This blog post will be updated two times a week for course notes in CS181W lecture.
3/4/2015 - Hacktivism
Notes
- Three Approaches
- Try to change the law within the system
- Break the law and accept the penalties
- Break the law and avoid the penalties
- Aaron Schwartz - wrote a python script to open source JSTOR articles arguing that information should be free and not restricted to universities who pay exoribant fees
- Computer Fraud and Abuse Act (1986):
- "Terms of Service" in these applications often included fine print that many people didn't read
- Socretes - argues that if you break a law, you have to accept the penalties so that when the law is changed, people will accept the social contract and abide by that new law
Three examples of the approaches above:
WikiLeaks:
Julian Assange - broke the law and not facing consequences
- Posted confidential information through WikiLeaks that exposed a lot of friendly foreign agents that were helping the US.
- currently holed up in Ecaudorian embassy in Sweden
Snowden:
Released information about PRISM contradictory to what Congress publicly stated. Currently in Russia, where he has stated that he will return to the States and abide by the penalities after the policies surrounding his circumstance changes.
Anonymous:
Group of people based out of 4chan, an anonymous forum. Where they took it upon themselves to break the law without facing the consequences.
SOPA Blackout
A shining example of trying to change the law within the system. Aaron Schwartz before he died rallied a lot of the world's most popular websites in support of retracting the online piracy act that was achieved with a 100-person swing.
3/2/2015 -
Announcements
- Annotated Bibliography was due today @2:15pm. The next deadline is for the presentation in class
- Sign up for final presentations *see announcement on courseware
Tech in the News
- Unionization of Bus Drivers - FB is negotiating with them
- Net Netruality
- Obamas Stanford Visit
- Computing for good
- Site designed for first responders in preparing for dealing with natural disasters
- Megan Smith former VP of Tech at Google is now Nation's CTO
- Michelle Lee, Google's former patnet chief has been approved by the Senate Judiciary Committee to head the USPTO
Notes
- Digital Divide:
- Women percentage for CS graduates decreased from 13.8% to 11.7%
- We're at 33% declared, 27% graduating class (Stanford is on the rise...)
- Minority CS Graduation: 2010-2011 rates indicate that African-Americans and Hispanics are less than 4%
- Unlocking the Clubhouse (15 years ago) a study on why women were less than 1/10 in CS grad
- Why Diversity is Important?
- We need to focus on the problem of access a an important ethical principle
What makes CS different?
- Experience in computer use prior to college differs markedly with gender, cultural, and socioeconomic differences
- Flexibility of software allows computers to reflect their cultural environments more strongly than other technologies
- Differences in individual productivity are more pronounced
Cooper: Increasing diversity in South America for the tech industry.
2/25/2015 -
Announcements
- Krister is the guest lecturer today
Notes
- Video: describing how drones are able to act as surveillance machines to prevent crime
Privacy vs. Safety (Government)
- How do we know whether the Government is actually providing us Safety?
- Thomas Hobbes - State of Nature
- Imagine a society without any government at all
- Life is solitary, brutish, and chaotic with everyone on edge
- Proposed voluntary gathering under a soverign - gaurentees some degree of safety
Privacy vs. (some service) Novelty (Business)
- Video: Proposes that cyberwarfare may be the new battleground for the new century. NSA works to listen for trouble
- Locksian society
- Right to privacy not an explicit right in the Constitution
- only implicitly implied had set precedent in 1960s
Critiques of Privacy and Security in the context of Government
- Concerned that people who are "soverign" are themselves human - can they be trusted with this type of power?
- CEO of Sun Microsystems: "You don't have any privacy anyways get over it!" Because of technology, it's not possible to exist on a private spectrum anymore
- "If we aren't doing anything wrong, what purpose do you have in surveying us?" (counter: how do we know that you're not doing wrong unless we're surveying you?)
Critiques of Privacy and Business
Video: Watched a paradody video that imagines when Facebook was working with NSA to curate data and store Video: Watched another video satirizing what would happen if Google just shut down
- How much do we actually have a choice in keeping our data private?
- 80% of us go with the default according to an organ donorship study (opt-in vs. opt-out for organ donorship) so isn't it important what the default for our privacy settings are?
- Is the internet a public utility?
- Terms and Services at these tech companies by default allow a broader scope than it actually needs/uses
2/23/2015 -
Announcements
- Sign up for a group project topic by 7pm tonight!
