"Both US-persons and non-US-persons have a right to be free of routinized surveillance. This
right does not spring solely from the US Fourth Amendment; it is a human and natural right
as well."<p>This cannot be overstated. Americans are no better than the rest of the world. If anything, being the masters of mass surveillance makes us worse. We're creating the big brother blueprint.
Wow does "UC Davis Professor" ever bury the lede here; Phil Rogaway is one of the most famous working cryptographers. He's also notable for having patented the best known AEAD scheme and granting a free license for all nomilitary use.
I completely agree, about the codes of conduct bit. Any software developer who's taken part in any of this, who's an ACM member, should be ousted for gross violations of the ACM Code of Ethics<p><a href="http://www.acm.org/about/code-of-ethics" rel="nofollow">http://www.acm.org/about/code-of-ethics</a>
<p><pre><code> "It is contrary to corporate responsibility for a company to
assist in the creation of artifacts, such as server farms,
routers, or analytic engines, intended for mass surveillance."
</code></pre>
Is there a list of companies which supply equipment and/or services to the NSA?
"It is contrary to the ethical obligations of cryptographers, computer scientists, and engineers to participate in the development of technologies for mass surveillance. It is also a violation of professional codes of conduct."<p>I agree. All of us developers have obligations that are higher than achieving personal wealth, or being a family breadwinner. We are the literate elite of our times. This status gives us the potential for great monetary benefit doing something we like, but it also comes with its social responsibilities.
I would love to see everyone in the IT industry take a similar pledge.<p>If enough of us do we can choke off the oxygen supply to these organisations, especially if we make it an unattractive career prospect for undergrads.
Finally someone who actually gets it that mass surveillance is wrong in principle even when it does not have US citizens as subjects.<p>Thank you professor Rogaway.
> This right does not spring solely from the US Fourth Amendment; it is a human and natural right as well.<p>As a "non-US-person", I found myself particularly moved by this line.
I used to work for Sophos, the Anti-Virus & computer security company.<p>It was made very clear to me when I joined that they did not want to employ anybody who had ever had anything to do with hacking or writing malware, and that any hint of this would be grounds for immediate dismissal.<p>It was also made very clear that any such individuals would be black-balled by the industry as a whole.<p>I can only presume that this scheme would cover cases of hacking or espionage by government employees, or other such abuses of trust.<p>Whilst I acknowledge comments that raise the spectre of McCarthy-esque witch-hunts, and I share the concerns, I do think that it would be entirely appropriate for this scheme to extend to other technology companies that bank on a trustworthy reputation, and who need to prove beyond doubt that they have not been infiltrated by individuals with a history of abusing privacy and subverting technology for malicious purposes.<p>To an extent, this is already covered by the codes of conduct required by institutions such as the ACM, IEEE, IET, BCS and so on. I wonder if they will step up to the plate and enforce their codes of conduct (and if necessary, update them in light of recent developments).<p>Also, employers do not normally require their programmers to be members of these institutions, and the level of membership is very low. I wonder if this should change, or if we should set up a new institution for this specific purpose?
I would love to have been a fly on the wall when the director of the NSA is meeting with the president telling him that the only way to ensure national security against terrorism is to start these mass surveillance systems.<p>"Okay", says the president. "I guess if it's the only way then I'm sure the people will understand it's in their best interest" <i>slight chuckle escapes his lips at the end</i>.<p>When it should have gone something like this.<p>"Bullshit! I will not sacrifice the freedoms that are the foundations of America, simply to make your job easier on you. If you can't do the job without destroying the very freedoms you should be protecting, I'll damn well find someone who can!"<p>Director of NSA: <i>while stuttering</i> "Well actually we could work together with the CIA and FBI as well as foreign intelligence to garner the necessary intel that would give us actual probable cause to start monitoring someone by legal means with a warrant and everything."
So presumably the author is OK with whatever surveillance the UC school system has? Unless the U.C. school system doesn't have network monitoring installed? Is he OK with with students torrenting terabytes of information of questionable legal origin? Because I guarantee that the UC IT department has some sort of network surveillance going on. Scanning emails, possibly. Monitoring bandwidth usage by specific MAC addresses. And probably much more than that.
Like everyone, I've read a lot about the aftermath of Snowden's disclosures. This is the first time I've read an official condemnation from an industry leader. Amen.