[p2p-research] Fwd: meeting on p2p risks to national sec
Paul D. Fernhout
pdfernhout at kurtz-fernhout.com
Thu Jul 30 19:28:40 CEST 2009
Michel Bauwens wrote:
> as usual, most interesting ...
>
> it goes in too many directions to publish on the blog
>
> would you consider a more tighter piece around the theme, 'p2p FOR national
> security', I think that kind of message is important,
Thanks, I'll think on that. A wiki page might make sense to if it is an
ongoing growing theme.
By the way, another example of computer communications (p2p-ish email) and
security going wrong:
"IT: McAfee Leaks Conference Attendees' Personal Info"
http://it.slashdot.org/story/09/07/30/0337232/McAfee-Leaks-Conference-Attendees-Personal-Info
"In the cruelest of ironies, e-mail security vendor McAfee has accidentally
coughed up the personal details of some 1400 attendees of its recent
security conference in Sydney, Australia. Those who were sent the list —
attached as a spreadsheet to a thank you e-mail — are far from pleased that
such an extraordinary thing could happen. McAfee, which sells products to
'stop sensitive and protected data from leaving the enterprise through email
and web traffic' has blamed 'human error' for the blunder and is 'taking
steps to ensure it doesn't happen again.' Doh!""
http://www.computerworld.com.au/article/312889/oops_e-mail_security_vendor_mcafee_spills_1400_private_names
So, that is just a general risk of computer technologies, that is not so
fair to pin on just one implementation or one approach or even one set of
individuals.
Also, if there are vendors of such security software, again it may be unfair
to then pick on one implementation or one approach where groups don't use
safeguards they could use.
Still, is McAfee's corporate offering just essentially automated censorship
software in a corporate guise? So McAfee's software is scary in that sense.
That kind of technology (deep packet inspection?) could be applied to more
broadly censor internet traffic.
And it is ironic how McAfee's own breach of trust will probably drive an
increase in its corporate censorship business through increased publicity of
the issue.
I still see it as a race between the potential of the internet to bring
abundance to all and the potential of the internet to bring police state
terrorism to all (like in Orwell's 1984, where the two way TV seemed
impossible in 1948 around when it was written, but now seems all too real
with Carnivore, Echelon, TIA, and endless other surveillance systems by
various governments and corporations -- including McAFee's offering to
monitor and suspend outgoing email for arbitrary content reasons). If people
spend most of their time within schools or corporations that employ such
censorship and monitoring, does it really matter what the government does?
One advantage to writing such a document as you suggest, "p2p for national
security", is to set the nature and tone of the debate by how the issue is
framed.
Right now, the debate is being framed by that hearing title and attendees
list that p2p is only good for leaking military secrets and stealing
property; that is not true (because of the implicit "only"), but still has a
bit of truth to it because, yes, even McAfee can leak secure information
about security professionals using p2p email. That's probably not a framing
of the debate p2p can win, since all it takes in one or two examples where
it happened (like McAfee) to prove it could happen again, and so p2p is
"dangerous" without justification (ignoring all the good uses of it,
including to reduce network bottlenecks or build social ties). Note I used
"only" there and how it was *implicitly* part of the framing. If you are
explicit about "only" then the argument looses its unconscious force, since
it is obviously falsifiable (like productive uses of email).
Framing the debate as, "How does p2p promote national security?" is thus
more likely to be a debate that increases support for p2p. But, that is the
sort of framing you won't see from people who use terms like "intellectual
property", or who sell censorship firewalls, or who want national security
to be defined in terms of contracts for weapons their company produces under
heavy secrecy.
So, it is up to p2p advocates to reframe that debate. I'd suggest p2p
advocates not shy away from the "security" aspect of p2p, because security
is an important part of daily life. The key is that we can interpret
security in a lot of different ways and approach security with a lot of
different strategies (like building in intrinsic security in our
infrastructure or achieving mutual security in our politics). So, at the
core of such a position paper could be productive uses of p2p towards those
two ends of intrinsic security and mutual security.
It is a tougher call how much one wants to focus on p2p's past use for more
outdated arms-race promoting things in such a document. It is true that
email or other p2p technologies are used by the military to escalate arms
races (like developing new generations of killer robots or nuclear weapons),
but that may not be something to encourage. I mean, it is an easy argument
to make (and has been made) and would justify all sorts of new p2p
investments (and has in the past, even to creating the internet), but it may
not be where p2p advocates also interested in other social change aspects
want to focus attention.
