 Our next speaker will be Vesna talking about ethics in internet measurements. Hi everyone. I'm Vesna and I'm a techno addict. So as a community builder at RIPE NCC and as a hacker, I'm committed to questioning the values that we build into our communities and into our technologies. Technical is political. Technology is not politically neutral. Every time when we make a technical decision for design of our software, of our systems, of our hardware, those decisions have consequences. They have social consequences because they influence the distribution of power and privilege in the society. And the values and the points of view that we have, that we use in making those decisions reflect our ethics. As hackers, we used to be on the margins of the society. But since the internet has become more important in the life of a lot of people, users, normal people, everyday people, now we as hackers also have gained much more considerable power and now we have the responsibility to use that power for good. But what is good? So as a young scientist, as a young engineer, as a young hacker I used to believe that the internet is making the world a better place. And now, 20 years later, I'm afraid that the internet is actually helping to destroy the world. So I have been kind of torn between this bright side of this symbol where I've been thinking about the utopia that we are going to bring to the world and had this techno-optimist point of view and the more dystopian visions and the more techno-pessimistic point of view as of recently. And then I started studying ethics, which is this area in the middle. It's this gray line, it's this gray area on the edges of these decisions on the edges of these areas. And this is how I try to help to visualize it to myself and try to present it to you in this talk. So this talk is going to have three parts. First of all, I'm going to introduce the ethics and the dilemmas in the science and which areas of the sciences had to deal with these moral dilemmas in the past and currently. Then I'm going to explain on the example of Rape Atlas how we have dealt with these ethical dilemmas. And then finally, I'm going to talk about the predictions for the future or advice and tips for how we can go beyond technology. And only one of these parts is actually what I do for my work. So the first part and the last part are more something that I'm passionate about in my free time. So you will also see the difference between the quality in the preparedness and the facts that I have for this talk. But I have been studying these other areas a lot and a lot of material is available to you in the notes. The definition of ethics is a branch of philosophy which is studying what is good and what is evil. So this is actually very important for my way of thinking of how can we approach the internet and the development of the technologies. And so since I'm not a social scientist, I went and read a paper by a group of people who went into a workshop which was then produced results called Philosophy Meets Internet Engineering. And a lot of these conclusions are based on such a paper. And this is where I got my introduction to the practical ethics. And so in this paper it says there are three major ways of looking into ethical considerations. Consequentialism, the ontology and virtue ethics. And translated to kind of a five-year-old language is the first one is the ends justify the means. So if the consequences are good, then it's okay. It's fine. We are doing fine. The ontology is the opposite. It says the means should be good. The means should be moral. And then the consequences don't really matter. We can kind of disregard what the actual effects are. And the third one says if the actors are good, if you are a good person, then whatever you do, whichever means you use or whatever the consequences are, are going to be okay because they have been created by a good person. So you only have to make sure that you're a virtuous person. Now all of these approaches have their pros and cons. And it's kind of difficult to implement them in practice. So there are three ways to combine them. The principalism, pluralism and casuistry. And the principalism is mostly used with research of the human subjects. And it says, well, make sure that you are respecting these major principles. The pluralism says use multiple of these methods and combine them and try to get the best of both of all three. And casuistry says, well, let's look at the things on case-to-case basis. Let's not be so theoretical. Let's just look at these examples that we have and maybe the similar examples from the past and make decisions on case-to-case basis. So all of these can be applied to the internet research. If we look at the science from the neutral point of view, then we can look at these categories of sciences and we get the life sciences and the formal and physical and so on. And then there is applied sciences, which is mostly the technology that we are concerned with, like engineering, computer science. And all of them have ways of looking at them from the techno-optimist and techno-pessimist point of view. So the optimists say, science is wonderful. It's improving our lives. It's progress. It's bringing the advantages to all of us while the pessimists look at the darker sides. And so there are always in all of them dilemmas that people had to deal with. For example, nuclear scientists, they had to ask themselves, should we take part in developing the atomic bomb? Do we think that nuclear energy is beneficial or are there more dangers and how do we balance this? The similar thing for the medical sciences, of course there are advantages, but there has been a lot of ethical and moral dilemmas for the medical practitioners. And then there is environmental movement that brought up ethical questions in the usages of pesticides and fertilizers. And so these are some of the examples. And now we come to the examples closer to us from the computer sciences. So then there is cryptography and artificial intelligence, where the robots can actually bring us a lot of help, but they can also kill people. You can get cryptography for enhancing the privacy or it can be used for surveillance. And then you can use the databases to track people based on certain categories. And then the networking. So