- Final Draft of paper is due today
Tech in the News
- Lenovo and Adware
- Lenovo preinstalled Superfish adware that gave root access to the device
- Ellen Pao
- Brought a suit vs. KPCB
- Absence of women in upper levels at VC firms
Notes
- Pornography and the Communications Decency Act
- many have names that delierately seek attract the unwary visistor (whitehouse.com)
- 1995 - 83.5% of pictures were ponographic
- 1996 - Comunnications Decency Act: "protections against harassment, obscenity and indecency to minors"
- But how do you define indecent?
- Video: Hate on the internet
- Amazon sells anti-semetic literature like the Turner Diarie
- Lone Wolf mentality protects the few that act on the ideas of others and turn it into violent acts
- should we allow the expression of these discriminating and hateful ideas?
2/11/2015 - Code Rush
Announcements
- Free Screening of Imitation Game +1's welcome!
- registration will go out later this week. Screening will be at a nearby theater within walking distance
- Read the Circle by Dave Eggers (a recent dystopian iew of working in SV)
Tech in the News
- DARPA making headway on finding the dark web - the Silk Road 3.0's
- Cybersecurity policy: the White House is creating a new office for analyzing and sharing cyberthread information across federal government. Cyber Thread Intelligence and Integration Center
- Qualcomm 975M fine for violating Chinese anti-competition view
- Women in Tech: Facebook-LinkedIn initiative to get more women in tech
- Lea Coligado was quoted in ABC News
- Government requests for data
- Article focuses on the requests that Twitter has received for data about its users
- top requesting countries (Turkey, Russia, Germany)
- Samsung's privacy concerns: they were very clear in their privacy statement that they were sending it all back to their server
- Samsung turns on a recorder that is supposed to improve voice recognition
- but this is super creeepy...
- Alternate view of SV: The Internet is not the Answer (Andrew Keen)
- mean to Silicon Valley companies
- criticizes the "winner take all" mentality amongst companies
- argues monopolistic behavior is very negative
Code Rush
- We watched the story of Netscape's journey in the valley. Their decision to give Mozilla and their web client for free, and their acquisition by AOL.
- Question:
- Is there a Silicon Valley culture
- How would you characerize working in SV?
- What about the SV culture do you like?
- What about the SV culture don't you like?
2/9/2015 - Monopolies
Announcements
- Sign up for TCP appointments if you're in CS181W
Tech in the News
- Attracting women to IT careers - the media potrarys IT as a very unattractive field for women.
- Smarter cars and privacy erosions
- Senator Markey brings up privacy and security risks with automated cars
- Significant value of the data stored in cars - where you're going etc...
- Future of AI: David Buchanen (IBM Watson researcher)
- requirement for robots to develop consciousness before they can rise up and destroy us (too hard of a problem)
- Crowdsourcing cybersecurity
- hiring vetted hackers to
- Next decade in tech
- internet of things, micropersonalization, clean energy
- Anthem attack - data breach that affected 80 million people by stealing SSN numbers and so forth
- One argument for publishing everyone's SSN number so that stealing is disincentived
- "Dark Web" after Ulbricht
- Insterestng 4th amendment conundrum: how to argue for unlawful search and seizure without admitting ownership illegal servers
Why discuss monopolies?
- Monopoly granted either to an individual or to a trading company has the same ffect as a secret in trade or manufacturees. Monopolists keep the market understocked by never supplying the effectual demand
- side note: government subsidized monopolies exist in the transportation systems (BART) and seem to be better received
Gilded Age
- American Civil War and end of 19th century marked by industralizatio
Early history
- 1870- America begins undustrial innovation
- Sherman AntiTrust Act
- Microsoft's acquisition of Intui blocked by the government
Alleged Anticompetitive Practices
- Tying
- Bundlings
- "vaporware" announcements - get people excited about something that might not even get developed (Big company has market share and is trying to minimize the proclivity of other people buying a smaller product)
Issues raised in the finding of fact
- Microsoft tried to combat the rise of cloud-based java applets by developing incompatible browsers and partnering with Intel to avoid development of cross-compatible platforms
- Judge proposes several remedies in breaking up Microsoft's attempt to hold a monopoly
Timeline EU vs. Microsoft
- 1993 - Novell Corporation files a complaint with EU charging Microsoft with anticompetitive practices
- 1994 - Microsoft negotiates a settlement by revising licensing
- Sun Microsystems and RealNetworks rfile a new complaint
- 2003 - EU orders Microsoft to offer Windows wihtout Media Player fining $690m ...Microsoft appeals and tries to drag feet
- 2008 - imposes new fine on Microsoft and fined 1.25billion
Is Google a Monopoly?
