Reading06: On Encryption and Privacy

Reading06: On Encryption and Privacy

The tradeoff between privacy and security is a difficult subject. At a glance, it seems like a no-brainer that we as citizens should have a reasonable assumption that our personal lives and data are relatively secure, free from prying eyes. At the same time, though, isn’t it a good thing to be able to catch terrorists? To prevent crimes and attacks before they happen?

Progress in privacy and encryption is a double-edged sword; every protection and safeguard provided to general consumers is necessarily also made accessible to those with hostile intent. Should we hold back on encryption and privacy so that criminals aren’t protected?

I think the answer to that is no. Companies such as Apple should continue to strive for increased security and privacy for their users. It is more than fine for them to cooperate in retrieving data from criminals’ phones to help stop further attacks. However, I think they correctly drew the line at creating tools that could be used to unlock anyone’s phone.

Proponents of security sometimes use the phrase “If you’ve got nothing to hide, you’ve got nothing to fear.” I would like to counter that with an even more famous quote:

“First they came for the socialists, and I did not speak out—
Because I was not a socialist.

Then they came for the trade unionists, and I did not speak out—
Because I was not a trade unionist.

Then they came for the Jews, and I did not speak out—
Because I was not a Jew.

Then they came for me—and there was no one left to speak for me.”

– Martin Niemöller

Obviously at first glance, comparing iPhone privacy to the holocaust seems a little drastic. But, I think it is relevant in the statement it makes about small injustices and protections against an ill-intentioned government. In a perfect world where the American government was run by angels, then I suppose it would be true that those with nothing to hide would have nothing to fear. However, people are fallible. Bad people can get too much power, and even worse things can happen. Even barring any institutional evil or something nearly as dire as a genocide, there are still a number of reasons to err on the side of privacy.

In general, fewer people having your data is better for the consumer. I think many of us have made a kind of grudging peace with the fact that our data is getting vacuumed up no matter what we do, but the more encryption and privacy we have, the better. Even if the people collecting it could more or less be trusted, we are then relying on their data protection. If they get hacked, our data is then exposed to who knows what kind of actors. And, due to simple probability, the more people and services that have our data, the more possible failure points for it to get somewhere it doesn’t belong.

In short, I don’t think there’s very much merit to the thinking that “if you’ve got nothing to hide, you’ve got nothing to fear.” More privacy, encryption, and security for consumers’ data is almost always for the better.

Reading05: Not made to be broken, but sometimes you have to try

Reading05: Not made to be broken, but sometimes you have to try

On January 28, 1986, the Space Shuttle Challenger broke apart just over a minute after its launch, killing all seven of its passengers. The failure was caused by the O-ring seals, which were known to have performed poorly in cold conditions; the temperature that morning was considerably colder than any previous launches, well below a level at which they had already observed numerous issues with the O-rings.

While the O-rings may have been the mechanical cause for the disaster, the root cause is just as much the overlooking of these issues and the decision to go ahead with the launch. NASA was under pressure, from the public and from the government, to produce tangible and demonstrable results. Roger Boisjoly, a Space Shuttle engineer, described a meeting prior to launch as “a meeting where the determination was to launch, and it was up to us to prove beyond a shadow of a doubt that it was not safe to do so,” elaborating that “this is in total reverse to what the position usually is in a preflight conversation or a flight readiness review. It is usually exactly opposite that.”

Engineers and others involved in the program raised concerns about the launch, but for a number of reasons the decision was made to proceed with the launch. In particular raising concerns was the aforementioned engineer, Roger Boisjoly. After repeatedly being met with frustration, he eventually brought his concerns to the public in an attempt to raise awareness about the risks about the launch.

Even though the issues that he was concerned about were shown to be more than credible, this whistleblowing attempt led to Boisjoly being ostracized by colleagues, isolated by managers, and “made life a living hell on a day-to-day basis”. Boisjoly himself said that it “destroyed my career, my life, everything else.”

It’s clear that Boisjoly’s actions were punished. But we must ask the question – were his actions ethical? Should he have done this?

There were defined avenues for Boisjoly to raise concerns at work, and he did his best to use them. It was only after these proved fruitless that he turned to the public. He broke explicit and implicit rules, where professional conduct is concerned.

I would argue, however, that he was justified in doing so. All of his attempts were met with frustration, and he had good reason to believe that if these issues were not addressed, they could (and did) lead to the death of several people. There were rules in place, but he broke them in an attempt to prevent a catastrophe from happening.

