Monday, August 27, 2007

Hackers and Slackers: Hotz's iPhone Hack

Thanks to George Hotz, 17, of Hackensack, New Jersey, we all know how to hack into an Apple iPhone to make it work with at least one cellphone carrier besides AT&T. Of course, not everybody has the combination of manual dexterity, software skills, and access to knowledgeable friends that Hotz brought to bear on the problem. As soon as George got one of the newly released phones in June, he set to work with some fellow online hackers to crack the iPhone's secrets. A week or so ago, he succeeded, and newswires everywhere carried reports about his feat and interviews with him. Despite comments from some of his "slacker" friends that he wasted his summer, I emphatically disagree.

I must confess a fond feeling of spiritual fellowship with Hotz. When I was his age, I spent my summers on similar techie quests that mystified most of my friends and relatives, although none of my exploits gained the publicity Hotz's did. He is no stranger to techno-fame, having competed successfully in Intel's Science Talent Search several times. All the same, we know that Apple and AT&T are probably not thrilled to hear that at least a few people can use their equipment in a manner contrary to their intentions. Is what Hotz did ethical? For that matter, what are the ethics of hacking in general?

From all reports, Hotz is clearly not trying to profit from his endeavors, at least not directly. He saw the hack simply as a technical challenge to overcome, a test of his own hacker skills, and after hundreds of hours of work, he and his online buddies succeeded. The fact that using the iPhone with a network other than AT&T goes against the spirit if not the letter of the law (at least as interpreted by AT&T and Apple) is peripheral to the main issue, which was whether Hotz could make the thing work the way he wanted it to, not the way its makers intended.

Hacking can be viewed as a game. The hacker pits his (or occasionally her) brainpower against whoever or whatever made the objective to be hacked—an iPhone, a Defense Department database, or a bank's credit card system. The rules are of two kinds: technical and moral. The technical rules are determined by the existing structure of the objective, which includes software, hardware, and physical and mathematical laws. The moral rules have to be internalized—there are no moral signposts out there that have to be obeyed in the sense that the law of gravity has to be obeyed. Hotz has expressed no interest in running a business hacking iPhones, but now that his hack is on the web, somebody else may do just that. And at least indirectly, Hotz would bear that responsibility.

Believe it or not, this matter relates to a distinction made by the philosopher Alasdair MacIntyre between what he calls internal goods and external goods. In essence, MacIntyre asks the question, "Given a practice which requires attention, the development of skill, and devotion over a period of time, what are the goods that we seek in return?" That is, if one wants to be a doctor, or an engineer, or a priest, one has to devote years of life to learning how to do these things well. If human beings seek the good, what are the goods that we seek in learning how to do such practices?

MacIntyre classifies such goods into two categories. Goods internal to a practice are examples of excellence judged according to the rules of the practice itself. A good internal to the practice of surgery is a new and more effective way of doing a gall-bladder operation, for example. People who are really "into" a skill such as surgery, music, or even iPhone hacking get a thrill from doing the practice well and thus creating goods internal to the practice. On the other hand, goods external to the practice are things like money, adulation, promotions, and the other incentives that organizations use to get professionals to do their practice for them. Clearly, there are many ways to get goods external to a practice, but to achieve goods internal to a practice, you have to do the practice itself well.

All right. It looks to me like Hotz's main motivation was a good internal to the practice of hacking. Hacking the world's most famous cellphone was a truly elegant hack, and Hotz did it. The fact that he's not skipping college to go make lots of money hacking cellphones shows that he is not unduly attracted by goods external to the practice of hacking, as some may be.

