First, he thrusts the knife in, then violently twists it -- "Accordingly I have authorised the thesis to be issued as a Computer Laboratory Technical Report. This will make it easier for people to find and to cite, and will ensure that its presence on our web site is permanent....". Classic.
On the one hand, I don't want to feed the pedantry. On the other hand, it's only a logical fallacy if it fouls an argument. In this case, it's not being used (so far as I can see) in the course of a direct argument. Here's the whole sentence:
> Cambridge is the University of Erasmus, of Newton, and of Darwin; censoring writings that offend the powerful is offensive to our deepest values.
It's not part of a syllogism. It's the author's statement of core values (as he sees them) of Cambridge. It's part of an explanation for why he won't do something, not an attempt to prove that he shouldn't.
either way, it's a fascinatingly shoddy, and unnecessary, argument that severely detracts from the otherwise fine argument. A simple, "this paper represents basic security research. We believe censoring basic research is wrong and harmful. Therefore we will not censor this research." would have done.
I think you misunderstood what I was trying to say. Not all discourse is argument. And not everything you say, even in the course of an argument, is itself argument. Here's the full paragraph which includes the mention of Erasmus and company:
>> Second, you seem to think that we might censor a student's thesis, which is lawful and already in the public domain, simply because a powerful interest finds it inconvenient. This shows a deep misconception of what universities are and how we work. Cambridge is the University of Erasmus, of Newton, and of Darwin; censoring writings that offend the powerful is offensive to our deepest values. Thus even though the decision to put the thesis online was Omar's, we have no choice but to back him. That would hold even if we did not agree with the material! Accordingly I have authorised the thesis to be issued as a Computer Laboratory Technical Report. This will make it easier for people to find and to cite, and will ensure that its presence on our web site is permanent....
I would say that nothing in the paragraph is anything like a formal argument. The author is not moving from premise to premise towards a conclusion. That whole paragraph is a piece of rhetoric, intended to display to the reader (the person the letter is addressed to and the rest of the world) the values of Cambridge University.
When I mentioned syllogisms above, I wasn't being glib or flip. That part of the letter doesn't belong in the category of argument[1]; it's epideictic[2]. Judging it by some list of logical fallacies is a category mistake.
I disagree that the original response was not an argument. I'd ask that you review Anderson's letter again. I'm also unsure why you are attempting to connect epideictic rhetoric (used in several places in the letter) to the logical flaw in question since the rhetoric you are raising occurs after the flaw in paragraph.
It's presented as an argument, it lists flaws in the UK Card Association's reasoning asking for censorship of the research. It presents a clear conclusion ~"we will not censor the thesis" supported by clearly labeled premises, specifically:
1) The Card Association incorrectly addressed the complaint so they are asking the wrong people to censor the thesis
2) Because powerful groups are against a research area is not reason to censor the work. I can see how one might find this premise confusing since he only dwells on it for the first sentence of the paragraph. The rest of the paragraph is composed of the logical flaw in question, and then epideictic rhetoric about the noble business of Universities followed by an FU statement that they are also going to ensure the thesis spreads far and wide in direct opposition to the complaint. In other words, the second paragraph is a mess.
The argument of the premise is simple and is in fact an admonition against the logical flaw the complainant is using "we are strong so you must do as we say", but Anderson blends and conflates it with rhetoric and the flaw, concluding "thus we have no choice but to back him, that would hold even if we did not agree with the material!"
3) The thesis is not new information anyways, so to ask for its censor makes no sense.
4) The source was not made available, so to the consumer of the thesis, they only have knowledge that the vulnerability exists, ergo they are asking to censor something that does not harm
5) The test of the thesis was not fraud, as the complainants claim, therefore asking for censorship under that claim makes no sense.
6) That the thesis exposes a vulnerability that undermines public confidence in the security of the system, but since the flaw has been apparently fixed, there is no reason to censor the thesis.
Conclusion) We will not censor the thesis because the logic of the premises hold true that the thesis should not be censored.
