Monday, January 26, 2009

Downadup: A Cure Worse Than the Disease?

Anyone with a PC (and that means most people reading this blog) should know that there is a new worm out there which by some estimates has infected as many as one out of every three PCs worldwide. Known as Downadup or Conficker, it has spread rapidly in the last few weeks despite attempts by Microsoft to issue updated security patches to its Windows operating system. One reason these attempts haven't been particularly successful is that the worm reportedly disables the computer's automatic security update function by blocking access to security websites. Experts are concerned that the worm will be used by its originators to mount malicious botnet activity or other harmful and/or illegal actions in the near future.

That's all bad enough, but this attack has brought up an interesting ethical question. Suppose that security experts find that the worm is poised to do some really nasty things, as many already suspect it is. Suppose also that they (the "good guys," that is) figure out how to use the worm to gain access to infected computers, more or less the way its original developers intended. But instead of turning the worm (so to speak) to evil purposes, the security people use it simply to warn users that their computer is infected, and that they ought to do something about it. Would that be an ethical thing to do?

Opinions in the security community are reportedly divided on this issue. One security analyst was quoted by the New York Times as saying "It's a really bad idea . . . . The ethics of this haven't changed in 20 years, because the reality is that you can cause just as many problems as you solve." Arguing in favor of the idea, another expert was quoted as saying, "Yes, it's illegal, but so was Rosa Parks sitting in front of the bus."

I can think of at least two objections to the notion of using the worm itself to warn people about it. One is legal, and the other is more pragmatic and sociological.

The legal objection has to do with using malicious means to achieve a good end. If you as a security person exploit a worm that was developed by someone intending to harm others, you are intruding on the privacy and integrity of every computer that is infected. The very act of using such a means is illegal, even if you intend to use it for a good purpose. That is acknowledged by the expert who cited Rosa Parks as an example of someone who obeyed a higher law than what was on the law books at the time. But the immoral status of the law in this case is far from being as clear-cut to us now, as the Jim Crow discriminatory laws against blacks were when Rosa Parks disobeyed them half a century ago.

The pragmatic and sociological objection has to do with the reactions of the people who would get the alleged warning message. What is the first thing that comes to your mind when you get an email, say, telling you that your computer is infected and to go to such-and-such website to fix it? I don't know about you, but my first reaction is suspicion, and my next reaction is to flush the email, because I am pretty sure it is a "phishing" email designed to get me to compromise my computer somehow. The cyberworld has been so plagued by phishing dodges like this, that the chances of a legitimate message from a bona-fide security organization being believed are certainly less than 100%, and maybe much lower. So not only is it illegal, it probably wouldn't work very well.

There might be some invisible software way for the security folks to disable the worm remotely without the knowledge of those whose computers are infected, but who knows what other ramifications that might involve? Every computer is slightly different, and the risks involved in such tinkering probably outweigh the benefits that might result. Besides, it's no different in principle than walking into a stranger's office and messing with their computer, even if you mean to help out. Most people wouldn't appreciate this if they saw you doing it in person, and doing it remotely and invisibly doesn't change that aspect of the situation.

Maybe the person who brought up Rosa Parks is right, and the severity of the new worms like Downadup warrants a re-thinking of traditional ethics on this issue. An analogous historical situation that comes to mind was the controversy that arose when fluoridation of public water supplies was first proposed on a large scale in the 1950s to prevent tooth decay. This was another case in which an individual right (not to drink fluoridated water) was posed against a public good (the benefits of lower rates of tooth decay). In the Downadup issue, you have the individual right of not having some security expert mess with the inner workings of your PC, opposed against the common good that would result if said experts had the freedom to try counteracting worms by using the same methods the worms use. Although fluoridation is widespread, it is by no means universal and can still inflame controversies in regions where it is not yet practiced. Of course, public water supplies are delineated by geographic boundaries, while computer networks are essentially borderless, so the cases are different in that respect.

Perhaps we'll just have to wait and see what Downadup's evil creators (I have no hesitation in using that word for them) plan to do next. If its attacks are bad enough, maybe there will be a wider debate on the issue of how to forestall or prevent worms, including a reconsideration of the ethics of using worms to fight other worms. But until then, I'm not believing any emails telling me my computer's infected, unless they come from someone I trust in cyberspace. And these days, that's not a very long list.

Sources: The New York Times article "Worm Infects Millions of Computers Worldwide" appeared in the Jan. 22 online edition at http://www.nytimes.com/2009/01/23/technology/internet/23worm.html. I also used material from the About.com sites http://pcworld.about.com/od/virusesphishingspam/Downadup-Worm-Eats-into-1-of-E.htm and http://antivirus.about.com/od/virusdescriptions/tp/downadup.htm. (Full disclosure: My wife edits a blog for About.com, which is a subsidiary of the New York Times Company.)