MacIntyre develops these concepts of goods and practices in the context of his ethics of virtue, which he bases on Aristotle's ideas. Since nobody can put things quite like MacIntyre, I'm going to quote his definition of virtue in its entirety, from his book After Virtue: "A virtue is an acquired human quality the possession and exercise of which tends to enable us to achieve those goods which are internal to practices and the lack of which effectively prevents us from achieving any such goods." To do his hack, Hotz had to be persistent, patient, attentive to detail, communicative with his hacker friends, ingenious, and self-educated, largely (there are no official hacker schools, to my knowledge). All these are virtues, in MacIntyre's terms, which helped Hotz do his hack. Were he to be tempted by external goods—the money, the fame of being blatted over MSNBC, etc.—he might turn his skills to nefarious purposes. It's interesting that Hotz wants to major in neuroscience—"hacking the brain!" as he puts it in one report. And if he achieves his dream, even partly, of "hacking the brain," there is no need to expand here on what dangers and promises that goal holds.

What Hotz does next depends on not only his technical skills, but the kind of person he is and the kind of circumstances he finds in college and beyond. You may recall that as a teenager, Bill Gates engaged in a similar kind of hacking with a "blue box" that allowed him to make free long-distance phone calls, provoking the ire of what was then the monolithic Bell System. Smart, effective people generally have something of the rebel in them, and suppressing such tendencies too much would lose us some good talent. But judgment comes with age and experience, and let's just hope that in the future, Hotz and his friends use their abilities for internal goods—and the good in general.

Sources: An MSNBC story about Hotz's achievement is found at http://www.msnbc.msn.com/id/20424880/. The Austin American-Statesman carried a reprint of a story about him from by Martha McKay of The Record on Aug. 27, 2007. Alasdair MacIntyre's After Virtue (2nd edition 1984) is published by University of Notre Dame Press.

Monday, August 20, 2007

Skype's Wipe-Out

Just because a surfer wipes out every now and then, you don't jump to the inevitable conclusion that he's a bad surfer. And if a relatively new technology suffers a massive failure that puts it out of action for a few days, that isn't necessarily a reason to give up on it, condemn it, or conclude that it will never work. All the same, the recent collapse of the peer-to-peer function of what one source calls the world's most popular Internet telephone service has some lessons about reliability, the Internet, and using things for what they were designed for in the first place.

First of all, what is Internet phone service? The form provided by Skype works like this. With some inexpensive hardware such as a headphone and microphone, you can log on to Skype and call any of the millions of its other subscribers without incurring a per-use or per-minute fee. My understanding is there is a flat monthly fee, but that's it. Your phone call is routed directly over the Internet, completely independently of landline telephone wires or cellphone networks. So as long as the party you wish to call is on Skype too, you can say good-bye to concerns about talking too long on long distance calls, using up your cellphone minutes, and all those other worries.

Well, the other day (Thursday, August 16, to be exact), all Skype users woke up to a rude surprise—Skype was down worldwide. Despite initial concerns that it might have been a malware attack, the latest news is that a software glitch caused it. From the description posted on Skype's official website by staffer Villu Arak, Skype inadvertently caused the problem itself. Apparently, they sent out a routine software update to every user's computer. This update told the computers to restart. Well, all those computers restarting all over the world woke up and started trying to log on to Skype again. This massive pile of logon requests should have been handled by Skype's system, but due to a software defect, it wasn't. The end result was that the whole thing came unraveled and took a couple of days to put back together.

I don't know whether anyone uses Skype as their main form of telecommunications. Probably there are a few people in special situations in remote areas, but only a few. If there were, they were high and dry without a phone for the time that Skype was down. Probably most users take advantage of it as one of several communications options, an inexpensive alternative, possibly within a company where a central authority can enforce the use of Skype rather than conventional telecomm systems that cost more. But the convenience and low cost come at a price.

Technologies are not just hardware, or hardware and software, but a combination of that physical stuff and ideas, aspirations, and habits in the minds of billions of users. As new technologies come into being, to be successful they have to fit into the existing complex of human activity and the material environment, while changing both. In the process, existing technologies are often adapted for uses that their original designers never thought of.

Internet phone service is a case in point. If you were going to set up a worldwide computer network from scratch and design it mainly to provide telephone service, it would look like nothing that exists today except in a few laboratories. Why is that?