I will talk mostly about networking in the next slide. And there is also a programming side of the computer sciences. So here I don't really have to tell you and force them about the free software, but I had to include it into the slides for the completeness. So you could use the programming for freedom or you can use it for profit. And this also expresses your ethical values and it also embeds the ethical values in the software and how can it be used further. So in this way, the code is politics. And now for hackers. So the hackers have been seen as those people who are using technology in the unconventional way. So in the playful way, in the creative way or even in the disruptive way. So in that sense, the hackers have a very dialectic relationship with the technology. On one hand, the more tech, the more material for the hackers to hack and to play with. On the other hand, since they try to break it and try to use it for the unconventional purposes, they discover vulnerabilities, they discover the holes, they discover different ways in which technology can be used. But then that gets incorporated into the mainstream technology again and then it gets used for the mainstream goals. The ones that hackers didn't intend it to. So there is always this kind of power struggle between the hackers and the mainstream scientists and the technologists. And the ethical side of the hacking has been documented very well. This is just one of the examples. There are other ways to look at it. So the sharing and openness and freedom have been embedded into the ethics of hackers. And still this is a very positivistic view. So in the last part of this presentation I will come back to this and see how these hackers' ethics can actually be used on itself to question its own premises. So the hackers' ethics is very much connected with the early days of the Internet where the Internet was also supposed to bring us all the freedom and to connect us to each other to enable communication so that people are going to get greater understanding of each other and so the conflicts can be avoided if we would all be able to talk to each other. It's going to bring the freedom and the democracy to liberate us all. This is a very techno-optimistic point of view. But in the recent years there have been other sides of Internet technologies revealed and what do the technopassimists see when they look at the Internet nowadays? Well, there is the huge usage of energy which also includes the usage of fossil fuels and all the consequences that come from that. There is the exploitation of the people who are creating and building the Internet so the people who have to mine for the resources to build all of the equipment and the people who actually build our equipment and then there is the pollution of the environment. The Internet can help us to delete our differences but it actually also increases the differences and deepens the digital divide while in the first world gets the clouds and the shiny data centers. The third world children have to work in the mines and have to pick through our electronic waste. So this is another way to look at the effects of the technology. Then there is surveillance. I won't even go into this because this has actually been kind of predicted by the philosophers of technology in the 80s where they said that if a government would ask us to carry a device which can reveal our location at all times and it can listen to our conversations it can take photographs and then share them with authorities We would refuse that. We would even revolt against such an idea if it would have been brought from the political grounds but if it is presented to us as technical innovation well, we all have mobile phones nowadays. So this is also something to think about. How else is the political connected with the Internet? Well, there is Internet governance but this is a much larger topic. I can talk about this for an hour and you will probably have to come to Scha to the next Dutch hackers camp to hear me talk about this. So, Internet. In order to determine how the Internet functions we need to perform the measurements. Now, we are techies, we are engineers of course we can do measurements, we know how to do this but the measurements on the Internet are not only a technical problem anymore because the Internet has become this whole social technical system we do have to consider other things when conducting Internet measurements now and so this is why now the Internet engineers and the software developers and the researchers have to busy themselves with studying things like ethics. So, since we are more knowledgeable than the users that we are conducting these experiments on we have the responsibilities towards them so we have to explain to them what information are they sharing with us what kind of impact can they have and we have to get their consent but not just for them to click on the terms of services we have to get their meaningful informed consent they have to understand what they are signing if they are agreeing to that. So, that's one thing so we have to deal with people and even when designing the experiments we have to weigh the benefits for us and the costs that are probably not going to be born by us but by somebody else. So, for this we have to consider all these ethical considerations that I've been talking about and there is a helpful graph for this so if you are going to do the measurements on the Internet the papers that are referenced in my slides actually cover this so this is one of the diagrams that you can follow. Okay, so this was kind of the preparation for the example. Now, how many of you have heard about RIPE NCC? Great, how many of you have heard about RIPE Atlas before? It's kind of the same people and it's almost two-thirds but I have to do this very short introduction. So, RIPE NCC is one of the Internet registries regional Internet registry for Europe, Middle East and former Soviet Republic so this yellow part on the slide and there is four more regional Internet registries and so we embed the ethics in our work in a way that we are all not-for-profit organizations we are all open and transparent, we are neutral and we are governed by the communities, by our members and we are accountable to these members, to these communities. One of the main