Monday, January 19, 2009

Miracle on 45th Street: Role of the Engineers

What could have been a tragic airplane crash that killed over 150 people turned last Thursday into one of those rarities, a big news story with a happy ending. When Pilot Chesley Sullenberger mentioned a minute into his flight out of New York's La Guardia Airport that he was seeing a lot of birds, he probably didn't think that a few seconds later, both of his engines on the dual-engine Airbus A320 would flame out simultaneously. But the flight data recorder shows that is exactly what happened once the plane reached an altitude of 3,200 feet.

We don't know for sure if it was birds that caused the accident, but what we do know is that everything happening after that had years of skilled professional and engineering planning behind it. Sullenberger, as it happened, had made a study of how cockpit crews react to emergencies, and was planning after retirement to start an airline-safety consulting business. I would say that his chances of succeeding in that business are greatly improved after what happened next. By all reports, he calmly steered the aircraft down the center of the Hudson River, got on the PA system to the passengers to say only one thing: "Brace for impact," and splash-landed the craft intact, unless you count the loss of one engine, which was not doing him any good at that point anyway. Although there were isolated cases of panic on the part of the passengers, the plane remained afloat long enough for everyone—100%—to get out alive and reasonably well. Some people even went back to the airport and continued on their travels right away.

The word "miracle" is being used a lot to describe what happened. I will not argue with that. If you had asked me what the chances of survival were on a flight that lost power less than a mile above the Hudson River, I would not have given you very good odds. Over my years of airline travel, I have watched dozens of times as flight attendants went through the FAA-required safety lecture, complete with gestures involving seat belts and those improbable-looking life vests that they never actually inflate. I had come to regard the whole thing as a kind of ceremony done not for any practical consequences it might have, but merely to make the passengers feel better. Listening to them talk about inflating the vest by blowing into the mouthpiece and so on usually reminded me of an alternative version an irreverent colleague once told me: "In case of emergency, put your head down between your knees and kiss your a-- goodbye."

But the miracle of flight 1549 makes me rethink these cynical musings. It is indeed possible to splash-land a commercial airliner in such a way that if it happens to come down in the middle of one of the most rescue-ready waterways in the world, all the passengers and crew members can get out safely. I have been unable to discover how deep the water was at the crash site, but it was apparently too deep to support the plane, which nevertheless floated long enough for a successful rescue operation.

The fact that it did so, and that it didn't break up on impact, and that the engines didn't set the whole plane on fire after they failed, and a number of other fortunate occurrences that I am not technically savvy enough to imagine, is due not only to the grace of God, and the skill of the pilot and co-pilot, but to the planning, experience, and wisdom of the engineers who designed and built the A320 Airbus. Not every kind of aircraft could withstand that sort of abuse, but this one did. The survival of the passengers depended on the integrity of the airframe, which came through with flying colors (or floating, as the case may be).

Perhaps it is petty to quibble about a minor point, but the only thing that would make this good story better would be to discover that there were actually enough life rafts on the plane to accommodate all the passengers. I don't know whether there were or not. Now in the case of a 747 or something equally large, I don't think surviving a water landing is feasible. The stresses on such a structure would simply be too great, and even if you packed enough life rafts for the over 350 passengers, there might not be any room left for luggage. But after Sullenberger's triumph, we should at least give some thought to the question of how to survive a similar splash landing in the open sea.

In the early days of commercial air travel, many if not most intercontinental flights used "flying boats" intentionally designed to land on water. The reliability of reciprocating engines was simply not that great, and it was probably a good public relations move for airlines such as Pan Am to be able to reassure the public that even if all the engines failed (and there were usually four), there was at least a chance of landing safely on the water, whereupon the plane would float indefinitely. Once engine reliability improved, the flying boats gradually disappeared, although there are a few left for specialty purposes. It turns out that water landings have their own hazards, so the increased safety of water-landing aircraft is more apparent than real.

But the good news coming out of the Hudson River last Thursday was real, and I hope this incident enters the engineering ethics literature as a good example of things going right. It is fully as exciting a story as many less fortunate technical mishaps, and has a happy ending. One of my colleagues used to summarize his goals in teaching engineering ethics as "No headlines." Generally that is good advice, but the headlines about the miracle on 45th Street, near the Manhattan shore where the plane landed, were welcome news indeed, for engineers and for everyone else.