The closest thing to it is what is operated by the old-line telephone companies—the Bell System babies, or teenagers, or however you want to describe them. Their fiber-optic based networks are full of compromises because they've had to keep handling their huge amounts of traffic ever since the dawn of the telephone age. This requirement to use existing hardware rather than throwing everything away, starting from scratch, and going broke in the process has left them with a material burden that is matched by the regulatory burden which prevents them from doing a lot of things that they'd like to do. Because of the burdens of history, neither their physical environment nor their legal environment is what they'd like if they were starting over from the beginning.

The Internet was built basically from scratch over the last two or three decades, so in principle it comes closer to the ideal. But it wasn't designed for rapid, reliable, two-way audio signal transmission. You can force internet protocols to deliver up something that resembles an old-fashioned analog phone conversation, but it's difficult, it wastes bandwidth, and you're basically making the system to do something it wasn't designed initially to do. Fortunately, with enough bandwidth a lot of hard things become easy, which is why Skype can be as successful as it generally is. Still, Skype has the huge problem that not everybody in the world is on it. On the other hand, everybody with a telephone of some kind can in principle dial anyone else with a phone, and that fact makes the conventional international telecomm system that much more valuable. Every person added to that system makes it incrementally more valuable to everyone else already on the system. This is why communications networks tend to be dominated by a few large players, or only one.

And then there's the reliability problem. Since the public telecomm systems have gone heavily software-intensive, they have had their share of software glitches. But decades of conservative engineering practice have taught them to be hyper-cautious about changing anything. I once spoke with a woman who was a software engineer with one of the major "baby Bells" in an office near Chicago. She said that in order to make a small change in one line of code in the master operating software for their network, she had to put in about six months of work testing, checking, getting authorizations, and so on, before she could make the change. Only large, established organizations have the resources to take such pains, but it pays off in reliability.

Maybe Skype will learn from this experience, and spend a little more time testing new software. As it happened, the problem they had was more of an inconvenience than a disaster, except maybe to their bottom line. But as we rely more on Internet-based communications systems for things like medical records and emergency communications, reliability will move up the list of desirable features closer to the top. Let's just hope that the Internet can stand the strain.

Sources: The San Jose Mercury-News carried an article by Sarah Jane Tribble on Skype's outage at http://www.siliconvalley.com/news/ci_6656717. Mr. Arak's comments can be found on the Skype website under the title "What happened on August 16" at heartbeat.skype.com.

Tuesday, August 14, 2007

Emergency Communications: FCC To the Rescue

So much of engineering ethics deals with bad news that I'm glad to report some potentially good news for a change. At the end of last month, the U. S. Federal Communications Commission did something that may vastly improve the way first responders across the nation can communicate in large-scale emergencies. But to appreciate this good news, you need to hear some old bad news about the sorry state of emergency communications today.

During the World Trade Center attack on Sept. 11, 2001, dozens of firefighters died, and later studies showed that a contributing factor was the gridlock in radio communications that happened that day. Policemen, firemen, ambulance drivers, and other emergency organizations need fast, reliable communications to save lives of both disaster victims and their own. But in the World Trade Center collapse and during Hurricane Katrina, people died needlessly because emergency radio communications systems broke down.

First responders have used two-way radios in this country since at least the 1930s, but unfortunately, the basic design plan of the technology has improved only marginally since then. Radios are smaller, lighter, and more durable, and computer technology has made some improvements, but many if not most emergency radio systems operated by city, state, and federal jurisdictions are basically analog point-to-point links. If phone companies had stayed with this model, we would still have about ten mobile telephones per metropolitan area instead of the millions of cell phones we have today.