- Steve Ballmer argues that Microsoft is the only company left trying to compete with Google Search
- Google vs. FTC - decided Google is not a monopoly
- In EU, Google under investigation for anti-competitive practices
- has over 90% of the market share in Europe
- has Google been burying search results from people who refuse to pay fines?
2/4/2015 - Cyber Trust and Data Breach
Announcements
- Debates this week!
- Cooper apologizes for the boring content this week for reading
- Policy Paper: We're going to have to address possible alternatives and what the limitations would be. Make a proposal, justify, suggest alternatives, and argue why our proposal is the best.
Tech in the News:
- Computing Ethics and the News:
- If you live in lower income areas, you are less likely to have CS classes
- Equity issues will be addressed later in the news
- Net Netruality issue
- What does it mean to regulate the Internet as a utility?
- (but we don't want to do title IIs because you can get charged a fee for regulation)
- Project Maelstrom
- Hosting websites "in the crowd" rather than in the cloud
- Intended to protect against DDOS attacks
- Adware on smart phones (link)
- Hackers (caught because boasting)
- Checking for backdoors
- Details the steps you have to take to validity of digital signatures (takes an extreme amount of effort)
Trust
- What is Trust?
- Belief in the reliability of someone/something doing what it is assumed to do
- Cyber trust
- NSF Cyber Trust program promotes society where trust enables technologies to support needs without violating confidence or exacerbating public risks
- Data breach
- Violating trust by giving access to data that isn't intended
- Privacy
- "a home is your castle" the English right to have privacy for what you own
- not as well defined as identity theft
- "the right to be left alone" or "the right to stay out of the public view"
- from an information perpsective - you control your own information.
- Privacy refers to records held by third parties (e.g. doctor has health information about me, etc...)
History
- 1966 - Freedom of Information Act
- 1974 - Privacy Act: you've got to keep personally identifiable information private
- 1974 - FERPA: protection of records held by school
- 1996 - HIPAA: medical records held by a hospital
- 1998 - Idenity Theft and Assumption Deterrence Act
- 2001 - USA Patriot Act, expanded government roles to allow wiretapping, email history if you're sympathetic to terroists
- 2003 - CAN-SPAM Act, attempted to have rules regarding email
State data breach disclosure laws
- Ways to limit data breach
- Restrict Access
- Log access to it
- Inform people who have data, can have data breached
- what is the level of encryption of the data itself - what would be adquate protection for the data?
- When do we start caring whether we got breached?
- when we know it's possible to get breached but not probable?
- Dark argues state notification isn't admissable
- US statuatory laws present 45 different ways of encrypting? risk? (sorry didn't catch this point)
- Policy analysis - alternate configs
- variaitons of existing laws using incremental approaches to fine-tune laws
- Policy Analysis - collective choice
- using market forces to limit data breach
- the market would force companies to protect data better when companies lose trust and value when their data is breached
- problem: will individuals punish companies that allow data to be breached? Or will individuals view companies as victims (e.g. Samsung)
- Are the assumptions about information regulation reasonable?
- Do customers value data security over convenience? (It's not possible for organizations to do anything about if data is breached - will an university just shut down if all of its students' information is breached?
- Dark doesn't make recommendations, but analyzes the existing situation effectively and explains the limitations of possible solution directions is quite strong.
2/2/2015 - Viruses, Trojan Horses
Announcements
- Debates this week! Make sure to prepare with your partner. Cooper says he might drop in a few debates
Tech in the News:
- China + VPNs
- China is clamping down on the use of VPNs to access the internet (aka Stanford's VPN)
- Privacy and the Internet:
- MIT showed in a proof of concept, new techniques for de-anonymizing data from internet
- Privacy + Internet (Google)
- Google may become clearer about how it uses its users' data (making it more transparent about how data is being used)
- in response to EU negotiations
- Useful news for paper 2?
- Testimony from several high ranking individuals
- Lack of equity of STEM jobs
- Hacking on behalf of the Syrian government
- women hackers (embedding malware in pictures)
- Cyber-espionage
- US companies protesting Chinese requirement that foreign companies supply the government with access to source code
- Last year: US claims Chinese officials of cyber-espionage
- Dan Shefet asked for the right to be forgotten
- Asked Google to take down information about him, and Google only did so on French servers, not other countries
- Brings up an interesting question of whether the EU has the right to enforce this ruling outside the EU
- Uber and Privacy
- Negative converage about Uber employee who had accessed the ride history of a journalist who had written about Uber
- Uber claims to develop new privacy practices
What is Hacking?