jobs of the regional Internet registry and RIPE NCC too is to distribute IP addresses so we distribute them in the hierarchical fashion we get them from Ayana and then we pass them on to local Internet registries which are mostly Internet service providers, corporations, banks, governments so large organizations that need a lot of addresses and then they give them further to their customers, to the end users and I'm only talking about IPv6 addresses because you all know that this is the current Internet protocol and the other one is a legacy one because there isn't any IPv4 left and yeah, good. So there are small bits and pieces that you can still get so there is one last block for every member of the RIPE NCC and that's it, so move on and get IPv6 I have to say this, it's not part of my talk. So RIPE Atlas, apart from distributing these IP addresses as a neutral organization, RIPE NCC is also performing Internet measurements so we have this platform for mapping the health of the Internet and we do that by distributing small hardware devices that are hosted by volunteers these hardware devices continuously do the ping trace route and DNS measurements towards critical Internet infrastructure the root name servers, we can collect that information, publish it so it's all open data and we visualize it as maps so that's why Atlas, so it's like a collection of maps about the reachability of critical infrastructure on the Internet so these devices perform measurements for us and for the Internet community but they also can perform the measurements for the other users of the RIPE Atlas system and so this is where part of our ethical considerations come into place because if you have one of these things at home you allow 10,000 other people to do the measurements from your house and you don't know them, they are not your friends they are actually connected to you only through this platform so this is what we had to have in mind when we were designing the RIPE Atlas the main goal is to measure the health of the infrastructure and to do the troubleshooting and monitoring of your own network but some people have been using it for looking at the detection of the network interference because that's also what happens like some people block parts of the Internet deliberately sometimes their outages and so on so although that was not the intended purpose for RIPE Atlas some researchers are actually using it for that and they have taken into consideration the fact that it wasn't meant for that and in their paper they actually have a large section about ethical considerations so if you're curious take a look at that one so how did we actually build all this into the design of the system at the beginning so we have decided to not measure bandwidth so we don't really look at your normal traffic we only generate extra traffic like pings and trace routes and that is so that we can claim that we don't have any access to the user's traffic that actually makes the value of the measurements and of the platform for certain purposes smaller because people actually want the bandwidth to be measured because they don't realize that if you measure their actual traffic you are going to interfere with that, you're going to make it slower and you can actually look into what is there so we decided not to do that so that's one thing, we only do active measurements then all the data that we collect is made public and it's freely available all the APIs that we use are also documented and freely available the source code of the measurements on the probe is there on GitHub and then the tools that we provide and that our users write are also free software and the last thing that I want to mention because then there are more things that are all published already on the FOSDEM interview page the measurements that those probes do are not freely configurable so you can only do the measurements that are already there which is being traced throughout DNS, SSL and so on so you can't tell to the probe or go and do this that won't work so we had deliberately limited the number of features so that the dangers to the users would be less we don't know all those users but some of them have cats and we really don't want any harm to come to those cats and this is also a photo of the probe itself so you can see the probe and you can also get the mandatory cat picture in a presentation so once we have come up with this system well it wasn't over we had to deal with all kinds of questions later on especially because we have a very critical community like you guys and so people kept saying wait a minute what do you mean you have to trust the code which is on that probe you want me to put a probe in my house but I can't actually see what it does so yeah we had to release the source code there was a talk about that last year at FOSDM then we wanted to make our life easier and to say all the measurements are public so we don't have to put a lot of work in protecting the data that people consider not public measurements and so we suggested that to our community and they didn't like it so we decided to actually keep the feature of non-public measurements and so that's still there so if you are deploying some new part of the data center and you want to do the measurements to that equipment but you don't want everybody to know immediately what the performance is or whatever some of those measurements can still be marked non-public they will be not easy to find through the ATLAS system but that's why we don't call them private because they're actually never going to be private-private then in 2015 we introduced HTTP measurements but we also kept them very limited they only can be done towards so-called ripe ATLAS anchors which are part of our infrastructure and are controlled by us so they cannot be performed by users to random websites on the internet this is a way to protect the users especially in the countries with oppressive regimes where if you would go to a forbidden website then there would be really harsh consequences for your life in real life so this is another way to deal with these dilemmas and then we also performed a security audit and the results are published on our website on this URL because our community is partially hackers and hackers are going to hack so we got a lot of reports of people