Sources: I drew upon several news reports for this column, including a New York Daily News item at http://www.nydailynews.com/news/2009/01/15/2009-01-15_passengers_in_us_airways_hudson_river_cr.html and a Yahoo News item at http://news.yahoo.com/s/ap/20090118/ap_on_re_us/plane_splashdown, which carried information about the flight data recorder.

Monday, January 12, 2009

Engineering in a Shameless Culture

Shame has a bad press these days. You rarely hear parents these days saying to a son who's just spilled syrup all over the breakfast table, "You should be ashamed of yourself," because it might damage his self-esteem. Shame in our minds is associated with extremes such as the stereotypical Asian who, when his wrongdoing is publicly exposed, goes into his room and falls upon his sword. Yet I would like to put in a good word for shame. I miss it. Here's some reasons why.

Let's do a little thought experiment. What would be the consequences of living in a totally shameless culture? For one thing, people wouldn't hesitate to do things in public that the prospect of being ashamed would otherwise keep them from doing. Though it has nothing to do with engineering ethics as such, the story of Illinois Gov. Rod Blagojevich comes to mind in this connection. The FBI has publicized recordings of him as he allegedly tried to betray his public trust of appointing someone to the Senate seat vacated by president-elect Obama, by bargaining it away to the highest bidder. (I put the word "allegedly" in there because anyone is innocent in the eyes of the law until proven guilty.) When asked about this, he calmly says he's done nothing wrong and goes on about his business, at least unless the Illinois legislature convicts him in the ongoing impeachment proceeding.

And what is happening in that case is typical of what goes on in a shameless culture. When people have a reasonably developed sense of shame, they tend to be self-correcting. Maybe they will slip up every now and then, but their sense of shame will kick in and stop them before too long. They might even apologize to those who were offended or harmed by the shameful behavior.

But in a shameless culture, the self-restraint imposed by shame is gone. If society intends for people nevertheless to refrain from doing shameful things, it can no longer rely on the emotion of shame to do its job. So society has to use other means: ostracism (which rarely works—shameless people can be quite popular), or, more commonly, the law.

Have you ever wondered why we have so many lawyers in the U. S. compared to the population? One reason may be that we have substituted legal proceedings for the function of shame. If Gov. Blagojevich had a stronger sense of shame, he might have behaved more like former New York State Gov. Eliot Spitzer did when Spitzer's sexual misconduct was exposed (again by a federal wiretap, so we are still relying on law enforcement to some degree). Former Gov. Spitzer's words as he resigned are significant: "Over the course of my public life, I have insisted – I believe correctly – that people take responsibility for their conduct. I can and will ask no less of myself. For this reason, I am resigning from the office of governor." Of course, if Spitzer had possessed a more developed sense of shame, he wouldn't have visited prostitutes in the first place. But at least he had the decency to be ashamed enough to resign when his malfeasance was exposed.

A piece of advice I received from an older engineer is worth considering in this connection. In discussing the writing of technical reports, he said, "Never write anything down that you wouldn't mind being published on the front page of the New York Times." No one who follows this rule is going to make a lot of money from publishing their memoirs in their old age, unless they positively enjoy embarrassing themselves and other people. But on the other hand, if you follow this rule you won't be embarrassed, or shamed, if during an investigation connected with a lawsuit some of your emails come to light and get read in a courtroom. or at a Senate hearing.

Notice that following that writing rule requires an act of imagination: you must ask yourself, "What if everybody could read what I'm writing, including the people I'm saying nasty things about?" Now sometimes engineers have to say negative things, if for example you are evaluating a bad design and have to give an honest opinion. But there is always a way to deliver bad news without engaging in personal attacks or insults.

We do not yet live in a totally shameless culture, though an argument can be made that we are headed in that direction. But remember that shame has its uses, especially if it is internalized so that you can imagine being ashamed before you actually do the thing that you would be ashamed of. If you can do that, a little shame now will go a long way toward avoiding a lot of shame later.

Sources: The quotation from Eliot Spitzer is from the eponymous Wikipedia article.

Monday, January 05, 2009

Are the Amish Right About Technology?

Anyone who has spent time in Lancaster County, Pennsylvania has encountered that cultural, religious, and technological phenomenon called the Amish. Most people don't know anything more about the Amish than that they drive horse-drawn buggies, not cars, and dress funny. In reading a book about Amish society, I came across an indictment of modern science and technology that I thought deserved an airing here.