- Note positive connotations
- A perosn who enjoys learning details of compute rsystems and how to stretch their coapabilities
- A person who programs enthusiasticaly
- A person good at programming quickly
- Unfortunately, press has ruined the term "hacking"
History of Hacking
- 1971: "freaking" was whistling a "Captain Crunch" toy to spoof a long-distance calls
- 1982: John Shoch and Jon Hupp thought of using worm programs to go into computers at night when people aren't using them for distributed computing on complex problems
- 1983: WarGames this movie depicts a character tha gains access to the military's nuclear command system
- 1984: A group of Milwaukee teenagers (414's) begins a series of break-ins.
- 1986: First PC virus released (at a conference)
- 1987: "Captain Midnight"
- People used to mooch off of HBO's signal by buying some parts from RadioShack and listening to a frequency.
- "Captain Midnight" shows up on the frequency and refuses to let HBO scramble the signal
- 1990: quite recent that there's nothing wrong with hacking.
- Now: CERT Incident Report lists 100,000's of hacks a day
Viruses
- a program that inserts itself into one or more files and then performs some action (action can be null)
- Types: Macro, polymorphic, latent, etc...
- Worms
- Distinction from viruses able to replicate and run on their own
- Most famous: Robert Morris Jr.'s worm
- Internet Worm:
debug
option in Unixsendmail
Other Attacks * FingerD Attack if the user enters a namestirng that overflows the buffer, when the function returns - it jumps into the code written as part of its name. executing the worm's instructions.
Trojan Horse - putting up a fake front to steal data from your victim
- Ken Thompson says you can't protect against Trojan Horse backdoor attacks unless you do everything yourself
Zero-day attacks: Built-in vulnerability that people aren't aware of. Black market offers money in exchange of vulnerabilities.
- DDos Attacks
- Logic bombs: a progrma that violates a security policy when an external event occurs
- disgrunted employee leaves a 'bomb' in a program that can only disabled with a code
- reveals identity...
- Spyware/adware - just reports back what victim is doing
- Social engineering - popularized by Kevin Mitnick
- exploiting human links
- pretexting (making a story)
- phishing (send you a website that looks legit but steals)
Is Hacking Good?
- can lead to awareness of a system's vulnerabilities and allows for defenses to be prepared (pentesting - penetration testing)
- can lead to availability of information - e.g. social proection
- GNU manifesto
- information wants to be free
Is Hacking Bad?
- You can explain vulnerabilities without breaking into it
- If all info is free, there's no privacy
- Complete government transparency isn't always good
- Social protection leads agencies to increased security
Random people to now
- Guy Steele "The Great Quux"
- wrote language specs for Java and built Emacs
- Marvin Minsky - Turing Award winner, one of the fathers of AI (at MIT) with John MacCarthy
- Ken Thompson - developed Unix also co-invented
Go
@Google.
1/28/2015 - Philosophical Ethics
Announcements
- Find a debate partner before next week. Make sure both sides have comparable debate experience.
- No section next week (or response papers) you just have to prepare and show up for the debate
Tech in the News:
- Privacy and Internet-connected devices
- Restricting Internet speech in France
- Hollande asking tech firms to be held "complicit" if they allow hate speech
What is IP?
- What is physical property?
- something tangible. something you can own and
- But ideas aren't tangible - something about the value of the idea is associated with the idea of sharing it with others
- IP can be replicated or replicated
- From a utilitarian perspective: If we create a "right" to IP, we should protect it based on our dedication to maintaining the value of IP for everyone.
- Act-based vs. rule-based utilitarians:
- What if we have IP that can be detrimental to everyone? Should we protect it?
- Sometimes it depends on the IP itself
- John Locke
Foundations of intellectual property protection in the US
Constitutional Basis
To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Invetors the exclusive Right to their discoveries
Technology and social conventions both affect conventions
- Tension: Technology has made it easier to replicate and dissiminate information
Copyright Law
- Awarded to an author for a work that is: original, non-functional, and fixed in a tangible medium
- Right to Fair Use: Given that I can buy software, what's stopping me from reverse-engineering it?
- You can't buy software, you license it.
- When you"I agree to the Terms and Conditions" you are promising to not dissemble and disseminate the technology.
