Presentation is loading. Please wait.

Presentation is loading. Please wait.

SDI: A Violation of Professional Responsibility

Published byDayna Murphy Modified over 5 years ago

Similar presentations

Presentation on theme: "SDI: A Violation of Professional Responsibility"— Presentation transcript:

1 SDI: A Violation of Professional Responsibility
A presentation by: Rong Gu Cincy Francis Amitkumar Dhameja

2 SDI: A Violation of Professional Responsibility
Contents: SDI – An Overview Parnas & SDI The Role of Computers The Decision to Act Some Critical Issues Broader Questions Parnas’ Advice Questions Our Opinion

3 SDI - An Overview Strategic Defense Initiative:
A U.S. government program responsible for research and development of a space-based system to defend the nation from attack by strategic ballistic missiles Popularly referred to as “Star Wars” Announced by President Ronald Reagan in a speech in March of 1983

4 SDI - An Overview Strategic Defense Initiative:
Administered by the Strategic Defense Initiative Organization (renamed Ballistic Missile Defense Organization, 1993) Under Department of Defense, assisted by NASA

5 SDI - An Overview SDI Aims:
To develop a network of satellites carrying sensors, weapons and computers To detect ICBMs and intercept them in mid-air To free us from the fear of nuclear weapons, and make nuclear strategic missiles impotent and obsolete

6 SDI - An Overview - President Ronald Reagan
“Some say it will bring war to the heavens. But its purpose is to deter war in the heavens and on earth. Now some say the research would be expensive. Perhaps, but it could save millions of lives, indeed, humanity itself.” - President Ronald Reagan When these words from?

7 SDI – A Software Classification
Four Classes of Usage Man-rated: Software so important and critical that lives may depend on it. Examples: SDI, ATC, Medical device software Enterprise-rated: Software critical to the uninterrupted operation of an enterprise. Examples: ATMs, Web-commerce software.

8 SDI – A Software Classification
Four Classes of Usage Good-enough: Business software not critical but maybe used frequently. Examples: Personal productivity applications, much client & single user software Don’t-care: Non-critical, business or personal entertainment software. Examples: Games, seldom used utilities

9 Parnas & SDI Parnas’ Involvement in SDI :
Approached by the SDIO in May of 1985 $1000/day SDIO Panel on Computing in Support of Battle Management Resigned 2 months later Dr. Parnas, at that time a professor of University of Victoria in British Columbia, was one of nine scientists asked by the Strategic Defense Initiative Office to serve at $1,000 a day on the "panel on computing in support of battle management". (The other members ???) He resigned on June, submitted resignation letter and 17 accompanying memorandums to explain ‘that it would never be possible to test realistically the large array of computers that would link and control a system of sensors, antimissile weapons, guidance and aiming devices, and battle management stations. Nor, he protested, would it be possible to follow orthodox computer program-writing practices in which errors and "bugs" are detected and eliminated in prolonged everyday use. ... On 7/12/85, NY Times pusblished the News that Parnas resigned from the panel. "I believe," Professor Parnas said, "that it is our duty, as scientists and engineers, to reply that we have no technological magic that will accomplish that. The President and the public should know that." ...

10 Parnas & SDI Professional Responsibility: A professional
Is responsible for his own actions and cannot rely on any external authority to make his decisions for him Cannot ignore ethical and moral issues Must make sure that he is solving the real problem, not simply providing short-term satisfaction to his supervisor Shouldn’t hesitate to “blow the whistle” Parnas did that based on his resposibility of a professional

11 Parnas & SDI Parnas’ Early Doubts:
Whether any such system could meet the requirements Possible conflict of interests Whether such a system would be trustworthy Would it be useful to build a system we did not trust

12 Parnas & SDI Why trustworthiness is essential:
If the system is not trustworthy US will not abandon deterrence and nuclear missiles Seeing both a “shield” and missiles, USSR would feel impelled to improve its offensive forces US not trusting its defense, would join in, in the arms race Result – a more dangerous world, instead of a safer one

13 The Role of Computers Computers must:
Process and analyze vast amounts of data produced by the sensors Detect missile firings, determine source, compute trajectories Discriminate between warheads and decoys Aim and fire the weapons Software is the glue that holds the system together, if software is not trustworthy, the system isn’t either!