I do agree with you that the original response is not a formal logical argument in the strictest sense, and has elements of rhetoric (particularly in the 2nd premise), but it's clearly framed as at the very least a rational argument.
The letter in it's entirety are certainly not epideictic by any of my understandings of the term nor by your link. However, both the second and sixth premises contain elements of epideictic rhetoric. (btw, the presence of the logical flaw doesn't necessarily invalidate the 2nd premise since the passage is non-sequitur to the premise anyways!)
I think that's what you are trying to say here And not everything you say, even in the course of an argument, is itself argument. And I would agree with that sentiment. However, in this case, the sentence in question is clearly part of a logical argument and is a classic usage of a logical flaw.
I fully understand how Anderson would have written such a thing, impassioned as he must be over the issue. I actually found his argument persuasive and much milder in tone than I would have managed.
Dude, enjoy talking to computers. Your pedantic arguments display a stunning lack of how to convince humans.
Rhetoric is a tool that your opponents have mastered. If you fail to learn it, you may continue to be surprised at your inability to effect change, no matter how logical your arguments.
Funny thing to say on a site dedicated to building businesses using computers.
(and to the people here who've downvoted me such that I've just burned up 8 points of karma for simply pointing out there was a logical fallacy in the letter and who clearly don't understand what a logical fallacy looks like if it smacked them in the face, have a happy new year and I weep for you)
Maybe you're just wrong about this? I know, crazy, but that kind of stuff does indeed happen. No one is out to get you.
The authors refuse to give up a student because it contradicts their core values as exemplified by several academic predecessors. There's no appeal to authority here -- it's their beliefs, held for presumably many valid reasons. Pointing out that these values constitute a long-standing tradition at Cambridge is not the justification on which the argument rests; it's merely a lovely rhetorical ornament.
(Let me add that construing the paragraph as a syllogism from premises to a conclusion is rather silly, even though Cambridge happens to be the birthplace of analytic philosophy. There's a thing called pragmatics, and the notion of argument being more than underlying logical form hasn't been controversial for 40 years.
> Funny thing to say on a site dedicated to building businesses using computers.
Business, even the computer business, is overwhelmingly about people, not computers. If you cannot communicate effectively with people, you're doomed at business, even the tech business.
> or simply pointing out there was a logical fallacy in the letter
The problem here is that you're just reading the text of the replies, but not "reading between the lines". It's not that the responders can't see a logical flaw. Instead, they're seeing in your responses a broken model of how to convince people. They're trying to draw your attention to this, but you've been remarkably resistant to it, focusing only on the logical content of the argument.
> who clearly don't understand what a logical fallacy looks like if it smacked them in the face, have a happy new year and I weep for you
Oh please -- weep for your own naivete. These histrionics make you look inexperienced and oblivious to nuance.
Thanks for reminding me how far down HN has come in the last six months or so. Engineering, science, logic and rational thought is no longer a valuable concepts here. This site is now firmly rooted in constant appeals to emotion. It's not about right or wrong anymore, or even best, it's about feelings.
As telemachos points out, this is not an appeal to authority. The article does not claim that Darwin et al would support this research; it claims that it is consistent with the university's character to publish the work. Furthermore, this sentence reminds us that in prior cases where authority has sought to suppress the university's research, the release was justified by history. It's not a purely deductive argument, but it's impossible to make a statement about the world without relying on inductive examples.
> it claims that it is consistent with the university's character to publish the work.
that is not an appeal to authority.
The statement alone is sufficient for the argument, bringing in notable and revered historical figures does not improve the merit of his premise. He's saying, "it's in our character because of these notable authority figures". By definition it's an appeal to authority.
Why is this so hard to understand?
(meta-comment, seriously, what's with all the fucking downvotes? has nobody here ever seen a formal argument or a logical fallacy? I don't care if I burn karma for being wrong, but I'm not so what's the deal? If you downvoted and actually typed a response, please disregard my bitching (and yes I know the guidelines say I shouldn't say this kind of thing, but pg's going to have to establish some up/down mod guidelines one of these days, because clearly getting downvoted for making factual statements doesn't make any sense and it appears that this site is slipping again down the HN->reddit->digg->4chan slope again as recent posts about non-hackerish things are demonstrating))
seriously, what's with all the fucking downvotes? has nobody here ever seen a formal argument or a logical fallacy?