Why haven't emergency communications systems gotten on the cellphone bandwagon? The reasons are complex, but here are two. First, most first responders are local: town fire departments, regional sheriff's offices, etc. Cellphone-like wireless networks require vast investments in infrastructure (towers, switches, computers, etc.) and are inherently large-scale operations, covering vast geographic areas. Second, the regulatory environment reflected traditional technology—the Federal Communications Commission (our traffic cops of the airwaves) up to now has not updated the frequency spectrum allocations to allow broadband wireless technology in this sector, even if there was anyone around who wanted to do it. As a result, we have a system that works okay most of the time, but tends to collapse in a crisis such as 9/11 or Hurricane Katrina–just when you need it the most.

Well, I am happy to report that at least the FCC is getting its act together in this area. On July 31, FCC Commissioner Michael Copps issued a statement accompanying some rule changes that promise to improve the situation in emergency communications in a big way.

You may be old enough to remember TVs with tuner dials, like cheap radios have even today. One dial covered the VHF channels 2 to 13, and the other dial was labeled UHF and went from 14 to 83. Well, now that digital TV is coming along like a freight train, the new smaller frequency allocations it requires have freed up what amount to UHF channels 52 to 69, some 108 MHz of spectrum space. The FCC is going to auction this valuable natural resource off in various ways, but it has reserved a chunk of it for (drum roll, please) a national interoperable public-safety system.

Now what does that mean? If all goes according to plan (and the plan, which involves both public and private funding, is by no means certain to work), we will go from creaky old analog radio systems that basically don't let firemen from Town A talk to policemen in Town B right next to them, to a broadband wireless cellphone-like system that will let anybody talk with anybody else they need to, and will have enough reserve capacity to handle the largest emergencies likely to happen. In his prepared statement, Commissioner Copps regretted that his fondest dream of a fully federal-funded system wasn't going to happen, but apparently he has high hopes that a commercial outfit will step up to the plate and bid for the spectrum that can be used to achieve these ambitious goals.

I have not studied the details of the FCC plan, but I do know the present hodge-podge of emergency communications systems has big problems. I congratulate the FCC on at least trying to do something about it, and hope that Commissioner Copps' dream becomes reality. So if you have any old analog TVs that you're going to have to scrap come February of 2009 (when analog TV is scheduled to fade into the sunset), comfort yourself with the thought that at least some of the spectrum thus freed is going to be used for a good cause. In my experience, those high-band UHF channels never came in very well anyway.

Sources: Commissioner Copps' July 31, 2007 statement can be obtained from the FCC website (http://www.fcc.gov). For more about the problems with present emergency communications systems, see my article "We've Got to Talk: Emergency Communications and Engineering Ethics," scheduled for publication in the Fall 2007 issue of IEEE Technology & Society Magazine.

Tuesday, August 07, 2007

Fixing What's Broke—or About To Be

At this writing, four people are known dead and eight missing in the collapse of the eight-lane freeway bridge that carried I-35W over the Mississippi River in Minneapolis. A little after 6 PM last Wednesday, the bridge simply fell down in stages, as caught on a security camera video. We won't know for sure why it fell until months later, after engineers have studied the wreckage and pieced together the sequence of events that led to the disaster. Initial speculation has centered on corrosion and fatigue cracking, together with possible overloading in the bridge's weakened condition by construction equipment assembled at one end. Whatever the cause, it seems to be accidental rather than intentional. But that doesn't bring back the dozen or so people who died, the dozens more injured, and the millions inconvenienced by the sudden disappearance of an essential piece of Minneapolis's transportation system.

Most discussions of engineering ethics center on decisions that an individual engineer makes—whether to sign off on a doubtful drawing, whom to consider when designing a new product, those sorts of things. But if we think about right and wrong and technology in connection with great projects and large institutions, you get into the realm of what someone has called "macro" engineering ethics, as opposed to the "micro" ethics of individual decisions. Governments and institutions, and whole populations, can do the right thing or the wrong thing as well as individuals. The case of the Minneapolis bridge is a sign that a long-deferred problem of macro-engineering ethics is coming home to roost.

