The Ethics of Cryptography
Gustavo Banegas
29/11/2021
The Ethics and Duties of Cryptography
This post will not be a direct application of cryptography. However, it has a connection with cryptography and research.
At the beginning of my Ph.D., Philip Rogaway just published the paper "The moral Character of Cryptographic Work" [1]. I need to say that this paper made me like more cryptography and its community. No matter where in your career ladder you are at the moment, if you didn't read the paper I strongly recommend you to read it.
In the paper, Rogaway brings several aspects about research and cryptography such as how academic cryptography used to be more political since the authors were more concerned about the sociopolitical impact of their work. Another example of cryptography and politics together is in the '80s with the cypherpunks and their manifest [2]. Honestly, I could write several paragraphs on cryptography and politics instead I will let the reader go to [1]. I recommend the reader to read Rogaway's paper, it is not just about the political aspect but is also about the morality of cryptographic research.
In my opinion, this is a topic not well discussed in the community. We can go deeper in the discussion of good vs bad science. However, even in good science we still have some open discussions to do such as "Why are we doing this?", "What is the impact of my research?", "Who will be using it?". Those questions seem in decline when a new project is presented on our front, but those questions need to be more involved nowadays.
Ethical questions are not the main questions for engineers, mathematicians, and computer scientists, or at least, the ethical questions are not so visible as in other areas. In cryptography, sorry about the pun, but they seem to be hiding in several aspects. Sometimes, we do not see the usage of our work since sometimes it seems so theoretical that we forgot the practical part of it. On the other hand, the practical aspects forgot about the consequences and the scalability of it. For example, some years ago we had the heart bleed attack , which affected servers around the world.
Since it will be a short post, I will not stay longer presenting examples or saying more about the morality of cryptography. I will just let the message that everyone should read Rogaway's paper [1].
[1] Rogaway, Phillip. "The Moral Character of Cryptographic Work." IACR Cryptol. ePrint Arch. 2015 (2015): 1162. https://web.cs.ucdavis.edu/~rogaway/papers/moral-fn.pdf
[2] Arvind Narayanan: What Happened to the Crypto Dream?, Part 1. IEEE Security & Privacy. Volume 11, Issue 2, March–April 2013, pages 75-76, ISSN 1540-7993