There is a central irony in the 21st century that our future is most at risk
from people using post-scarcity technologies like p2p networks to achieve
scarcity-oriented aims (like unilateral military dominance or corporate
monopolies built around artificial scarcity of medicines). The challenge
IMHO of national security (and global security) in the 21st century is to
get the people who routinely work with post-scarcity technologies (robotics,
AI, biotech, nuclear, nanotech, bureaucracy, internet, etc.) to see this
irony of using the technologies of abundance to create artificial scarcity.
If we can get more people to laugh about this irony, then more people might
work for a paradigm shift that is then reflected in our social and physical
infrastructure.
We need to make that change given our advancing technology both for security
reasons and for others (ethics, practicality, elegance, beauty, and so on).
So, we need to bring back together our need for security (whether military
or economic) with a need for other virtues, rather than pursue a "TINA"
(There is No Alternative to an arms race) approach to security. A TINA
approach based on competitive arms races separates security from all those
other virtues. TINA says we have no choice but to play a finite game,
whereas we always have a choice to play an infinite game (even if we may
indeed lose it).
http://en.wikipedia.org/wiki/Finite_and_Infinite_Games
But statistically, we see much more certain as a society to lose a finite
TINA arms race, sooner or later, either from systemic collapse as we are
seeing now across the global economy (with the USA just taking a bit longer
to fall than the USSR) or from some accidental Armageddon, like depicted in
Dr. Strangelove as well as lots of other movies (Terminator, Twelve Monkeys,
etc.).
A global minshift towards intrinsic security and mutual security is really
needed IMHO in militaries across the globe and needs to be reflected in
their doctrines and equipment and the research they fund.
"DARPA Progam Manager Position on Self-Replicating technology"
http://groups.google.com/group/virgle/browse_thread/thread/7de4be2daaa71723?hide_quotes=no#msg_64c7c2fb922a4bcf
"Brittle Power"
http://en.wikipedia.org/wiki/Brittle_Power
But this is not *just* a mindshift needed within military hierarchies. It
also needs to be a mindshift within the peer networks that military
hierarchies sometimes worry about. As long as many peers see peer-to-peer as
something to "steal property" or "defeat security", then peer activities may
be self defeating and stealing their own potential, both in antagonizing the
hierarchy, and also in limiting how peers see their own powers. As Stallman
says, it is self-defeating to be terms like "intellectual property" that beg
the question of how copyrights and patents should be treated. And a focus on
using peer-to-peer to exchange copyrighted corporately-created works
diminishes a peer's time and desire to play, create, and share new works to
reflect the stories and songs we all need for a new paradigm based around
intrinsic security and mutual security.
So, both hierarchy-heavy and meshwork-heavy social groups needs to be part
of this global mindshift towards redefining our national security needs and
how we achieve them:
"A Wombat speaks on the need for a Global Mindshift"
http://www.global-mindshift.org/memes/wombat.swf
Or, even the Conservative Right: :-)
http://www.amconmag.com/article/2005/mar/14/00017/
"""
If Marxism is the delusion that one can run society purely on altruism and
collectivism, then libertarianism is the mirror-image delusion that one can
run it purely on selfishness and individualism. Society in fact requires
both individualism and collectivism, both selfishness and altruism, to
function. ... The most fundamental problem with libertarianism is very
simple: freedom, though a good thing, is simply not the only good thing in
life. Simple physical security, which even a prisoner can possess, is not
freedom, but one cannot live without it. Prosperity is connected to freedom,
in that it makes us free to consume, but it is not the same thing, in that
one can be rich but as unfree as a Victorian tycoon’s wife. A family is in
fact one of the least free things imaginable, as the emotional satisfactions
of it derive from relations that we are either born into without choice or,
once they are chosen, entail obligations that we cannot walk away from with
ease or justice. But security, prosperity, and family are in fact the bulk
of happiness for most real people and the principal issues that concern
governments.
"""
There are four themes there (security, prosperity, family, freedom). But
that conservative article left out the notion of community, which is
frequently left out of economic analysis even as it is essential to becoming
and being a health human being. So, building better ties between friends and
neighbors and global communities is obviously another aspect of this.
So, one really needs to make the p2p case (appropriately framed) in all five
areas, advocating creating some living balance of security, prosperity,
family, community, and freedom. Ideally, one might propose some new
synthesis (like intrinsic security and mutual security) and perhaps some
specific new software tools or other ideas and technologies for using
peer-to-peer to achieve a lot of all of those values at the same time with
less compromises.
--Paul Fernhout
http://www.pdfernhout.net/
More information about the p2presearch
mailing list