Librarium Whitehat
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one


This is not going to be a technical discussion but rather a philosophical one. For those of you who feel philosophy has no place in technology, fell free to leave and have a nice life. I on the other hand, feel that all undertakings in life need to be properly understood, this includes not just the how, but also the why. So this is no guideline of ethics but rather a discussion of why ethical guidelines are needed. This is especially true of those who possess a keen understanding of the technology of our world.

I say this because we are the alchemists of the information age. In our world today we have 1's and 0's which are cars, houses, money, even reputations, and just about anything else. Technology is so pervasive that there is no-one that is not impacted in some small way. All thats needs to happen for a person to go from being wealthy to not, is for some 1's and 0's to change. Alchemists of ancient times sought to turn lead into gold, this goal has never been closer to being realized then in the current modern world.

I also use the term alchemist for another reason. To the vast majority of people in the world today, what people like us do is almost magical. In their daily life, anything which a computer says is the truth, because computers don't lie. We on the other hand know that computers cannot tell the difference between fact and fiction, they merely report on what they think are the facts. So when we change these immutable facts, people are amazed that we can make the infallible computer do what we want it to.

But, as with all knowledge, it can be used for good or evil. Knowing how to crack passwords is not in itself inherently wrong, it is the use you make of the knowledge which results in order or chaos. Those of us who protect information make use of the same tools and knowledge that those of us who attack information use. In many cases it requires more knowledge to protect then it does to destroy. Those who protect must ensure that all the holes are covered, while those who attack merely need to find one. It is also those who protect who most must understand the why.

Now nothing of what I have said so far is new, we all recognize these facts, the question I want to pose is; "Who do we serve?". Why do we protect information? Why do we do the things we do the way we do?

I propose the idea that we protect people. When I say people I do not mean that we always do what our employer tells us, I do not mean that we always take the side of our users, or even that we always do what our peers tell us. I mean that we serve people as a whole. We do not only prevent attackers from attacking in, but we also prevent people from attacking out. It means making the hard choices about what freedoms to limit and which to allow. Making the hard choices about what we can do and what we should do. There is no clear cut path, no silver bullet for the problem. Why do we do this? Because if we do not, we are not better than those who use what they know to attack others.

Even this choice carries it's own pitfalls. When we protect we must never fall into the trap of the self-righteous. We are there to serve, not to spread fear or persecute. We are there to defend the people, not to start a witch-hunt. Make no mistake, choosing to do the right thing all the time is not easy. When you don't get that raise or bonus, but it goes to the office brown-noser. When you are treated badly or possibly even victimized for trying to do the right thing. There are very few other professions that daily have to work with the object of temptation, but yet not cross the line. Every time we sit in front of a keyboard we have to realize that even though we could, we shall not.

As I said earlier, there is no easy recipe for this, each one of us has to make their own choices, but I would like to share my own personal checkpoints; Don't worry, I'm almost off my soapbox. The reason for going through this is that many of us are not entirely honest about why we do what we do. Some do it for power, a sense of prestige, a feeling of importance, or many other things. No-one's life is great all the time, we all have rough patches. And it is in those times when we most need to do what is right, and not being honest or doing things for the wrong reasons ... well, suffice to say I think it makes things worse. I will finish with two quotes...
"Let those who hunt monsters, be careful that they themselves 
do not become monsters. For when you stare into the abyss,
the abyss stares back."
--Fredrick Nietzsche--

"With great power comes great responsibility"
--Ben Parker (from Spiderman)--