Security and ethics

Ethics and exploitation

In the security world there is a seemingly unique requirement according to Cory Doctrow in this video (which is a great watch BTW). I agree the security industry requires full disclosure of algorithms and methods to run effectively, but I do not believe this is unique. We all hear companies professing their ethics, it’s a badge of honour flung on every Wall Street bakers lapel and shared with every business marketing exec. Of course much of this is smoke and mirrors as exploitation is the heart of many businesses. We exploit customers and innovation. The common phrase on finding an innovation is ‘how do we exploit this’!

Ethics, I propose, like security cannot happen without openness and importantly the ability to adjust, just as security researchers do, why else make algorithms public? If a company finds itself using products manufactured by slave labour, it should immediately state this and how it was going to fix it. In many cases this does not mean shut the sweat shop as it could cripple very poor villages, instead the situation should be resolved properly and without further damage to the poor people caught up in this mess. Many PR experts will disagree as brand tarnish may happen, well guess what? we are part of a species and not a brand, it’s our number one priority to advance humanity, not to have shiny wee pictures of fruit on our computer lid.

Open ethics, or none

The conjecture here is that and ethical approach to business means an open approach. To be open requires great strength for many companies. The reason for this strength is the companies inability to act fairly, they may have sales people trained to ‘leave nothing on the table’ as many UK sales people will chant. An ethical company will have tiny problems being open. In MaidSafe we have tried many ways to achieve this so our code is open, our development is open etc. but that’s not even close to being open and ethical.

When I do talks or presentations, I handle them in a scary way for professionals in this field. I use no notes, don’t practise and never ever use slides. I have no idea what I will say and many times change track part way through a talk. This is possible because I think I have a few rules, never lie and never associate with liars, never exploit others but help them and never associate with overly negative or greedy people, where possible. This gives me great strength as I do not need to remember ‘the company line’ all I do is talk openly and freely about anything and it will be OK. Mistakes are something I need to learn from and I am in no way scared of these, that is very important to.

We tried to even record staff meetings and put them on line. After a couple we stopped, not because we are not open. We stopped because folk felt like they were on the Truman show. I fought this hard, but failed to convince staff it was worth the feelings of discomfort. I lose many such debates, but that’s important in itself. Now we host Google Hangout sessions and take questions from the public and answer them, there and then. We debate and argue in public, wow!. Surely that is dangerous? No the opposite, humans deal with humans and not scripts. So this actually allow people to see our strength through our flaws. As for ‘toe the company line’ then everyone does as there is no company line. We all share a vision and that is to provide privacy security and freedom to all the worlds people. This is as close to a company line as anyone needs. I think nearly everyone in the company knows my passwords and can read my emails, as I leave machines logged in at work so people can get at my mail. It is important to try and get to this stage, even for privacy advocates like me. Dichotomy? not at all, openness and privacy are bedfellows.

I firmly believe this model of speaking with business partners, mixed in with the public is very powerful. This means our algorithms are peer reviewed and market tested and adjusted in real time. It is way better than company oversights, board meetings etc. this is us and its open.

Unless these types of actions are taken then it would be as hard to say we are ethical as it would be difficult to create a new encryption algorithm in secret. Both options would fail and the encryption argument has been won many years ago.

I believe it is now time to progress the ethics argument.

Sell value or shut

Any transaction that leads to sustainable business should be an exchange of value. If people exchange their cash (value) for your product or service then they expect the same or better value (for them) in return. Today many companies think this is achieved by telling the people they get value and tell them over and over in an attempt at neuro-linguistic programming. This is not a transfer of value. Many of these companies will profess and ethical approach, many even may give donations to charity and attempt to purchase their ethical stance. That should not work but it does seem to, but does it really (remember sustainability)?

There is something happening in society, we moved towards self interest and a ‘grab all the cash’ approach in the 80’s. Such behaviour was encouraged as the free (to exploit everything) market was touted as the way to all the riches of the world for all the people on the planet. That approach has led to the near collapse of our society. I think like many others the current approach needs dramatic change. Is this reflected in business practices though? Apparently not as we still hear daily of unbelievable corruption, or system failure.

This is where ethical companies can jump in and see huge profitability. Yes ethical to me means profitable. It seems people hear ethical and think philanthropic or similar. Ethical is an approach to transferring value more effectively than marketing heavy persuasion of unethical or closed business models. Consumer facing companies in particular benefit a lot here, as they try to sell value to the public they can benefit from including as many of the public in their thoughts and product designs. These companies would also benefit from the legions of supporters who will feel included.

Closed companies should be considered unethical just as a closed security algorithm should be considered flawed. Not until these companies can prove their ethics should they be considered ethical. Failure to do this should probably have the same effect as an unproven security algorithm.

Profit for the long-term

I have previously written that immense amounts of cash in people’s banks is not a good thing as society runs on cash like an engine runes on oil. Removing any of these two causes problems. Why then do I advocate profitability, is this not grabbing cash? Well no! This is proving value and that in itself is all we need to be doing as a profit driven business. The investors in such business will reap great returns and they should. To keep investing again and again, is a great thing. These investors should include actual investors, staff, business partners and society.

In MaidSafe we are partnering with many companies who are like-minded. This in itself makes the proposition stronger. With the increase in value transfer between these companies we can provide a greater value transfer to people. As the machine kicks in then this value transfer leads to profit. To increase the profit, the model scales upwards. This does not mean MaidSafe becomes Goliath, it means it grows the eco-system around it. This profit is invested, not in MaidSafe alone, but in the eco-system. Each member of the eco-system is as important as the other. I think of this like grass growing, the single tall stem will be blown over as there is no protection, but if it shares food and light with those around it then it can grow tall with others around it for protection. This blade of grass (or company) is then a catalyst for a field of success. This strength allows more profit as the thing picks up.

Many companies would love this and maybe even profess to be doing it, but the difference is important. Like the consumer approach, each business needs to be openly ethical with each other business. People will go bad and greed can set in, in an open society this greed will be detected and removed quickly. This keeps strength in the system. So growing a large successful eco system and profiting will also need the same openness and provable ethics. The members of this system though will be both profitable and these profits will come from actually providing value.

A good nights sleep can be obtained with success that comes from smiling faces!

You cannot buy back ethics. No point in becoming amazingly rich at the pure expense of others and giving to charity then. It may be best to share as you grow. It may prove easier, stronger and more fulfilling, we will see.