Patents
- Created by the Statute of Monopolies in 1624
- Design, utility, and plant patents exist
- the terms are "useful" "novel" and "nonobvious"
- Copyright doesn't cover "derivative works"
- requires "disclosure", though people tend to obfuscate exactly what they're trying to disclose
- current protection is for 20 years
Trademarks
- Foundation is in common law against unfair competition
- Word, name, phrase, or symbol. (typically referring to a service)
- Protection continues as along as product is sold (becuase people assocate the name with the product)
Trade Secrets
- Protections established in state law
- Most states now subscribe to the Uniform Trade Secrets Act
- Protection continues as long as secret is maintained
Protecting mere ideas
- Buchwald vs. Paramounte Pictures - a successful victory to reclaim mere ideas as intellectual property
Software Patent Cases
- Gottschalk v. Benson (1972): Found that software is an idea and not patentable
- Diamond v. Diehr (1981): Established patentability of software in certain cases. Not algorithms, because these are ideas which are part of nature
- In re Iwashi (1992): Only a special subset of algorithms are patentable
... [sorry, please see the lecture slides for more detials) 8. Mayo v. Prometheus (2012): Reaffirm the laws of nature exception for patents. This was a natural process, different humans need drugs at different rates.
1/26/2015 - Philosophical Ethics
Announcements
- Cooper suggests coming to class on Wednesday because we're talking about IP which is the topic of our debate.
Tech in the News:
- Net Netruality: Cooper says this would be an appropriate topic for the policy paper and the final project
- Privacy and the cloud - how do we best secure the cloud?
- Verizon's mobile "super-cookies"
- Jonathan Meyer's blog post regarding zombie cookies
- Encryption standards revision - NIST made changes in the standards surrounding encrption post-Snowden. See draft
- NWA offered some "very good" random keys that a lot of people used in their encryption protocols
- Comcast + Time Warner - powerful merger between comcast and time warner, would potentially be a monopoly on the internet providers industry
- Comcast executives ghost wrote some "community support" letters
- Software bug on cybercrime allowing hackers to "ransom" files
- Free speech and the Internet
Notes
Tragedy of the Commons:
- see Cooper's sheep grazing depiction - made famous from Hardin's argument against the 1960s USSR arms race)
- classic example: overfishing
- actually from 1652: Gerard Winstanley and the Diggers
- Why related to computing? Here are some related examples
- Internet speeds and throughput
- Virtual stores vs. brick-and-mortar stores
- Personal Privacy
- Open-Source software - everybody wants to use them but nobody wants to supply + maintain them
- Labor (Google - there's nowhere to move up, but are you intellectually challenged? stealing talent where talented labor is the commons)
Prisoner's Dilemma
- repeated simulations point out that the best policy is to actually testify against your partner
- Example: with Cable - if you have an agreement with other companies to hike up prices, everybody gains exactly
- Anti-trust: Four VCs battle for foursqur=are
Offshoring
- Globalization + offsoring is slated to increase, but it will continue to be a problem as tech companies try to do more with less people.
- Customer support is running into a similar problem, with the additional complication of requiring english as a language
- Developed countries need to adopt policies to foster inovation. To educate and attract the best IT talent, US grad schools still wins.
Economic Realities related to software
- Economies of Scale: you can sell products for less dependent on the amount of people using it
- Network effect: value of product grows in direct proportion to number of users
- Customer lock-in: cost of changing software systems is huge
- Low distribution: you just download it (essentially free to duplicate - development costs are distributed across a larger base, so big players have a huge advantage)
- The most productive programmers are in high demand, but short supply
- High-cost effectiveness: software can still be effective even with bugs
Thoughts on Philosophy of economics
- Globalization may cause overall decrease in happiness if some people are overworked for more utility
1/21/2015 - Philosophical Ethics
Announcements:
- CS181W students must have an appointment with a TCP writing tutorial. Hard copies should have been turned into class for the TCP tutors if you made an appointment with a writing tutor.
- Women in CS dinner coming up
Notes
- Accessibility -
- Technology as religion? Cooper encourages us to read this one if nothing else.
Net Neutrality:
TedCook: "Net netruality as the obamacare of the internet"
Google and Anti-trust in the EU link
- Google is a company not a person, are governments responsible to protect their "rights"?
- Privacy link
- A women was arrested and her phone was confiscated with pictures aken to build a FB page to catch others...
- Interesting point from in class: your fingerprint is not protected by the 5th amendment, but your password is!
- Arrest of DoctorChu link
- "Silk Road 2.0 came up in Nov. 2013 and shut down in Nov. 2014 generating approximately $8m per month"
- too profitable for someone not to pick it up again (silk road 3.0?)
- Continued Islamic cyber attacks link
Why Computer ethics vs. applied ethics vs. engineering ethics?
- Walter Maner: Computer ethics is an academic field in is own right. Cooper is unconvinced that this is a strong argument that CS181W should exist
- unique ethical issues that would not have existed if computer technology had not been invented.
