33c3 impressions: ethical development and Dieselgate

The Dieselgate is in my opinion an interesting case study for the ethics of software development and hacking in general. Particularly because it’s most definitely not a straightforward bad guys vs good guys case, and because there is no clear cut solution to the problem. There was a talk about this (again) at the Chaos Computer Congress this year. It’s a nice talk to watch:

https://media.ccc.de/v/33c3-7904-software_defined_emissions/oembed

I was actually physically in the room only for the closing notes, and they had me thinking, thus why it was the second talk I watched once back in Dublin, after the Congres was over.

[Regarding the responsibility for Bosch as the supplier to Volkswagen]

If you build software that you know is used to be illegally, it should it must be your responsibility to not do that and I’m not sure if this is something that is legally enforceable but it should be something that’s enforceable ethically or for all us programmers that we don’t build software that is designed to break the law.

The rambling style of the quote is clearly understandable as it was a question asked on the spot to the speaker.

Let me be clear: these cheating “devices” (the device itself is not the cheating part, but rather the algorithms and curves programmed onto it, of course) are a horrible thing not only from the legal point of view but because we only have one planet. Although in the great scheme of things they appear to have forced the hands of various manufacturers towards moving to electric cars quicker. But let’s put that aside for a moment.

Felix suggests that developers (programmers) should refuse to build software to break the law. Which law are we talking about here? Any law? All the laws? Just the laws we like?

Let’s take content piracy. File sharing software is clearly widely used to break the law, by allowing software, movies, tv series, books, music to be shared without permission. DRM defeating software is also meant to break (some, many) laws. Are the people working on the BitTorrent ecosystem considering that the software they are writing is used to break the law? Should it be enforceable ethically that they should not do that?

Maybe content piracy is not that high in the ethical list of hackers. After all we have all heard «Information wants to be free», particularly used as an excuse for all kind of piracy. I would argue that I’m significantly more open to accept de-DRM software as ethical if not legal, because DRM is (vastly) unethical. In particular as I already linked above, defeating DRM is needed to fix the content you buy and to maintain access to the content you already bought.

Let’s try to find a more suitable example… oh I know! “Anonymous” transaction systems like Bitcoin, Litecoin and the newest product of that particular subculture, Keybase’s zCash which just happens to have been presented at 33C3 as well. These are clearly used to break the law in more way than one. They allow transactions outside of the normal, regulated banking system, they allow to work around laws that apply to cash-only transactions, and they keep engineering to make transactions untraceable. After all, Silk Road would probably have had a significant reduction in business if people actually had to use traceable money transfers.

Again, should we argue that anybody working on this ecosystem should be ethically enforced out? Should they be forced to acknowledge that the software they work on is used for illegal activities? Well, maybe not, after all these systems are just making things easier, but they are not enabling anything that was not possible already before. So after all, they are not critical to the illegal activity, so surely it’s not the developers fault up to this point.

Let’s take yet another example, even though I feel like I’m beating a dead horse. The most loved revolutionary tool: Tor. When you ask the privacy advocates, this is the most important tool for refugees, activists, dissidents, all the good people in the world. And arguably, in this day and age, there are indeed many activists and dissidents that a lot of us want to protect, as even the US starts feeling like a regime to some. When asked about it, these advocates would argue that supermarket loyalty cards are abused more than Tor.

But if you do take down your starry-eyed glasses, you’ll see how Tor has been used not only by Silk Road and its ilks, but also for significantly nastier endeavours than buying and selling drugs. Another talk from 33c3 criticised law enforcement using “hacking techniques”, particularly when dealing with child pornography websites, and for once it was not doing so simply to attack law enforcement’s intentions of breaking Tor, but rather the fact that they have caused lots of evidence to be thrown out as fruit of poisonous tree.

I’m not arguing that Felix is wrong with saying that Bosch very likely knew what the software they developed, under spec from their customer, would have caused. And I’m not sure I can actually asses the ethical differences between providing platforms for people to hire killers and poisoning our cities and planets. I’m not a philosopher and I don’t particularly care about thinking through trolley problems, whether for real or for trolling. (Yes we have all seen the memes.)

But at the same time, I find it ironic that about the same group of people who cheered on his take down of Bosch would also cheer Tor and the other projects… you could say that what Felix referred to was more about immorality than illegality, but not all morals are absolute, and laws are not universal. And saying that you want to enforce whatever laws you think should be, but not others, well, it’s not something I agree with.