opening the probe like oh yeah let's just see what it actually does and yeah it actually does what we say but sure go and check it out and so they were very nice to actually follow the responsible disclosure procedure first tell us what they have discovered and there were some bugs, there's always bugs so we fixed them and then we publish the report there yeah that's what you get with the critical community so we also have a lot of probes with hackerspaces if your hackerspace doesn't have one I will have some probes with me tomorrow or you can also just request them and then we will ship them to you so if you want to take part in the ones we already had for and there is another one coming up in Amsterdam or if you are a student or a researcher you can get help to present your work at the conferences that we organized the so-called ripe meetings you can apply if you are researching some of these topics or if you want to write a report about some project and so on and reach the right community we have a platform called Ripe Labs where you can publish that research do we take questions only at the end or now? how are we doing with that? now we move on, okay so this was the end of the official part and from now on the rest is just my opinions they are not opinions of my employer this is all on video hi boss so what I want to explore here is how do we go beyond the technological optimism and some of the advices that I kind of summarized from all the literature that I read preparing for this talk is question everything embrace alternatives, embrace diversity and build systems or take part in systems that support diversity, inclusion and protection of the users and of life on earth so very inspirational paper that I read was actually a transcript from a talk from a woman who hacked the hacker's ethic so she said well let's replace the hacker's ethics with the set of questions and they are really interesting questions like how do you ensure that the computers that access to the computer should be unlimited in total well to whom who gets to use your technology who doesn't get to use your technology how is what you are making making the access for some people more difficult or easier how is the information free which data are you using whose labor went into getting the data where it is and so on so all these questions are really interesting and I encourage you to contemplate on them when you are deciding about which project to take part in and what are the consequences of your project and your software for example how open and inclusive is the hacker's movement and if our community is very homogeneous as we can see actually even at looking at this room then how is the technology that we are making going to be inclusive and actually help everybody so to that extent this is a small web interface where you can change some parameters to create a different picture which stays on the screen but as a larger message to all of you I say let's hack patriarchy here are some other questions to use for conducting your network research on the internet so there is a lot of information here I won't let you read this I will let you read this one because it's big letters and it's easy to read so this is from a paper that was very very inspirational for me from Philip Rogerway it's Moral Considerations of Cryptographic Work and it's a very long paper and then he comes up with a lot of advices I have summarized them here for you and then there is like three that I want to stress take into consideration the ordinary people and their needs when you are developing your technology get the systems view the large view get the big picture and contribute to the commons now again here at FOSDEM I don't have to really tell you about the commons you know all about it but I like this picture because it also has the Yin and Yang sign so there you go and there is a lot of information in the notes now the other thing to consider is how would the internet look like if it would be built on the feminist ethics on the feminist principles and actually some of the technologists and the scientists and the engineers the female technologists and engineers got together a few years ago and came up with this document which is called the feminist internet and so again in the notes you can see the references to this and the logo is quite beautiful too and then there are all kinds of other movements and other alternatives that you can consider which have very similar principles and ethics to the hackers ethics so there is anarchism there is permaculture there is the ecological movement Buddhism, hippies so all of these subcultures and ethics are influencing or could be influencing our development of the technology and this is the quote from the paper that I just mentioned but then he quotes the Nobel Prize winner and his reception of the Nobel Prize he is a nuclear scientist and he has been calling out to his fellow scientists to take the responsibility for not destroying the world and not destroying all the other humans and I say well since we are there let's also make sure that we don't destroy squirrels because maybe our internet is not the only internet maybe there is also an internet of trees or the internet of Missalia and our way of looking at things doesn't have to be like this doesn't have to be the hierarchical way but it can be the decentralized way the way how the nature is the cyclical and so that we are not at the top of the hierarchy of life but we are part of life on this planet and so our technologies can be so inclusive that are also not harming and maybe even contributing to the life on this planet and so this is the message that I want to leave you with question everything embrace alternatives and contribute to the life on Earth thank you okay question everything start with questioning me okay perfect I really thank you for your talk I mean as a community or hackers, developers I'm a scientist okay computational chemistry it looks like an oxymoron but it exists I think at some point in your talk you trap past some things similar the difference between optimistic and pessimistic views of the world and I do not agree with you I mean it's not a matter of optimistic or pessimistic views it's a matter of responsibility the community how we interact with each other how we distribute