It's because you're being very persistent about reading something into the statement that really isn't there. Dropping well-respected names is not sufficient to make an appeal to authority. The speaker must also claim that the people named would support his position. Anderson does not do this. His use of those names is to point out Cambridge's prior history of supporting dissemination of information someone with power wishes to suppress. There is no appeal to authority, just a claim that this is how they roll. Why is this so hard to understand?
In my experience with several lawyers, many of them argue almost entirely from a position of logical fallacies -- better to win via confusion of the argument than win via logical argument.
Actually, appeal to tradition and appeal to precedent are subtly different things. "We must continue doing a thing because we have always done it" vs "In the past, the reasoning was sound to do a thing, perhaps it is still sound to continue doing that thing".
One absolutely fascinating debate I read online between a non-lawyer and a top-15 US law school dean more or less ended up with the non-lawyer demolishing the lawyer's arguments by assigning every argument to a list of logical fallacies. It was quite poetic. However, the dean kept arguing that the non-lawyer wasn't making legal arguments. Which gives me serious doubts that the legal system is based on logical or even just rational thought.
(if you are interested the debate is here between somebody called "Red County Bound" and "sandersmj", during the recent legal challenges over same-sex marriage, I found it to be one of the most illuminating arguments I could find online
http://www.brambletonian.net/forums/index.php?showtopic=1650... )
I don't see the reason for downvoting parent.
Full quote is "Cambridge is the University of Erasmus, of Newton, and of Darwin; censoring writings that offend the powerful is offensive to our deepest values", and first part struck me as completely irrelevant to the second part, somewhat unworthy of this otherwise well-convened letter.
In addition to that I don't see it as an "elegant way of giving finger", how mentioning of historic figures conveys the "finger message"?
Erasmus, Newton and Darwin all published writings which offended the powerful. Cambridge didn't censor that, and they seem to see that as a winning strategy.
Who knows...people tend to get offended when their reasoning is held to measure against rational thought for some reason.
Given that his argument is supposed to be "we are Cambridge, we have a tradition of logical and rational thinking we are proud of, this research is representative of that tradition, we think that it should not be censored" I found this errant line to really jump out at me.
Let's talk about the other side. Businesses have always acted this way when it comes to computer security (for at least the last 15 years, feel free to cite earlier examples). By now they probably understand that what they're doing is wrong, from a security perspective. They may even understand that issuing takedowns increases publicity. Still, business are sociopathic, they don't care about the legitimacy of their actions. They have a staff of lawyers they're already paying for, and a responsibility to defend trade secrets and protect their product base. So they marshal their lawyers, essentially for free, and maybe they get something out of the effort as a result. If they don't, nothing much was lost, and they generally don't care about their perception in the security community. Same old story. This incident is less about someone standing up to a bully and more about someone weathering another wave coming out of the ocean.
I think I see what you are saying, but I don't agree with the contrast you mention in your last sentence.
Consider: being sociopathic, not caring about the legitimacy of their actions, harassing someone when the risk to them is small -- how does this differ from being a bully?
We agree on your point. The company is being a bully. My issue is with the reception of the story. The larger picture is that frivolous takedown notices are issued all the time, and will continue to be issued willfully by companies until there is disincentive to do so.
Prof. Anderson's actions are commendable. I do not wish to detract from them. However, with the candor I hope a security researcher would appreciate, I point out that both parties probably expected this exchange would take place, and both parties understand Prof. Anderson's response is ineffective. (The Internet, however, may not.)
Prof. Anderson has successfully stood up to this organization, but he has only maintained parity. This kind of incident will repeat as long as companies believe they can get something out of it. Someone else will cave or will plain not know any better. The companies' goal is, basically, harassment, and they will continue to do it regardless of anything that's happened so far. So I guess my point is that I would rather see people discussing how to remedy this old situation than remarking on the letter, which while entertaining and well-written, is actually the signifier of a losing battle.
