[Cryptography] "The Moral Character of Cryptographic Work"

Henry Baker hbaker1 at pipeline.com
Wed Dec 2 11:00:49 EST 2015

At 06:24 PM 12/1/2015, Perry E. Metzger wrote:
>Of some interest to those here:
>a newly published essay by Phillip Rogaway entitled "The Moral Character of Cryptographic Work"
>Full text is at:

Long (46 pages), but well worth a complete read.

My favorite quotes:

In a 2012 newsletter column, NSA's "SIGINT Philosopher," Jacob
Weber, tells us his vision.  After failing an NSA lie-detector
test, he says:

"I found myself wishing that my life would be constantly and
completely monitored.  It might seem odd that a self-professed
libertarian would wish an Orwellian dystopia on himself, but here
was my rationale: If people knew a few things about me, I might
seem suspicious.  But if people knew everything about me, they'd
see they had nothing to fear.  This is the attitude I have brought
to SIGINT work since then."

"We tend to mistrust what we do not understand well.  A target
that has no ill will to the U.S., but which 118 is being monitored,
needs better and more monitoring, not less."

"So if we're in for a penny, we need to be in for a pound."

--Jacob Weber (deanonymized by Guardian readers): The SIGINT
Philosopher Is Back -- with a New Face!


[Read this really creepy document & weep.]

Very few of us [cryptographers] use tools like OTR, PGP, Signal,
Tails, and Tor.  It's kind of an embarrassment--and I suspect our
collective work suffers for it.  Christopher Soghoian insightfully
remarks: "It's as if the entire academic medical community smoked
20 cigarettes a day, used intravenous drugs with shared needles,
and had unprotected sex with random partners on a regular basis."

--Christopher Soghoian, personal communications, Nov. 28, 2015.

We might start small by doing our piece to improve the commons we
do have: Wikipedia.  It could become a routine undertaking at IACR
conferences and workshops, or at Dagstuhl meeting, for folks to
gather around for an afternoon or evening to write, revise, and
verify selected Wikipedia pages dealing with cryptography.  It's
the sort of effort that will pay off in many unseen ways.

More information about the cryptography mailing list