14 The Role of Computers Limits of Software Technology:
Lack of validation methods mean we cannot expect a real program to work properly the first time it’s used Tests/simulations fail to uncover all serious problems Reliability & trustworthiness – only through extensive use.

15 Why Software for SDI is Difficult
Based on assumptions about target and decoy characteristics controlled by attacker Espionage could render it worthless, so could overloading Dependence on communicating computers in satellites makes it vulnerable

16 Why Software for SDI is Difficult
A satellite will require data from other satellites to assist in tracking, discrimination & countering noise Realistic testing of hardware & software through “practice” nuclear wars impossible MUST WORK THE FIRST TIME

17 The Decision to Act Some reasons Parnas got in support of SDI:
Research money would advance the state of computer science! The money was going to be spent anyway and Parnas should help to see it well spent! There could be 100,000 errors in the software and it would still work properly!

18 The Decision to Act Some reasons Parnas got in support of SDI:
There was no fundamental law of computer science that said the problem could not be solved! Parnas – and other SDI critics – are demanding perfection!

19 The Decision to Act Parnas Resigns…
Found no scientist who disagreed with his conclusions Every reply argued with statements other than those Parnas had published “Taking money allocated for a shield against nuclear missiles, while knowing that such a shield was impossible, seemed like fraud to me” – Parnas

20 Some Critical Issues The “90%” Distraction
3 layers, each 90% effective – overall leakage is less than 1% as effectiveness multiplies Parnas reveals 90% figure picked for illustration Assumes performance of each layer is independent of others Percentage???

21 Some Critical Issues The “Loose Coordination” Distraction (Eastport Group, Dec. 1985) Phase I architectures – excessively tight coordination between “battle stations” Software difficulties could be overcome with loose coordination New Phase I studies be started

22 Critical Issues The “Loose Coordination” Distraction Parnas Argues
Loose coordination – reduced communication between stations Later sections discuss need for extensive communication – Inconsistency

23 Critical Issues Eastport Group’s Unstated Assumptions
Battle stations do not need data from other satellites to perform their functions  False!!! Data from other satellites is essential for accurate tracking and discrimination between warheads & decoys

24 Critical Issues Eastport Group’s Unstated Assumptions
An simple battle station is a small software project that will not run into software difficulties described before  False!!! Each battle station is unlikely to work, impossible to test, impossible to trust

25 Critical Issues Eastport Group’s Unstated Assumptions
The only interaction between the stations is by explicit communication  False!!! Communication through weapons, sensors and through shared targets. Weapons, destruction of targets creates noise.

26 Critical Issues Eastport Group’s Unstated Assumptions
A collection of communicating systems differs in fundamental ways from a single system  False!!! A collection of communication programs is mathematically equivalent to a single program. In practice, distribution makes the problem harder, not easier