Rules are rules for a reason; they govern how we should act and what is permissible. But, there is a point where you have to consider breaking them, and this depends on the severity of what might happen, and to whom. If these faulty O-rings would simply lead to his company losing money, even a substantial amount, Boisjoly, would not have had cause to go public. It was the fact that the repercussions were extremely severe and would affect those who had no part in the decision that he was right to try whatever he could to raise his concerns.

Was his employer right in retaliating against him? On one hand, he did break protocol and raise concerns to the public, something that is by and large frowned upon (for good reason). They would certainly have recourse to penalize such actions. However, for the same reason that he was justified in breaking the normal protocol, this was a time when discretion perhaps should have been used and the normal penalties not applied.

In sum, rules are rules for a reason. However, even when rules are just and proper, there are times when it is ethical to break them. One such example is here, when breaking the rules was the only option that Boisjoly had to try and prevent a catastrophe that ultimately took the lives of seven people.

Reading04: Codes of Conduct, and why it’s hard to talk about diversity

Reading04: Codes of Conduct, and why it’s hard to talk about diversity

Codes of Conduct can be and often are helpful – they can define the expectations for a community or organization, and lay out what happens when someone misbehaves, and what recourse victims may have. However, they can certainly stray too far in their scope and enforcement, and at that point they become a problem.

Codes of Conduct, when properly used, should protect the members and employees of whatever organization they are set forth by. They should provide resources for one to use if they are being harassed, avenues to report behavior issues, etc.

One of the readings for this week was an anonymous post reacting negatively to a CoC that is originally from the group Geek Feminism, but through links of influence and, in many cases, simple inclusion in other services impacts those of Twitter, Box, Yahoo, Facebook, and GitHub (at the time of its writing).

The concerns he raises are convincing, and to me seem valid and well-thought-out. In situations like this, I would say that the Code of Conduct has gone too far. It has become vague and far-reaching, to the extent that members of the community have to worry about it to the extent that it impacts their regular routines.

The cited Code of Conduct goes too far, and ceases to be a protection to the members of the community. Instead, it seems more focused on protecting the company, to the detriment of its community. Under it, the company could take action against people for what were not ill-intentioned or malicious actions.

In short, Codes of Conduct can be very beneficial, and can provide essential resources for members of the community. They are best served to protect members of the community from other members. Codes of Conduct become less positive when they instead serve to protect the company as a whole from its members – at this point they have overstepped their bounds, and should be cut back to some extent.

As a sidenote: this week, I chose the “easier” or “safer” prompt – writing about Code of Conducts rather than the issues of the gender gap and diversity/discrimination in the workplace. To be honest, this was in large-ish part because I’m not certain I can, in 500 words, express my feelings on the issue in a way that I think I can staunchly stand behind (as this blog is public and tied to my name). I’d much rather discuss it in class.

In short, though, (because this hesitance could be taken as “I think women don’t belong in CS, just don’t want to say it publicly”, so I feel I should at least mention my thoughts on the matter) I think that there are unquestionably areas that the industry needs to improve to be more welcoming to people who aren’t white males. It’s just that 50% might not be the equilibrium point, if all those who want to do CS are enabled to, and so that division shouldn’t be held up as the gold standard. We’re still far from having to worry about swinging too far in that direction, though.

This reluctance to make a statement on such a tenuous issue is at least slightly reminiscent of the Google memo controversy. Only slightly – I hardly stand to be fired from a job (I don’t think Notre Dame would expel me over a well-meaning but bumbling expression on a random blog) – but there is that hesitance to express myself publicly, even if it is a good-faith effort. I think James Damore was trying to raise awareness for what he genuinely believed to be an issue that he thought people should be more aware of. There are certainly parts of his memo that I disagree with, but the fact that he was fired does raise those same questions that he was asking – is Google (and to a greater extent, the tech industry), becoming an echo chamber? How can we raise questions about these things without facing backlash? He circulated this memo internally – did he do wrong, and should he have been fired for it? (I understand that Google more or less had to because of the public outcry, but that doesn’t mean it was the right thing to happen.)

At the end of the day, these are hard issues to discuss because they have been moralized. When it becomes a held belief about right and wrong rather than ideas on how best to address a problem, it becomes much more difficult to hold rational discussions between differing viewpoints.

Reading03: I don’t want to be CEO, and that should be okay.

Reading03: I don’t want to be CEO, and that should be okay.

Can men and women have it all? That all depends on how we define “all”.

I think it’s clear that as we graduate college and enter the workforce (or go into grad school/academia) that we have to make decisions on how to spend our time – there are tradeoffs between hobbies, family, work, etc. I think the core problem when we discuss “having it all” is the way we look at our work.