This problem has the dull-sounding name of "deferred maintenance on infrastructure." Infrastructure means the whole network of generally public services that make a city pleasant and livable, or by their absence, almost intolerable. Infrastructure helps makes New York City a fun place to visit, even without a car. Lack of basic infrastructure, such as electric and water utilities and trash pickup, is one thing that makes life in Baghdad so miserable these days. In the United States, local, state, and federal governments have historically taken the responsibility for most of our infrastructure, dating back at least to the early twentieth century. Where private companies were involved, as in telecommunications and electric utilities, they were regulated to such an extent that they could almost be regarded as branches of government. In such an environment, technology did not advance perhaps as rapidly as it could have. But reliability and safety were paramount, and by and large these goals were achieved in an exemplary way. For the three or four decades after World War II, America's infrastructure was the envy of the world. And it was built and maintained largely either by governments or under government supervision. That is not a political statement. It is a statement of fact.

Came the 1980s, and Ronald Reagan in the U. S. and Margaret Thatcher in Great Britain urged a more privatized libertarian vision for the future. I heartily endorse some aspects of this movement toward classical liberalism, which is now known as conservatism. And in many respects, this political movement was needed to correct for some socialistic excesses. But since then, privatization and a libertarian, individualistic philosophy have been taken by some to an extreme that is both unrealistic and harmful in the context of our present situation. Let me explain.

The May 7, 2007 issue of Business Week magazine carried a long article called "Roads to Riches," describing how the new private capital market in formerly public works is growing by leaps and bounds. All over the country, private investor groups are snatching up toll roads, bridges, water utilities, and other large chunks of infrastructure from cities and states that are strapped for cash. In many cases, they are strapped for cash because the voters will not put up with higher taxes. When they do get money in these deals, governments tend to spend it on things that the voters see and like, such as poverty programs, education, and so on. My paycheck for teaching comes from Texas state taxes, and so I would not be expected to criticize this way of spending overmuch. But to sell infrastructure to the highest bidder and spend the proceeds on other things is to ignore statistics such as one we have heard over and over again since last Wednesday's bridge collapse: the American Society of Civil Engineers says that over a fourth of the nation's bridges are either structurally deficient or functionally obsolete.

Infrastructure is a long-term thing. Unlike budgets, fads, and politicians, bridges and roads and power lines are meant to stay around for ten, twenty, or forty years. But not forever. Just like any other engineered product, these things have an estimated life span that assumes they will be properly maintained during that time and will be replaced before they wear out. Either somebody (public or private) pays for fixing and maintaining them and eventually replacing them, and you have decent infrastructure during that time; or else you spend the money somewhere else and the infrastructure begins to come apart, as the Minneapolis bridge did spectacularly last week. There is no third alternative.

I hope some good will come of this tragedy in the form of a renewed intelligent and productive discussion about how we should pay for keeping up our infrastructure in this country. Free-market zealots who believe in privatizing everything should visit Lagos, Nigeria, which in some ways is a libertarian's paradise. If you want electricity, you buy your own generator and run it yourself. If you want water, you build your own rainwater collection system or you buy water on the free market from a water wagon. If you want to know if the water's clean, you test it yourself. As a result, Lagos is polluted by the exhaust and noise of thousands of generators and awash with the stench of untreated sewage.

Of course, putting government in control of everything doesn't solve all the problems either—the old Soviet Union and its satellites such as East Germany and Cuba showed that. What is needed is a sense of community, a sense that if I pay reasonable taxes, even if they are higher than last year, they will be spent on all that dull stuff such as bridge repair that I can't do myself, but which I want to benefit from. That sort of thing was traditionally seen as the proper province of government. Maybe private companies would do as well or better, but I have my doubts. Private or public, we need teams of people of good will who have the public's good at heart—not next quarter's stock market figures, not some ideological principle that sounds good on paper, but simple good will. And maybe that's what we're missing the most.

Sources: The American Society of Civil Engineers maintains a national "report card" on state-by-state infrastructure problems, which can be viewed at http://www.asce.org/reportcard/2005/index.cfm.