Leaving this last consideration aside – and it’s funny that just his last few phrases are what brought me to post all this! – I really liked Felix’s talk and happy that he’s talking a grown-up approach, rather than the anarchist hacker’s. Among other things admitting that it might not be feasible to suggest or force the car companies to open-source their whole ECU code, but it might be feasible to approach it like Microsoft’s Shared Source license.

Finally I would point out that this is a possibly proper example of where giving the ability of users to upload their own code is not something I’d be looking forward to. The software that is the centre of the storm is not designed to just defeat regulation, for the sole sake that corporations are evil and want to poison our planet, even though I’m sure that it would be an easy narrative, particularly with the Congress crowd. Instead, these curves and decisions are meant to tip the scales towards the interests of the user rather than those of the collectivity.

You just need to watch the talk and you’ll hear how these curves actually increase the time-to-service for cars, both by reducing the amount of dirt getting caught by the EGR and by reducing the amount of AdBlue used. It is also stands to reason that the aim of not only the curves, but the whole design of these cars is to ignore regulations wherever possible (since the ECU helps cheating during the needed tests) to improve performance. Do we really expect that, if people were allowed to push their own code into the ECU they would consider the collective good, rather than their own personal gain? Or would you rather expect them to rather disable the AdBlue tank altogether, so they have to spend even less time worrying about servicing their cars?

Let me be clear, there is no easy solution to this set of problems. And I think Felix’s work and these talks are actually a very good starting point to the solution. So maybe there is hope, after all.

Driving Lessons

One of the targets I have to achieve one way or another this year is finally getting the driving license. It might not sound tremendously strange for everybody, especially in other parts of Europe and the world, to say I don’t have a driving license even though I’m 23 years old, but in Italy, with the quite disappointing public transportation system, it is a bit of a problem. In particular I also live quite outside of town, and going around from here without a car is basically impossible.

I kept myself from getting a driving license for five years because the one time I tried I failed, and then other stuff piled up (work, health), and it got moved down in the list of priorities. Since right now my health seems to be stable again, it was promoted again back to a high priority (and following that there is “moving out”; I know it’s the Italian stereotype that guys stay at home till their thirties, and I’d very much like to break it).

Also, thanks to the fact I’m now a self-employed freelancer, with a proper VAT number, being able to move around means also being able to have more customers, and thus a more stable income if something happens with the current “so-called crisis” (I say “so-called” because at least around here it really doesn’t feel like there is one).

While I did take quite a few driving lessons when I tried the first time (and still remember the basics about driving), I do need to refresh my driving before I can take again the practical exam. Since the official lessons with the school aren’t cheap, a couple of friends of mine “volunteered” to help me out (in the sense that they are actually forcing me to be helped, but that’s a different story). Of course, though, I don’t really feel like refreshing with their car for long, so I’m looking into alternatives.

Following my friend’s advice, I ended up ordering Gran Turismo 5 Prologue for the PlayStation 3 (since I already have and use it, and the game is quite cheap on Amazon UK, trying it out to see if I can get to listen to the engine’s revving up should be at least some kind of beginning for what I have to do); it . I also started looking into the option of getting a wheel and try with that until I can afford myself a cheap care (deemed to be ruined by my driving practice) before I can get my license.

Unfortunately almost all my friends seems to thwart my idea of getting an automatic drive, or at least to take the exam with one (in Italy, by taking the exam with an automatic drive car, you get a limited license that disallows you from driving manuals), which I would have hoped would help me coping with one less factor. As childish as it might sound, getting some practice with a game is still something (after all, I can testify that playing games after a while let you do some actions out of habit without thinking about them, and that I guess is what I should do about the manual shift).

Unfortunately seems like the only wheel, compatible with PlayStation 3 and GT5, is the Logitech G25, that doesn’t come cheap (€350), which is a bit of a problem, given that I never liked racing games before (on the other hand, I’d probably have to learn to like them given that I’m not likely going to drive all day every day to get used to the car). I guess I’ll wait till I get GT5, and if I fancy the idea I’ll consider that. In the mean time I should be able to work hard enough to afford that as well.

Oh and yeah, this shows how much of a geek I am.