We hold high-achieving, C-Level people as the most successful, the peak of workplace success. However, these are largely people who have made decisions to focus on their work over the rest of their lives. Personally, I would never want to be a CEO/CTO/CIO/etc – at this point in my life, I think that family and life outside work is too important to me to hold a role like that.

I want to be clear: I am saying that we shouldn’t view people negatively for choosing family over work. We should have the freedom to prioritize the different parts of our lives. At the same time, though, we shouldn’t begrudge those who do put work first – everyone has different goals and priorities. However, it is sensible to some extent to reward those who put work first to some extent; such a person would naturally be a better choice for a CEO. We just need to take care not to do so at the expense of those with other priorities.

After saying this, I suppose I would say it’s either impossible or prohibitively difficult to “have it all”. That is, if you define “having it all” as advancing far in the workplace while at the same time raising a family (or meeting other very involved non-work related goals). Tradeoffs must be made – for as long as I can remember, I’ve known that I want to have a family. That will (hopefully) be a priority for me in my post-graduate life, and I will likely make decisions that place family before work.

Still, if I am raising a family and also working, I have an obligation to place work at a reasonably high priority, enough to be a productive member of the company. However, the more pertinent issue at this time seems to be about the behavior of the company.

I think that employers should do their best to be accommodating of those who don’t put work first. If someone is trying to be a productive employee, but also holds family as a priority, they should be welcomed in, with the understanding that if they need someone to work 60+ hours a week, they should look elsewhere.

This is where the “greedy algorithm” fails – it’s in the employer’s best interest for its employees to all put work first. This is the kind of atmosphere that Amazon appears to be trying to cultivate, from the reading this week. It’s the strategy that leads to the most material gain for the company, at the expense of its employees.

However, this strategy doesn’t lead to the best outcome for everyone. Those who have other priorities can’t find a spot in a workplace like this, and will burn-out, have conflicts, or worse. An ethical workplace should have an understanding that it doesn’t necessarily have to be the #1 priority in each of its workers’ lives.

Reading02: Negotiation, Huh?

Reading02: Negotiation, Huh?

I haven’t negotiated anything in my (admittedly short) employment history. My only experiences so far have been internships, and I haven’t heard very much about people negotiation the terms of their internship. I had a pretty laissez-faire attitude about the terms, though – I didn’t consider negotiation and decide against; I honestly paid little attention to the terms before accepting.

I think that’s pretty typical, though. As I apply and interview for full-time positions, I definitely think I should negotiate my contract to some extent. Knowing myself, I probably won’t be “playing hardball” by any means, and very well could end up doing a token negotiation before accepting.

That’s one of the reasons I’m very glad to have done these readings – a lot of it makes sense, and it’s clear that you can get considerable benefit by negotiating before accepting a job. I knew this beforehand, but I didn’t really think about how to go through the process and didn’t have any specific knowledge of things to look for or strategies to use. I’ll definitely refer back to these resources when I’m negotiating an offer (hopefully relatively soon!).

I mentioned earlier that I might end up doing a “token negotiation” before accepting. By this, I mean that I wouldn’t consider myself very assertive in unfamiliar or stressful situations, and so I don’t think I would be very comfortable negotiating terms of my employment. If I make some sort of counter-offer that gets accepted, even if it’s small, I would likely pat myself on the back for negotiating at all and consider it done, even if I was leaving a lot more on the table.

For this reason, I’d say that I could have a lower starting salary (or other benefits) than a hypothetical student with similar experience or abilities, but a personality more suited to negotiation. It makes sense, and I’d say this likely happens across the tech industry – people in a similar role or station might have different salaries due simply to how much they negotiated right at the beginning.

This obviously isn’t ideal – people should be paid according to the value of the work they should do, or the value of their skills. I think in a perfect world it would be a meritocracy, where salaries would be independent of negotiation, but that’s not realistic. This negotiation climate is the natural conclusion of the situation. Each party wants to maximize their resources, and so they are incentivized to be less up-front about the situation.

This would be much more acceptable if the two parties were in a position of equal power. They are not – the employer has much more than the prospective employee – and there are additional factors that could disincentivize an employee from negotiation. They’re in a strange situation, being in an adversarial relationship with their soon-to-be employer.

I would say it’s not ideal, but I wouldn’t go so far as to say it’s unethical. It’s just another example of a time when the rewards aren’t tied to merit quite as directly as they perhaps should be, and there are much large issues that should be addressed first.