27 Some Critical Issues 1985 CPSR-MIT Debate: David Parnas,
Joseph Weinazenbaum (Against SDI) v.s. Charles Seitz, Danny Cohen (In favor of SDI) Computer professionals for social responsibility and MIT LCS sponsored a debate at MIT Kresge Auditorium, attracted 1300 attendance. Featuring 5 members of SDI computing panel. Michale: PhD '64 of MIT Speak against SDI: - David Parnas:University of Victoria in British Columbia - Joseph: prof. of MIT Speak in favor pf SDI: - Charles: California Institute of Technology (Caltech) - Danny: University of Southern California (USC), chair of SDIO Parnas - first speaker. He resigned because: "SDI cannot meet its advertised goals," and because "SDIO is not a good mechanism for funding research." Parnas’s argue: Since: Specifications cannot be known in advance (because enemy controls factors such as target/decoy features, attack load and structure..) Realistic testing is essentially impossible (because, for example, link/node failures under attack are not known in advance) Hard real-time deadlines do not allow repair during use (attack is over in minutes) No foreseeable advance in software tech changes this (not language, methodology, …) Therefore – It is not possible to construct SDI software that you could trust to work. Which is proper conclusion of his technical argument? U.S. should not pursue SDI. SDI will make U.S. weaker. It is not possible to build trustworthy SDI software. Weinazenbaum’s argue: Weizenbaum also opposes the political aspects of the system. He said it is just a "technological fix of the grandest possible order" to a "political, social and cultural problem, in other words, a human problem." The arms race and threat of nuclear destruction is not a technical problem, Weizenbaum said. it will escalate the arms race Charles Seize’s argue: The current objective of SDI is to conduct the vigorous research necessary to build a defense system such a system can be written using conventional software techniques coupled with radical hardware architecture This will greatly aid in the testing, simulation and modification of SDI Cohen’s argue: He explained no one really knows the specifications of SDI and the research team must find them. Development of the software is not rendered impossible by difficulties in writing it, he said. Everything that works now has bugs, Cohen said in response to Weizenbaum's statement about the present lack of specifications. Computer architecture will have a significant impact on making the entire system work, he concluded.

28 Some Critical Issues Parnas’ arguments:
Specifications cannot be known in advance Realistic testing is essentially impossible Hard real-time deadlines do not allow repair during use No foreseeable advance in software tech changes this Therefore – It is not possible to construct SDI software that you could trust to work Computer professionals for social responsibility and MIT LCS sponsored a debate at MIT Kresge Auditorium, attracted 1300 attendance. Featuring 5 members of SDI computing panel. Michale: PhD '64 of MIT Speak against SDI: - David Parnas:University of Victoria in British Columbia - Joseph: prof. of MIT Speak in favor pf SDI: - Charles: California Institute of Technology (Caltech) - Danny: University of Southern California (USC), chair of SDIO Parnas - first speaker. He resigned because: "SDI cannot meet its advertised goals," and because "SDIO is not a good mechanism for funding research." Parnas’s argue: Since: Specifications cannot be known in advance (because enemy controls factors such as target/decoy features, attack load and structure..) Realistic testing is essentially impossible (because, for example, link/node failures under attack are not known in advance) Hard real-time deadlines do not allow repair during use (attack is over in minutes) No foreseeable advance in software tech changes this (not language, methodology, …) Therefore – It is not possible to construct SDI software that you could trust to work. Which is proper conclusion of his technical argument? U.S. should not pursue SDI. SDI will make U.S. weaker. It is not possible to build trustworthy SDI software. Weinazenbaum’s argue: Weizenbaum also opposes the political aspects of the system. He said it is just a "technological fix of the grandest possible order" to a "political, social and cultural problem, in other words, a human problem." The arms race and threat of nuclear destruction is not a technical problem, Weizenbaum said. it will escalate the arms race Charles Seize’s argue: The current objective of SDI is to conduct the vigorous research necessary to build a defense system such a system can be written using conventional software techniques coupled with radical hardware architecture This will greatly aid in the testing, simulation and modification of SDI Cohen’s argue: He explained no one really knows the specifications of SDI and the research team must find them. Development of the software is not rendered impossible by difficulties in writing it, he said. Everything that works now has bugs, Cohen said in response to Weizenbaum's statement about the present lack of specifications. Computer architecture will have a significant impact on making the entire system work, he concluded.

