Most people are not technical people. In fact, many people have a form of mental block where an issue that they would normally engage in becomes “too complex” simply by adding a computer or something technical to the discussion. Politicians and government bureaucrats are regular people this way, nearly turning their brains off as soon as you hit a certain threshold of technical jargon.
People with specific political agendas abuse this. They take what is really a policy question best left for political people to decide in a democratic society, and add in sufficient technical content which encourages political people to give up control over questions of policy. Policy debates around core new technology issues such as “DRM” and “Net Neutrality” are particularly prone to this type of corruption.
In all of these discussions there are two components: the existence of a technology that can enforce policy, and the question of who sets the policy. While it is true that the first component is a technical issue that is best left to technical people, the latter component is a political question that needs to be in the hand of the appropriate policy person.
An example of this dynamic can be seen in a ZDNet article by George Ou titled “Fixing the unfairness of TCP congestion control”. When a network is congested an algorithm is used to slow down some connections so that other traffic can get through. The technology needed to implement this algorithm is a technical question, but what policy this algorithm enforces is political. The author of this article makes the typical lobbying attempt to turn peoples minds off by claiming this is entirely a technical question, even making this false claim transparent by the title of one of the sections: “The politicization of an engineering problem”.
I may agree or disagree with the specific policy changes, but entirely reject the characterization of the policy as an engineering problem. In this specific case I have many questions relating to whether the policy is implemented by intermediaries or endpoints, given I believe we must retain the end-to-end design of the Internet. This is a conversation that requires appropriate political debate, and is not a technical question. This political debate will include discussions of whether the congestion problems can and should be solved in other ways, and whether incumbents such as the phone and cable companies have deliberately manufactured problem in order to justify other violations of the end-to-end design principle to politicians and regulators.
The same dynamic can be found in debates around “Trusted Computing” and the “Trusted Platform Module”.
As a technology, this is a chip that allows a device to be cryptographically locked down such that only software that is appropriately digitally signed will run. It also allows for something called “remote attestation” that allows a remote server to verify that a computer is only running known appropriate software.
There is quite a bit of policy that can be enforced by this technology, and what policy is legitimate or not is a political and not engineering question. For instance, if it is the owner of the computer that retains all the keys to the machine then this technology protects their property rights. It allows the owner of a computer to lock out intruders from being able to run unauthorized software, and allows the owner of a business to verify from a single server the integrity of all the computers they own on their network.
The same technology can be abused to allow a third party (possibly a manufacturer, or some other intruder) to lock down the hardware and disallow the owner from making software choices. This is something that should be clearly illegal under tangible property law. The same “remote attestation” can be abused by remote sites to impose specific software choices on customers, something that should be clearly illegal under competition (anti-trust) laws.
It is unfortunate that people don’t yet separate the technology from the policy that the technology can enforce. This has meant that technologies which can be very useful to protect computer security (such as the Trusted Computing hardware) is being given a bad reputation because of potential policy abuses. It has also allowed lobbiests to confuse politicians into deferring critical policy questions to engineers, as is being asked in the TCP congestion control article, as well as with far too many implementations of the 1996 WIPO treaties and legal protection for “Technical protection measures”.