallardo The Principle of Social Proof 22 “Nobody else is saying anything?” “We’ve always done it this way!” “These people seem to think this is fine!”
  23. 23. @pati_gallardo Pluralistic Ignorance 23 If it was bad, someone would have said something! The Principle of Social Proof leads to...
  24. 24. @pati_gallardo If you are told by your boss to do something unethical, but legal, what recourse do you have? @pati_gallardo 24
  25. 25. @pati_gallardo We argue. We do it. Or we quit. @pati_gallardo 25
  26. 26. @pati_gallardo In the VW case an engineer went to jail. @pati_gallardo 26
  27. 27. @pati_gallardo “I was following orders” is never going to win a trial. @pati_gallardo 27
  28. 28. @pati_gallardo How are we going to protect whistleblowers? 28
  29. 29. @pati_gallardo How are we going to protect whistleblowers? 29
  30. 30. @pati_gallardo How are we going to protect whistleblowers? 30
  31. 31. @pati_gallardo How do other disciplines do it? @pati_gallardo 31 They made Codes of Ethics enforced by Unions or Professional Associations
  32. 32. @pati_gallardo We have no code of ethics. We have no body to evaluate ethics. 32
  33. 33. @pati_gallardo Do we even know if we are harming people or democracy? 33
  34. 34. @pati_gallardo We are making products to “protect” children, that are used to control and abuse intimate partners. @pati_gallardo 34
  35. 35. @pati_gallardo We are making image recognition software that is used to identify protesters. @pati_gallardo 35
  36. 36. @pati_gallardo We are building infrastructure on hardware we can’t inspect, with binary blob drivers and firmware. 36
  37. 37. @pati_gallardo Talking with people that make laws... They don’t know how to regulate us. They believe in our propaganda. They believe in the objective truth of machines. 37 Regulation.
  38. 38. @pati_gallardo There are some lights in the dark, like GDPR. @pati_gallardo 38
  39. 39. @pati_gallardo But also so many false steps, like the reversion of Net neutrality or the EU copyright directive. @pati_gallardo 39
  40. 40. @pati_gallardo We are trapped in a situation where we are incapable of regulating ourselves, and unable to be regulated. 40
  41. 41. @pati_gallardo We are not able to have a public debate, because the informed reporting is practically non-existent. 41
  42. 42. @pati_gallardo Why did we not teach the population? Does that even scale? Can we teach them now? 42
  43. 43. @pati_gallardo In the 90s Norway had “Hjemme PC Ordningen” and “Datakortet” which were attempts at making the population computer literate. But did we interpret that computer literacy too narrowly? Today most people can use a computerized device - but do they understand it? 43
  44. 44. @pati_gallardo The problems in tech are fundamental. @pati_gallardo 44
  45. 45. @pati_gallardo But difficult to grasp. @pati_gallardo 45
  46. 46. @pati_gallardo ACM Code of Ethics and Professional Conduct 1.2 Avoid harm. 46
  47. 47. @pati_gallardo How did other professions regulate themselves? @pati_gallardo 47
  48. 48. @pati_gallardo Norway has a history of powerful unions. We could make a common Ethics Board. We could protect whistleblowers. 48
  49. 49. @pati_gallardo@pati_gallardo 49 How can you break through Social Proof?
  50. 50. @pati_gallardo - Could you justify this to a journalist? 50
  51. 51. @pati_gallardo - What will experts say? 51
  52. 52. @pati_gallardo But if all else fails... 52
  53. 53. @pati_gallardo If rationality doesn’t work... 53
  54. 54. @pati_gallardo 54 Perhaps try Annoying As a Service
  55. 55. @pati_gallardo Turtle Sec @pati_gallardo
  56. 56. @pati_gallardo Turtle Sec Questions? Photos from Patricia Aas, TurtleSec @pati_gallardo
  57. 57. @pati_gallardo ● andre-organisatoriske-regler/etiske-regler-for-leger/ ● sjonspolitiske-utvalg/etikk/reglement-for-radet-for-legeetikk/ ● ● ● Resources @pati_gallardo 57