- Proposes that the problem of a field overflowing (Y2K bug, the Unix timestamp problem of 2038) is unique to technology
- Uniquely cheap, uniquely cloned (ripping or burning music),
Deborah Johnson
Computers pose new versions of standard moral problems and moral dilemmas, exacerabating the old problems and forcing us to apply ordinary moral norms in uncharted realms
- We just have new problems with computers built upon existing problems
Moor - The invisibility factor (computers are inherently invisible to the task they perform)
1/14/2015 - Philosophical Ethics
Announcements:
- CS181W students must sign up online (see courseware announcement) to go over a first draft before turning in the first assignment
CISAC (see announcement in slides) is offering a luncheon - this is an honors program that you can apply your work in CS181W to
Philosophical Timeline
- Classical Foundations by Aristotle by Nicomachean Ethics
- Virtuous, Kindness, Honesty, Respect, Integrity (attributes we want people to have)
3 different philosophical approaches:
Virtue (Aristotle, Confucius)
- Deontological (Kant, many religions)
Consequentialist (utilitarianism)
- one consequence to meet: minimizing the gap between the rich and the poor
- heathens and dolers
Classical ethics (aristotle)
- Based on virtue
Deontological Theories (Kant)
- Actions are intrinsically right or wrong (do not depend on the conseuqence
- Telos: Goal or end.
- The rightness or wrongness of an action depends
- Deon comes from duty
- Religions come from this belief - introduces rules of behavior
- Kant's Categorial Imerpative: Don't treat people as a means to an end.
Consequentialist theories (Mill's Utilitarianism)
Actions are right as long as they maximize happiness
It is the greatest good to the greatest number of people which is the measure of right and wrong
Bentham:
utils = hedons - dolors
can measure utility- Mill: abandoned mathematical structure but used utilitarianism as a decision making tool.
- Are there human rights to consider in this tension between rights and utility? (e.g. terrorism vs. NSA, Civil Rights Movement)
ethical relativism
- There are no absolutes. Everyone has there own context.
- Not well received in the philosophical community
- As counterexamples: Genocide, Slavery, etc...
- You would have to accept these things as long as one person accepted one of the above
ethical analysis (scientific perspective)
- Carl Snow defines a divide between "fuzzies" and "techies"
- Karl Popper: Science proceeds by falsifcation
Fun comic
News:
- NYT op-ed: Interesting
- Privacy and K-12 school: (Cooper said it'd be a fantastic final project)
- With such data-driven solutions to propel education in public schools
- Can data-driven education entrench existing inequalities?
- My personal counterargument: focusing on using data to improve open-source education (aka Khan Academy)
- Android security patches (link)
- Obama and Data Breach:
- Customers should be notified within 30 days of a breach
- What your computer knows about you:
- Should we talk about regulating software's ability to construct a personal profile based on likes?
1/12/2015 - Reliability and Risk
**Announcements:
- Make sure you sign up for section by tonight.
- Section Leaders will send out welcome emails by tomorrow and you should email the teaching staff if you didn't get one
- Assignment 1 is out! Check courseware link
- Homework: Write a 5–7 page article describing a historical software failure other than the ones discussed in the class. See details on last slide of the powerpoint. Source for ideas
- Weekly Responses due tomorrow: Found on courseware site (under handouts)
Computing Ethics in the News
- Dangers of future advances in AI (Elon Musk's concerns about AI)
- Lot of AI researchers are considered about the state of ethics in AI
- FBI and privacy:
- After 2008, FISA court rules changes
- The FBI redacted an entire report of the Snowden incident regarding their involvmement with PRISM
- NY Times requested a non-redacted version through FOIA (freedom online information act)
- Tech and the SF housing crisis
- EPA housing costs have doubled in the past two decades
- SF's tech gentrification is not only changing SF but also Oakland
- Security and the IoT (Internet of Things):
- Privacy and security was not involved in this conersation about this new interconnectivity between devices through the IoT
- 23andMe
- A genetic testing company that has run into legal issues because they're selling personal genomic data to companies like Genentech for large sums of money
- Automated Online Shopping Bot
- Claims that it's all for the intent of an art show
- Responsibility: with bot programs, who's responsible?
- Intel and diversity
- Allocating $300M of budget to increase diversity
- What are going to do with that budget allocation?
Nature of Software Failures
- Normal Accidents by Charles Perrow
- Doesn't focus specifically on programming, but raises issues critical to understanding why complex systems fail
- Coupling and Interaction Level
- If we plot coupling vs. the number of interactions, the worst problem is to have tightly coupled systems (where one change is important enough to change a lot of elements downstream of it) that a ton of people have to interact with.