The history of the Amish in North America dates to several waves of emigration from the Alsace region of Germany, where followers of Jacob Ammann separated themselves from the Anabaptist movement around 1700. The Anabaptists were an early Protestant movement who believed that baptism should be reserved for adults, not administered to infants as was the custom in the Catholic and many other Protestant traditions. In addition, Ammann made his followers separate themselves from the world by distinctions in dress, worship, and other ways. Both Catholic and Protestant governments persecuted the new sect, which came to be called the "Amish" after Ammann, and eventually the only surviving groups settled in North America in settlements that are now mainly in Pennsylvania, Ohio, and Indiana.

The reason the Amish are interesting to those who make their living in science and technology is that their communities do quite well while consciously restricting their use of technology in ways that are almost inconceivable to the rest of us. Imagine living in a house with no central heating, electricity, or indoor plumbing; no internet, cable, computer, TV, radio, or telephone; no automobiles, motorcycles, or even bicycles; and the main way you pass your time is by shoveling manure or cutting hay with a horse-drawn mower. To most modern Americans, a prison sentence might be more preferable—at least prisoners get to watch TV sometimes. Yet the Amish have not only survived, but have grown over the years, numbering by some counts over 200,000 today. This despite the fact that nearly all the Amish do not pursue education past the eighth grade, a policy which is another intentional feature of their beliefs and practices.

According to John A. Hostetler, a former Amishman who wrote an extensive sociological study of the Amish, one reason for this shunning of higher education has to do with their view of how they, as followers of Christ, should separate themselves from "the world." Here is how he puts it: "The Amish do not want their children exposed to the 'wisdom of the world,' for they are repeatedly taught in their preaching services that 'the wisdom of the world is foolishness with God' (I Cor. 3:19). The 'world' is educated, and to the Amishman, 'worldly education' leads to sinfulness, manipulative powers, and moral corruption. To the Amishman, the grossest distortions of education are perpetuated by the scientists, who have invented the theory of evolution and who have made bombs to destroy the world. Such ends are held to be contradictory to the Bible."

Are the Amish right about that? An important fact to know about the Amish is that the are not, in the main, evangelical. One becomes Amish by being born into an Amish family, rather like Judaism. They make no attempt to apply their own ways to the rest of the world. In a strange way, the Amish need the rest of us to be the sinful worldly background to their distinctiveness, which is not so much an attempt to freeze time as it is simply to be obviously different. For example, in imitation of the cupholders so popular in SUVs these days, Amish carriagemakers have taken to carving wooden cupholders and adding them as accessories to their horse-drawn vehicles.

So I don't view their view of higher education and the danger of scientific and technical knowledge in the same way I'd view a scholarly indictment of it by a philosopher, for example. Most Amish don't argue with outsiders at all; they simply live their lives in the ways they have chosen. And by doing so, they testify that not only is life possible without 96% of the modern gizmos we feel are necessary; in some ways it's better. How?

In a word, community. The word has been abused so much we forget its original meaning, which is "a group of people bound by significant social ties." In that sense, most "communities" in U. S. towns and cities are anything but. Anyone who has been utterly alone in a big city knows what I mean. But the Amish, with their large families, family-owned farms, and intergenerational and relational ties, "do community" better than almost any other distinct social group I can think of, at least in North America. (Many cultures in African and Asian countries do nearly as well, at least before they move to America.) If the average Amishman faces a hard lot of physical work every day, at least there are family and friendships to share the burdens with, and knowledge that when he gets too old to work, he will occupy a respected and honored place in a true community of like-minded people.

What can we learn from the Amish? After reading Hostetler's Amish Society, I am convinced that it would be a mistake to try to take isolated pieces of the Amish culture and apply them willy-nilly to the secular culture. To use a crass analogy, it would be like trying to run Mac software on a PC: the entire environment is different.

And the Amish are not perfect, by any means. They have crime, illness, defectors (about 1 of every 5 children decide not to continue living as Amish as adults), and other social problems of their own, plus the continual struggle to preserve their way of life in a world that is not sympathetic with what they are trying to do, except in a superficial way.

But I think what they can teach us is in the nature of a demonstration experiment. As long as there are Amish communities living reasonably happy, prosperous lives while driving buggies and warming themselves with wood stoves, they show that life without a lot of the things we have come to think of as necessities is really possible. And while I don't think that should turn us all into Amish, it is a good motivation for making our own lives simpler and moderating our desires, both technological and otherwise.

Sources: The statistic on current Amish population (technically, the Old Order Amish) is from the Wikipedia article "Amish." The quotation from John A. Hostetler's Amish Society (fourth edition, published in 1993 by Johns Hopkins University Press) is found on p. 248.