1 / 15

SDI: A Violation of Professional Responsibility

SDI: A Violation of Professional Responsibility. D. L. Parnas. Introduction. SDI program announced in 1983 with the goal of making nuclear weapons impotent and obsolete “Star-Wars” – the solution was to be satellite-based

rhinkle
Download Presentation

SDI: A Violation of Professional Responsibility

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SDI: A Violation of Professional Responsibility D. L. Parnas

  2. Introduction • SDI program announced in 1983 with the goal of making nuclear weapons impotent and obsolete • “Star-Wars” – the solution was to be satellite-based • Parnas’ joined a $1000/day advisory panel tasked to develop a list of problems that needed to be solved to build the SDI system • Parnas findings: • It is unlikely that we could build a system that we could trust • It is not useful to build a system that could not be trusted • Parnas resigns over ethical and moral issues with the SDI program

  3. Trustworthiness is Essential! • If the USA could not trust the SDI system then the USSR could not assume the effectiveness of the SDI system • Result: A nuclear deterrence would still be necessary to compensate for SDI

  4. Trustworthiness and The Role of Computers • Software is needed to process data from the sensors and weapons in the family of SDI systems • If the software is not trustworthy the system will not be trustworthy • Program verification is unlikely, and program testing can only be used to show the presence of bugs, but not the absence of bugs • The system must work correctly the first time that it is used

  5. The SDI System is Difficult • Software is based on assumptions - If the assumptions are known, effective countermeasures could be developed rendering the system useless • Techniques for reliability don’t apply well to SDI - Redundancy assumes that the components are to a large part independent • Overloading the system would not be difficult – consider 1000 decoys for every real warhead • The system requires complicated coordination and reliable communications across multiple satellites

  6. Parnas Resigns – His Position against SDI • Parnas developed technical positions indicating that the SDI program goals were impossible (at least in the foreseeable future) • None of Parnas’ peers were able to disagree with his technical conclusions • Moral Dilemma • The SDI funding could be used to advance the computer science research even if the SDI goals were unattainable • Parnas resigns stating that he was unwilling to take money for something that he thought was impossible: “Taking money allocated for developing a shield against nuclear missiles, while knowing that such a shield was impossible, seemed like fraud to me”

  7. Spinning Parnas’ Concerns • “…there could be 100,000 errors in the software and it could still work correctly…” • Technically true, but these errors need to be carefully selected since it takes only 1 error for the entire system to fail • “…There is no fundamental law of CS that said that this problem could not be solved…” • Technically it is true that a perfect program could be created, but it is unlikely that we could trust the program until it has been proven to work correctly

  8. Spinning Parnas’ Concerns • “…if the program was developed in 3 layers, each 90% effective, the overall leakage would be less than 1%...” • The 90% number was arbitrarily chosen • Assumes the layers are independent, which they are not • It is not possible to rate the performance of each layer as a single percentage

  9. Spinning Parnas’ Concerns • Report by the Eastport Group • “…the software difficulties could be overcome using loose coordination” • Term not defined rigorously only stating that the system should reduce the communication requirements between stations • Later sections of the document contradict this claim by stating “the need for extensive communication in the battle-station network”

  10. Spinning Parnas’ Concerns • Assumptions made in the Eastport Group report • 1. Battle stations do not require data from other satellites to perform their functions • FALSE: Inter-satellite communication is required for tracking warheads • 2. An individual battle station is a small software project • FALSE: Each battle station must perform all of the functions of the entire system

  11. Spinning Parnas’ Concerns • Assumptions made in the Eastport Group report • 3. The only interaction between the stations is by explicit communication - The test results from a single station can be used to infer the behavior of the entire system • FALSE: (a)Interaction between the stations is also based on their shared targets (b)Failure of one station might overload the other stations (c)Only a real battle would give us confidence that other interactions between the stations would not occur

  12. Spinning Parnas’ Concerns • Assumptions made in the Eastport Group report • 4. A collection of communicating systems differs in fundamental ways from a single system • FALSE: A collection of communicating programs is mathematically equivalent to a single program – distributed systems tend to make the problem harder and not easier

  13. Other claims… • Decomposing a program into a set of smaller ones enables each one to be built and tested • Modular programming makes errors easier to correct, but does not eliminate errors • Failure of one component should not cause the other components to fail • Correct if the components are independent, which they cannot be to satisfy the SDI requirements • The Eastport report is correct by stating that the design needs to eliminate excessive inter-station communication, but the contractors are correct by stating that such a system could not be built without excessive inter-station communication

  14. Summary: Ethical Issues • The quality of SDI-related research is questionable because it does not go through the accepted scientific review process • Is it ethical to accept research money for objectives that one does not feel that are obtainable – even if that money is used to fund otherwise worthwhile research? • Treating the award of research funding like closing a business deal

  15. Summary: Ethical Issues • Academic institutions dependence on research funding – rewarding those who obtain funding from any source • Janusz Makowski – “Overfunded research is like heroin, it leads to addiction, weakens the mind, and leads to prostitution.”

More Related