29 Some Critical Issues Steitz’s arguments:
The current objective of SDI is to conduct the vigorous research necessary to build a defense system Such a system can be written using conventional software techniques coupled with radical hardware architecture This will greatly aid in the testing, simulation and modification of SDI Computer professionals for social responsibility and MIT LCS sponsored a debate at MIT Kresge Auditorium, attracted 1300 attendance. Featuring 5 members of SDI computing panel. Michale: PhD '64 of MIT Speak against SDI: - David Parnas:University of Victoria in British Columbia - Joseph: prof. of MIT Speak in favor pf SDI: - Charles: California Institute of Technology (Caltech) - Danny: University of Southern California (USC), chair of SDIO Parnas - first speaker. He resigned because: "SDI cannot meet its advertised goals," and because "SDIO is not a good mechanism for funding research." Parnas’s argue: Since: Specifications cannot be known in advance (because enemy controls factors such as target/decoy features, attack load and structure..) Realistic testing is essentially impossible (because, for example, link/node failures under attack are not known in advance) Hard real-time deadlines do not allow repair during use (attack is over in minutes) No foreseeable advance in software tech changes this (not language, methodology, …) Therefore – It is not possible to construct SDI software that you could trust to work. Which is proper conclusion of his technical argument? U.S. should not pursue SDI. SDI will make U.S. weaker. It is not possible to build trustworthy SDI software. Weinazenbaum’s argue: Weizenbaum also opposes the political aspects of the system. He said it is just a "technological fix of the grandest possible order" to a "political, social and cultural problem, in other words, a human problem." The arms race and threat of nuclear destruction is not a technical problem, Weizenbaum said. it will escalate the arms race Charles Seize’s argue: The current objective of SDI is to conduct the vigorous research necessary to build a defense system such a system can be written using conventional software techniques coupled with radical hardware architecture This will greatly aid in the testing, simulation and modification of SDI Cohen’s argue: He explained no one really knows the specifications of SDI and the research team must find them. Development of the software is not rendered impossible by difficulties in writing it, he said. Everything that works now has bugs, Cohen said in response to Weizenbaum's statement about the present lack of specifications. Computer architecture will have a significant impact on making the entire system work, he concluded.

30 Some Data on SDI TOP 10 SDI contractors 1983-1986:($Thousand)
Major contracts for missile defence have gone to the same companies that produce US nuclear weapons – another conflict! SDI contracts are also strongly concentrated on a geographical basis: 83 per cent of them has gone to five states: California (with 44 per cent of all SDI expenditure), New Mexico (with the Los Alamos and Sandia National Laboratories), Massachusetts (with the MIT Lincoln Laboratory), Alabama (with the Army Strategic Defence Command) and Washington (with Boeing) (The Economist, 15 November 1986, p.23; Council on Economic Priorities 1987). Source: Council on Economic Priorities 1987

31 Some Data on SDI Distribution of requested SDI funding in major research areas in FY1985:($ Million) Source: Waller et al. 1986: 15

32 Broader Questions Is SDIO sponsored work of good quality?
Phase I studies – Eastport vs. SDIO contractors/evaluators Big promises, low quality Bypasses scientific review processes, no real scientific contribution Examples: Atomic bomb porjects

33 Broader Questions Do those who take SDIO funds really disagree with Parnas? Remember the reasons Parnas got in support of SDI? The blind led by those with their eyes shut Often people indulge in unprofessional behavior just to not displease the customer Examples: Atomic bomb porjects

34 Broader Questions The role of academic institutions Institutional pressures in favor of accepting research funds from any source A researcher judged on his ability to attract funds DoD is a major administrator of research funds – consequently many institutions are working on SDIO Examples: Atomic bomb porjects

35 Broader Questions Parnas says
Should we pursue SDI for other reasons? Parnas says “Good research stands on its own merits; poor research must masquerade as something else” “Over funded research is like heroin, it leads to addiction, weakens the mind, and leads to prostitution” – Prof. Janusz Makowski Examples: Atomic bomb porjects

36 Parnas’ Advices Determine participation in defense projects by:
Considering effectiveness of project Prioritizing legitimate defense interests of the country Emphasizing individual responsibility

