[Fwd: IP: Fact Sheet on Export Controls on High Performance Computers]

Robert G. Brown rgb at phy.duke.edu
Thu Jan 11 14:50:12 PST 2001 

On Thu, 11 Jan 2001, Joseph A Del corso wrote:

> I know this may be way off base, but I figure I might as well
> throw the idea out there. (Perhaps this already exsists and I'm
> simply un-aware of it)
> In light of what I just read, I'm curious if it wouldn't benefit
> the open source community to form some kind of regulatory committee
> to (and I shudder at the thought of what I'm about to say) control
> the software being put out.  I realize that open source is a wonderful
> idea, but who takes the blame for the mis-use of software?
> While I don't have any examples to prove the point, I think the idea
> of "we just built the atom bomb, whatever people do with it is out
> of our hands" is kind of bogus.  A "hands off" approach to responsibility
> for software produced is wrong.
> My personal opinion, specifically for the open source community, is
> to take responsibility for regulating itself.  I realize this goes
> against the "open source" concept...

Sorry, this triggers a patented rgb autorant.  Hit "d" now if you could
care less about nuclear controls...;-)

...Still here?  Great.  Well.  Let's see...

The problem is that quite a lot of the software that can be used to
build a bomb is, at heart, totally generic numerical code.  Generic
hydrodynamics codes, for example, have plenty of "peaceful uses".  Are
optimizers, ODE and PDE solvers, curve fitters, potentially weapons?
Sure.  Is the Gnu Scientific Library potentially a lethal tool in the
wrong hands?  Absolutely.  In mine (or most of the better physicists I
know), for instance, if we decided to become a Mad Scientists instead of
just Slightly Crazed.

Building (or more properly, designing or simulating) a bomb is just
physics and engineering.  The exact same basic numerical software that
is used to all sorts of useful physics research can be combined into
nuclear fission physics codes.  The same CAD and engineering codes that
enable a commercial jet airliner to be built can be adopted to bomb
engineering.

Finally, regulatory committee's, ESPECIALLY in the open source community
(where a rougher and tougher crowd of rugged individualists would be
hard to come by) tend to be jokes from the beginning.  Like the
government's computer export policy, which have in reality done little
but protected US industry's infotechnological edge against all its
"dangerous" competitors in developing countries so that they remained
developing countries.  Are we now to try to deny them access to
numerical libraries and encryption libraries because our beloved
government has its head up its butt with respect to what one can keep
secret?

We're talking (for the most part) about controlling one of two things:

  a) Real nuclear bomb design-specific codes developed at e.g. Los
Alamos and protected by all sorts of laws from ANY sort of uncontrolled
exposure (which makes them sort of irrelevant to the open source issue
as they aren't and likely won't ever be -- they probably aren't even
copyrighted at all in the usual sense of the world as NOBODY has a
license but the government itself).

  b) Some amorphous, unspecified (and virtually unspecifiable) set of
tools and ideas that are and have been in the literature for years but
which can be combined into the codes used in a) by a creative team of
physicists and computer guys just like the ones that built the ones in
a) in the first place.  This TOO is irrelevant to the open source
community.  We're talking >>algorithm<< here, not implementation, and
seriously, solving physics problems of absolutely any degree of
complexity is a matter of slowly connecting absolutely prosaic numerical
tools to solve all the various integrals and solve the differential
equations and sample all the stochastic processes that occur in its
description.

After all, what do the folks who WROTE the protected codes have that
isn't readily available in the intellectual marketplace?  I'll tell you
what -- a job where they were being paid to write nuclear codes (and
hence the motivation and support to do so).  It's not like half the
folks on this list couldn't go to work there and understand their codes
in a few weeks study.

If we wanted to prevent Iraq from building bombs, we'd be better off
restricting their export of students into nuclear physics and computer
science programs in modern universities.  We didn't (and don't) do
anything of the sort, and of course this probably wouldn't stop them
anyway unless we prevented the export of books or information of any
sort to the country.

I'm sorry, but I'm of the firm opinion that information, however
potentially deadly, is intrisically not controllable.  This isn't "just"
an opinion.  In a quantitative expression it becomes the second law of
thermodynamics in physics or Shannon's theorem in computer science or
even Bayes theorem in statistics.  Attempting to isolate information in
a universe with many channels for its transmission is fruitless.  Even
WITH all the controls on the "top secret" information on the bomb,
virtually all the important physics is developed, in detail, on the
various Nuclear Weapons Frequently Asked Questions sites around the
world, e.g.

http://www.enviroweb.org/issues/nuketesting/hew/Nwfaq/Nfaq0.html

Sure, this FAQ does not (as they make every effort to point out) contain
actual engineering specs, but jeepers, given the physics, the
engineering is basically easy.

IN CONCLUSION, if the government wants to continue to be a low grade
laughingstock in the computer community by trying to control the
uncontrollable (remember those shirts that contained the RSA code on
them in bar code form proudly bearing the logo "This Shirt is a
Controlled Weapon" or something equally inane?) they have my blessing to
proceed but I can't see any reason to emulate them.  For their next act
they can try damming a river with a fishnet or expectorating into the
teeth of a force 10 gale.  I just don't want them (or us, via our
regulatory kommisars) poking into the GSL, into OpenSSH, into GPG, and
so forth, even if it is absolutely correct that various open souce tools
can be used by the dark and evil for designing nuclear bombs and guided
missiles,or to hide drug dealers and kiddie porn scum from the questing
eyes of Carnivore (or whatever their nextgen websnoop turns out to be).

Where would this sort of attempt to control the means (because you fear
or despise the ends) end?  How many of our civil liberties would be
trampled in the meantime?  How much economic distortion would also
accompany this?  I can just see Microsquash arguing in court that
computer software needs to be a government regulated monopoly because
open source, unregulated (but dangerous) tools can otherwise fall into
the wrong hands.  After the historical realities of the Spanish
Inquisition and the McCarthy trials, a person would have to be a fool to
think that it couldn't happen...

So, while considering potential weapons of mass destruction, are we
going to restrict the human genome codes and data?  I shudder to think
of the potentialities of this information "in the wrong hands".  They
just about perfectly matches its potential (incalculable) benefits in
the right ones.  One day we might cure cancer, diabetes, heart disease,
because of unrestricted research.  On the other hand, we could also
drive the human race to extinction yet another way.  Overall, I'd
probably rather become extinct from a genetically engineered bioweapon
as this might give the lower primates a chance in another million years
or so, which won't happen if we go out with a nuclear bang or from
terminal pollution at the end of the approaching malthusian catastrophe.

How about recombinant DNA technology?  My wife was once upon a time
working on finding an effective vaccine for gonorrhea (a toughie with a
rapidly changing skin).  One day this sort of work might succeed and
tremendously benefit humanity.

OTOH, what's to stop somebody (using the same damn tools) from grafting
some creeping crud into the virus that causes the common cold?  Or human
E Coli?  Or figure out how to transform HIV from a not-particularly
contagious beastie into something that infects an entire crowd in a
second or two of casual contact (as pneumonic plague once did).  Or do
some similarly bad things to rabies, or smallpox, or plague, or
Jakob-Kruetsfeld (sp?) mad cow disease, or TB, or that same gonorrhea,
or...

Nothing, of course (to answer the rhetorical question) but coming up
with the will to do so.

We recently had playstation 2+'s as potential guidance systems discussed
on the list.  'nuff said.

There doesn't exist the plowshare that cannot be beaten into a sword.

So why try to regulate plowshares?

    rgb

-- 
Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu

More information about the Beowulf mailing list