- The worst ones to be is to be like a nuclear plant where tightly coupled problems are also problems that many people interact with
- Software is definitely up there in the top right
Critical Observations about Software
- Exceeding complexity makes software intrinsically difficult and not likely to change
- Individual software developers differe remarkdably: short supply and difficulties in identify good engineers.
- Direction of computing is not controlled solely by technological innovation. Economic, social, and political factors all play a role.
Discovering Debugging
- Grace Murray Hopper - found an actual bug in vaccum tubes during her time at Harvard
Maurice Wilkes - developed EDSAC and the concept of microprocessing. Won the second ever Turing Award for his work to store programs internally into a computer (before, we had punchcards to detail what steps in JCL, job control language, the computer should take).
As soon as we started programming, we found to our surprise that it wasn’t as easy to get programs right as we had thought. Debugging had to be discovered. I can remember the exact instant when I realized that a large part of my life from then on was going to be spent in finding mistakes in my own programs.
Christopher Strachey - Father of domain theory
Although programming techniques have improved immensely since the early days, the process of finding and correcting errors
in programming known graphically—if inelegantly—as
debugging still remains a most difficult, confused and
unsatisfactory operation. . . . Although we are happy to pay lipservice to the adage that to err is human, most of us like to make a small private reservation about our own performance on special occasions when we really try. It is somewhat deflating to be shown publicly and incontrovertibly by a machine that even
when we do try, we in fact make just as many mistakes as other
people. If your pride cannot recover from this blow, you will
never make a programmDavid L Parnas (important programmer after Fred Brooks)
People familiar with both software engineering and older engineering disciplines observe that the state of the art in
software is significantly behind that in other areas of engineering. When most engineering products have been completed, tested, and sold, it is reasonable to expect that the product design is correct and that it will work reliably. With software products, it is usual to find that the software has major “bugs” and does not work reliably for some users.Gerald Weinberg (40 years ago):
Although one does not find errors by a detailed search of each line, word, or character, the ability to get down to details is essential in the end. Thus, for debugging, an almost complementary set of mental powers is needed. No wonder good debuggers are so rare!
Software Complexities - No Silver Bullet
- Essential Difficulties: Complexity of software systems, people don't know what they want, invisibility of software
- Accidental Difficulties: difficulties that attenuate its production but are not inherent to software itself
- Accidental Difficulties: things like
- Mythical Man Month - how much code a man canIn write in a month
Brook's Law:
Adding manpower to a late software project makes it later
Intel's "Parallel Gamble" they're trying to add more microprocessor to a chip, but nobody programms effectively in parallel.
Economics and software development
- Low distribution costs: essentially free to duplicate and distribute. Big players can have a distinct advantage.
- Network Externalities: value increases with number of people using that software
- Shortage of highly skilled labor: most productive programmers are in high demand but low supply
- High cost-effectiveness: remarkably useful even if bugs exist
Case Studies In preparation of writing about bugs, let's look at two famous bugs:
- Therac-25: a machine produced by Atomic Energy Commission Limited (AECL) of Canada for radiation-therapy:
- 3 people died from radiation overdose...
- A request for hardware safety locks
- Error message discovered:
Malfunction 54
- Absence of process to report software incidents
- Overconfidence in the software and the removal of hardware interlocks made software vulnerable...
- Lessons learned: documentation shouldn't be afterthought, software quality + standards needed, designs should be simple, software should be subjected to extensive testing
- Ariane 4 Floating point number was converted to a value too big to be held by a 16 bit integer. The computer shut off, and the error logs paralyzed even the backup computer as well which was catastrophic for the engine.
- Lesons Learned: Handling of catastrophic failures should be better, Better software reviews
1/7/2015 - Information Security
Announcements + Administrivia
- What's the difference between CS181 and CS181W?
- Virtually no difference
- CS181W requires a rewrite of your drafts.
- CS181W also requires an extra half-hour session meeting with a Writing Tutor
- Cannot switch courses after week 3
- Announcement: Phil Levis (Stanford professor) is giving a seminar on information security and the Internet of Things
- Monday from 11am-12noon in Gates 415
- Section signups released today after class
- RFIDs were recorded after class as well
WIRED article
- Top information security threats we will face in 2015
- Fun fact: Congress didn't even know about NSA until 1970s
- National-State attacks:
- NSA + GCHQ (Britian) attacked a Belgium telecomunications company
- Stuxnet: virus that attacked national centrifuges
- Extortion:
- Sony hacked with the threat of releasing sensitive information about personal/private lives of actors
- Data Destruction
- Bank Card Breaches
- Third-Party Breaches
- Critical Infrastructure
- Opening all the bridges in New York from China
Why is information security important?
