Patricia Aas is a C++ programmer and security expert who currently works for TurtleSec. She is concerned about issues like election security, privacy, and the lack of oversight and regulation in the technology industry. She believes technology has introduced fragility to important systems like democracy. However, most people do not understand the implications of technological issues and journalists struggle to explain the problems to the general public. This leaves the industry unregulated and unable to have meaningful public debates around ethics and social impacts.

1. @pati_gallardo
Turtle
Sec
@pati_gallardo

2. @pati_gallardo
Patricia Aas
C++ Programmer, Application Security
Currently : TurtleSec
Previously : Vivaldi, Cisco Systems, Knowit, Opera Software
Master in Computer Science
Pronouns: she/her
@pati_gallardo
Turtle
Sec

3. @pati_gallardo
My hobbies include:
- Reading election documents
- Petitioning more documents
- Imagining how to hack elections
3

4. @pati_gallardo
I’m not cynical.
I’m an idealist.
I believe in democracy.
4

5. @pati_gallardo
I also believe that election processes
have become more fragile,
even broken,
through the introduction of computers.
5

6. @pati_gallardo
6
So I am
Annoying
As a Service

7. @pati_gallardo
Embedded Ethics
EuroBSDcon 2019
Patricia Aas
@pati_gallardo
Turtle
Sec

8. @pati_gallardo
We have made a digital world
and we made everyone live there.
@pati_gallardo
8

9. @pati_gallardo
They never had a choice.
@pati_gallardo
9

10. @pati_gallardo
And we have failed
to make them literate
in this world.
@pati_gallardo
10

11. @pati_gallardo
When we fail them,
they often don’t even understand
how we failed them.
@pati_gallardo
11

12. @pati_gallardo
Most journalists I talk to about election security
never write anything.
They don’t understand what I’m saying.
They don’t understand the implications.
And if they do,
they don’t understand
how to communicate it to regular people. 12

13. @pati_gallardo
We made a digital world.
And we struggle to protect it
because those that make decisions
don’t understand it.
We sold a story that it’s magic.
And now we can’t explain what’s wrong.
13

14. @pati_gallardo
We can’t explain
how we sold their privacy.
@pati_gallardo
14

15. @pati_gallardo
We can’t explain
how we broke democracy.
@pati_gallardo
15

16. @pati_gallardo
We can’t explain
how we embed devices in their bodies
that we don’t fully understand
and we are not fully protecting.
@pati_gallardo
16

17. @pati_gallardo
We can’t explain
how this white male dominated industry
keeps on creating things
that are unsuited for people of color or women.
17

18. @pati_gallardo
We can’t explain,
because they don’t understand
what we’re saying.
18

19. @pati_gallardo
They don’t understand
what we’re saying...
@pati_gallardo
19

20. @pati_gallardo
...they don’t even believe us
@pati_gallardo
20

21. @pati_gallardo
21
Social ConsciousInnate
Workplace
culture
National Culture
We don’t do that
Right vs Wrong

22. @pati_gallardo
The Principle of Social Proof
22
“Nobody else is
saying anything?”
“We’ve always
done it this way!”
“These people seem
to think this is fine!”

23. @pati_gallardo
Pluralistic Ignorance
23
If it was bad, someone
would have said something!
The Principle of Social Proof leads to...

24. @pati_gallardo
If you are told by your boss
to do something unethical,
but legal,
what recourse do you have?
@pati_gallardo
24

25. @pati_gallardo
We argue.
We do it.
Or we quit.
@pati_gallardo
25

26. @pati_gallardo
In the VW case
an engineer went to jail.
@pati_gallardo
26

27. @pati_gallardo
“I was following orders”
is never going to win a trial.
@pati_gallardo
27

28. @pati_gallardo
How are we going to protect
whistleblowers?
28

29. @pati_gallardo
How are we going to protect
whistleblowers?
29

30. @pati_gallardo
How are we going to protect
whistleblowers?
30

31. @pati_gallardo
How do other disciplines do it?
@pati_gallardo
31
They made Codes of Ethics
enforced by Unions or
Professional Associations

32. @pati_gallardo
We have no code of ethics.
We have no body to evaluate ethics.
32

33. @pati_gallardo
Do we even know
if we are harming people
or democracy?
33

34. @pati_gallardo
We are making products to “protect” children,
that are used
to control and abuse intimate partners.
@pati_gallardo
34

35. @pati_gallardo
We are making image recognition software
that is used
to identify protesters.
@pati_gallardo
35

36. @pati_gallardo
We are building infrastructure
on hardware we can’t inspect,
with binary blob drivers and firmware.
36

37. @pati_gallardo
Talking with people that make laws...
They don’t know how to regulate us.
They believe in our propaganda.
They believe in the objective truth of machines.
37
Regulation.

38. @pati_gallardo
There are some lights in the dark,
like GDPR.
@pati_gallardo
38

39. @pati_gallardo
But also so many false steps,
like the reversion of Net neutrality
or the EU copyright directive.
@pati_gallardo
39

40. @pati_gallardo
We are trapped in a situation where we are
incapable of regulating ourselves,
and unable to be regulated.
40

41. @pati_gallardo
We are not able to have a public debate,
because the informed reporting is
practically non-existent.
41

42. @pati_gallardo
Why did we not teach the population?
Does that even scale?
Can we teach them now?
42

43. @pati_gallardo
In the 90s Norway had
“Hjemme PC Ordningen” and “Datakortet”
which were attempts at making the population computer
literate.
But did we interpret that computer literacy too narrowly?
Today most people can use a computerized device
- but do they understand it?
43

44. @pati_gallardo
The problems in tech are
fundamental.
@pati_gallardo
44

45. @pati_gallardo
But difficult to grasp.
@pati_gallardo
45

46. @pati_gallardo
ACM Code of Ethics and Professional Conduct
1.2 Avoid harm.
46

47. @pati_gallardo
How did other professions
regulate themselves?
@pati_gallardo
47

48. @pati_gallardo
Norway has a history of powerful unions.
We could make a common Ethics Board.
We could protect whistleblowers.
48

49. @pati_gallardo@pati_gallardo
49
How can you break through
Social Proof?

50. @pati_gallardo
- Could you justify this
to a journalist?
50

51. @pati_gallardo
- What will experts say?
51

52. @pati_gallardo
But if all else fails...
52

53. @pati_gallardo
If rationality doesn’t work...
53

54. @pati_gallardo
54
Perhaps try
Annoying
As a Service

55. @pati_gallardo
Turtle
Sec
@pati_gallardo

56. @pati_gallardo
Turtle
Sec
Questions?
Photos from pixabay.com
Patricia Aas, TurtleSec
@pati_gallardo

57. @pati_gallardo
● https://beta.legeforeningen.no/om-oss/Styrende-dokumenter/legeforeningens-lover-og-
andre-organisatoriske-regler/etiske-regler-for-leger/
● https://legeforeningen.no/Om-Legeforeningen/Organisasjonen/Rad-og-utvalg/Organisa
sjonspolitiske-utvalg/etikk/reglement-for-radet-for-legeetikk/
● https://lovdata.no/dokument/SF/forskrift/1996-12-20-1161
● https://en.m.wikipedia.org/wiki/Social_proof
● https://en.m.wikipedia.org/wiki/Pluralistic_ignorance
Resources @pati_gallardo
57