(unfortunately this is the last I can comment on this topic)
Nonetheless, I am delighted to note your firm statement that the attack will no longer work and pleased
that the industry has been finally been able to deal with this security issue, albeit some considerable time
after the original disclosure back in 2009.
To be fair I didn't read this the first time it was on HN - I'm inclined to think that the title of the post is more descriptive than the original, and its deserving front page material, even if it is a duplicate.
Although there were some fantastic lecturers at Cambridge who were somehow very terrible at getting the material across, but whose content/personalities were so enjoyable it was worth turning up anyway. I dare say it's the same everywhere.
Intentionally or unintentionally, this has got to be one of the best pieces of marketing for research inclined students and faculty that they could have ever produced.
So much so, that the skeptic in me thinks this was intentionally leaked.
I had always considered possibly applying to the University of Cambridge, and I know they are Ivy League...but this letter, firmly solidifies them as a contender for any higher education I might pursue.
I tend to disagree with the banks' assessment that it will undermine public confidence. The research gives the public one more piece of information to judge the risks for placing their money in a financial institution.
The banking sector as participants in a free market who frequently advocate for opening of more sectors of the economy to the free market (and rightly so) should be encouraging such research. The research gives consumers of banking services more accurate information to consider when deciding how accessible their money should be. Additional information allows consumers to make more informed choices regarding the trade offs between security and convenience. Banks could offer insurance to their customers to protect them against the risks while still keeping the benefits of increased convenience.
It's an opportunity for the banks to differentiate their services and cater to the needs of their customers. Yes, not having a PIN is less secure, but it's also more convenient, with proper positioning of their products banks should be able to offer tailored solutions that better address the needs of their customers.
Wouldn't it have been far nobler to approach the banks affected by the exploit with these findings rather than publishing schematics for the exploit into the public domain?
Based on their response it wouldn't be effective - they would just try to cover it up.
Plus it's likely it's already being used secretly by those with nefarious purposes, publishing just means the average person knowns about it - it's not likely to change how many actually use it.
No it doesn't? I'm not taking the side of the banks here, just trying to understand why the author took the approach he did. It's a shame that at times the HN community is one of single-mindedness where opposite views are met with immediate down-votes.
"Third, Omar’s thesis does not contain any new information on the No-PIN vulnerability. That was discovered by Steven Murdoch, Saar Drimer and me in 2009, disclosed responsibly to the industry, and published in February this year. It is not expected that an MPhil thesis contain novel scientific work."
Well I think you hit the nail on the head, that the disclosure isn't responsible. I'm all for bringing the flaws in chip-and-pin to the public attention, however I find it distasteful that a leading university publishing the schematics of a device that can be used to commit fraud, receives so much applause for this community.
I get the impression that this has captured the public mood of "sticking it to the bankers", when really Cambridge have gone about this one the wrong way.
My reading of the whole incident is that the exploit was disclosed (responsibly) to the banks 1 year ago and the banks have done nothing to fix the problem. Since then the professor (along with others) published a paper detailing the exploit. Finally the MPhil student cited the previously published paper in his thesis (it would be a crappy thesis to not reference current similar work)
At no point do I get the indication that the MPhil student was acting in a way that was 'irresponsible' - I don't know how you have come to that conclusion.
"Responsible disclosure" is a term with a specific meaning in the field of security, using the term is not equivalent to agreeing with it's implied meaning.
In fact, many would argue that responsible disclosure is anything but, since it has the tendancy tp maximize the amount of time the public is at risk.
All of this is ignoring the fact that this paper wasnt even disclosure at al...
Wouldn't have worked, in the same way that emailing Facebook and others, instead of releasing Firesheep wouldn't have worked (since they haven't fixed it even after Firesheep has been released, it's unlikely they would have paid much attention to a letter or email).
given the letter says that this is a known vulnerability