- Cooper argues employees are the most important asset to a company, but data comes second
- Intellectual property has enormous value to a company
- We need remote access to information these days: advances in networking means that data is more accessible than ever
Legal definition of "information security"
- Protecting information and information systems from unauturhozied access in order to provide:
- Integrity: fraud, tampering (i.e. Chicago Tylenol murders)
- Confidentiality:
- Availability
- Information Security, Computer Security, Cybersecurity, Information Assurance are all used interchangeably by US Departments
- Authentication - is the sender/receiver allowed to send or receive data?
- Non-repudiation - sender/receiver cannot deny sending or receiving the data
- Examples of violating:
- Availability - DDOS attacks
- Integrity - changing database values (hacking)
- Non-repudiation - man-in-the-middle attacks
- Confidentiality - WikiLeaks
- Authentication - Phishing attacks
Additional terms:
- Cryptography - most common way to ensure confidentiality. Even if stolen, still retains its confidentiality
- Vulnerability - a hole or weakness in the system. Vulnerabilities can be exploited.
- Threat - danger that can exploit the vulnerability to do harm
- Disclosure - unauthorized access to information
- Deception - acceptance of false data
- Disruption - tampering with availability, taking control of a system
- Usurptation - Firesheep allowed people to usurp identity by intercepting traffic and stealing session information
- Risk - likelihood that something bad is going to happen
Aims of Security:
- Prevention - prevent attackers from violating security policy
- Detection - detect attackers' violation of security policy
- Recovery - stop attack, asess, and repair damage
Levels of Information Security
- Application (most common)
- Operating System
- The network
- Data management system
- Physical protection of devices
How to implement information security?
- Confidentiality - ACL (access control lists) to access files
- Integrity - check for semantic integrity to ensure inputs are reasonable. See Ariane 5 accident which didn't check for reasonable rocket thrust values
- Non-repudiation - usually verified through logs
- User Authentication - two-step authentication: two mechanisms to validate identity
- Information authentication - signature mechanisms
- Intrusion detection
- Security Policy, mechanism (enforce policies), and assurance (knowing that policy + mechanism are being followed)
Management and Legal Issues
- Is it cost-effective to prevent (usually more expensive) or recover
- Models determine damage projected and how we should protect this information
- Laws and Customs - are desired security measures illegal or culturally acceptable?
Human Factor Issues
- The weakest link happens to be human - social engineering to get passwords
- Outsiders tailgating into Google, Palantir
Thought Questions for Today
- What's the relationship between computing and information security? Which is a subset of which?
- Should information security ethics need to be viewed as a separate field than computing ethics?
1/5/2015 - Introduction + Syllabus
Logistics:
- Courseware website - Login and choose CS 181 to view the relevant materials
- Don't forget the section participation is 20% of the overall grade
- Attending lecture in full will offer 2% extra credit
Brief History of CS181:
Why do we talk about ethics in Computer Science?
- Robert Taylor Morris Jr.
- Shut down 25% of the internet with a worm
- Led CS departments to be more proactive about educating students about ethics
- Terry Winograd's Address about this course
- Described why he created this course (CS181)
Three Views of Computer Ethics
- The Angel-Devil Depiction
- There's an absolute good and bad
- Some part of you wants to do the bad
- You need to exert moral strength to overcome this impulse and do what is right.
- Morality Computer
- There's a way to sum up all of the relevant factors
- You can quantify good and bad - there's a set of morale rules that determine the goodness and badness
- Assume that you'll do the right thing if it's decided as so
- Problems:
- The algorithm is subjective - humanity doesn't agree on the grounds for moral reasoning
- Troupe of Jugglers
- Balancing motivations to make spur-of-the moment decisions that other people depend on
- Social context of the activity defines the impact that your decisions have on other people
- Accepted ways of juggling change over time
What Makes Computing Difficult
- The discipline of software engineering has not had centuries in which to mature
- Software Engineering first used as a term in 1968
- Computing is used to solve hard problems
- Software has high "system complexity"
- Economics gravitate towards flawed systems
- Ability of getting huge market share (GOOG, MFST) means that people don't really care about the bugs
- Bugs are ubiquitous and inevitable
- Inherently chaotic - small changes initially generate massive changes
Thought Questions
- What public-policy issues involving computing do you feel to prove important over the next few decades?