our knowledge that's a very big problem to vulgarize I could say that it does not mean to make our stuff stupid for people who are not in our field it means how to communicate to them and my question is do you feel the hacker, scientist, developer communities do they question do they question so much the authority do they seek for power to change this world and not made so ugly something similar or do they go more and more kind of individualistic I mean I looked up a very few groups that question authority a collective way and not anyone with his or her or star own ethics that's a very good question and I think that you already answered it yourself so there are hackers that do but that do actually question authority and work into enabling other ways of distribution of power empowering those that are weak but I'm afraid that majority of hackers do not even think about that majority of hackers are more like technological thinker they like to play with technology and do not like to think about how is this technology used for political purposes and that can be dangerous because then all the advances that they make through their work through their tinkering can be then abused by those in power to get even more power and one of the positive one of the examples that actually do have that vision is a group that gave a presentation few years ago at the CCC congress which is a group called the Invisible Committee and they have now a book called To Our Friends which covers a lot of these questions and I would recommend that to you any other questions? Thank you very much for that talk let's be practical and so I'm maintaining an open source project what can I do practically to make sure that everything is ethical in this project are there some guidelines? Is there a manifesto or whatever? I'm sorry, I'm not sure I understood your question Do you know of a series of guidelines or a manifesto, something clear that can make me so I can be sure that I do everything I can ethically for my projects? Yes, so there are a lot of references in the notes of my slides and in the paper that we have published about the ethics in Rai Patlas measurements that is also reference from the FOSDEM talk there is not one paper you will have to read let's say 10 papers to see which one is relevant for your field of work and if it would be that easy to just put it in one paper we wouldn't have such a conference so there is a lot of thinking to be done and questioning so if you are concerned about something go deeper and deeper and ask questions of yourself of your colleagues of your bigger field until you are happy that you are actually doing the most ethical work possible So you mentioned IPv6 earlier of course it's a new standard and everything so I digged a little bit in the standard itself recently for developing proposals and so on and I discovered well I knew it partly but that it doesn't have nothing masquerading so basically you have a very huge number of IP addresses and you will end up probably having each device having an IPv6 like you have for Mac addresses so how does the RIPE or the IANA justify that because that's actually a tracking device Yes, so there is an RFC that actually describes how can you implement the security extensions for the IPv6 so you do not have to record the Mac address in the IPv6 address you can have the pseudo random number that hides your Mac address so then your IPv6 address is your identifier but your Mac address is not visible indeed your comment is you're still trackable by the IP well that can be solved by using some other security privacy whatever measures which I'm not an expert in but from the ethical point of view if you already had this discussion over lunch with somebody we can actually try to find all kinds of ways to go around the big brother or we can get rid of the big brother Hi, first thanks for your talk it was very interesting I have two questions for you and I'd like to have a short position on that the first thing is auto updating the Atlas Pro if you enable auto updates you're in the opportunity to who will penetrate the private network just by pushing a back door if you are not you are not able to fix a critical security vulnerability and the second thing I'd like to hear a position is the freedom of use in open source software it usually includes military use and I don't like this and this is my biggest problem with open source software so can you explain your position on these two issues please okay, yes, the first one I can the second one I would rather not so the first one it was do we have the automatic updates and how for the ripe Atlas firmware so they are pushed by us so that's the only way of updating so the probe the probe only connects to the centralized infrastructure by ripe NCC and when we decide that there has to be an update then we let the probe update itself so in the meantime if there are vulnerabilities then they are available there the probe is not updated so in that dilemma that you presented we have chosen one certain way and the other question is I think discussed very much as a topic at FOSDEM and I'm sure you can find people who are more knowledgeable than me but if you want my personal opinion then we can do that over beer okay if it's okay to the presenter I have a short reply to the second question sure but we have to hurry I know it's short it's basically it's your ethics that decides that it's not okay so you're asking for contributing giving to everyone except the bad guys but you're the one deciding who the bad guys are and well they should present the problem to you because yeah it's subjective always okay you can also have a conversation over beer there's a question over there and can we make that the last one okay I am active in community networks that act at a leader level and so internet is not made just from companies and customers there is also people who self-organize to get connected to the internet and community networks participate to a project that is said confined in the European community to take statistics they sound very similar to right patlas I would ask if there is in act some cooperation between right patlas and confined project yes thank you I'm very much interested in the cooperation and we can talk about it later okay thank you very much and go question things