37 Our Opinion Is SDI really impossible???
As our technologies evolve the system becomes more realistic Present systems show some signs of success Reliability/trustworthiness can be achieved through testing Testing can be done via computer simulations (e.g. Nuclear Tests are no longer necessary) Changes in hardware (Sensors, weapon delivery systems, etc.) can compensate for no advances in Software technology Better algorithms should be developed to counter noise, detect decoys, etc. “SDI is the way to go” – Amit, Cincy, Rong

38 Questions Last question: -- how is this rabbit related to Dr. Parnas

Download ppt "SDI: A Violation of Professional Responsibility"

Similar presentations

Gorilla Systems Engineering versus Guerilla Systems Engineering Keith A. Taggart, PhD James Willis Steve Dam, PhD Presented to the INCOSE SE DC Meeting,

Gorilla Systems Engineering versus Guerilla Systems Engineering Keith A. Taggart, PhD James Willis Steve Dam, PhD Presented to the INCOSE SE DC Meeting,
W5HH Principle As applied to Software Projects

W5HH Principle As applied to Software Projects
Applied Software Project Management INTRODUCTION Applied Software Project Management 1 5/20/2015.

Applied Software Project Management INTRODUCTION Applied Software Project Management 1 5/20/2015.
CS575 - Software Design SDI: A Violation of Professional Responsibility A presentation by: Rong Gu Cincy Francis Amitkumar Dhameja.

CS575 - Software Design SDI: A Violation of Professional Responsibility A presentation by: Rong Gu Cincy Francis Amitkumar Dhameja.
1 “Star Wars” Revisited A Case Study In Ethics and Safety-Critical Software Professor Kevin W. Bowyer University of Notre Dame Copyright, Kevin W. Bowyer,

1 “Star Wars” Revisited A Case Study In Ethics and Safety-Critical Software Professor Kevin W. Bowyer University of Notre Dame Copyright, Kevin W. Bowyer,
Lincoln-Douglas Debate An Examination of Values. OBJECTIVES: The student will 1. Demonstrate understanding of the concepts that underlie Lincoln-Douglas.

Lincoln-Douglas Debate An Examination of Values. OBJECTIVES: The student will 1. Demonstrate understanding of the concepts that underlie Lincoln-Douglas.
SDI: A Violation of Professional Responsibility David Parnas Presented by Andres Ramirez.

SDI: A Violation of Professional Responsibility David Parnas Presented by Andres Ramirez.
Software Engineering Code Of Ethics And Professional Practice

Software Engineering Code Of Ethics And Professional Practice
(c) 2007 Mauro Pezzè & Michal Young Ch 1, slide 1 Software Test and Analysis in a Nutshell.

(c) 2007 Mauro Pezzè & Michal Young Ch 1, slide 1 Software Test and Analysis in a Nutshell.
Applied Software Project Management 1 Introduction Dr. Mengxia Zhu Computer Science Department Southern Illinois University Carbondale.

Applied Software Project Management 1 Introduction Dr. Mengxia Zhu Computer Science Department Southern Illinois University Carbondale.
Introduction to Systems Analysis and Design

Introduction to Systems Analysis and Design
Lecture 1.

Lecture 1.
1 “Star Wars” Revisited A Case Study In Ethics and Safety-Critical Software Professor Kevin Bowyer University of Notre Dame Copyright, Kevin W. Bowyer,

1 “Star Wars” Revisited A Case Study In Ethics and Safety-Critical Software Professor Kevin Bowyer University of Notre Dame Copyright, Kevin W. Bowyer,
Section 2: Science as a Process

Section 2: Science as a Process
Achieving Better Reliability With Software Reliability Engineering Russel D’Souza Russel D’Souza.

Achieving Better Reliability With Software Reliability Engineering Russel D’Souza Russel D’Souza.
How to Read Research Papers? Xiao Qin Department of Computer Science and Software Engineering Auburn University

How to Read Research Papers? Xiao Qin Department of Computer Science and Software Engineering Auburn University
LABORATORY MANAGEMENT The Administrative Process.

LABORATORY MANAGEMENT The Administrative Process.
1 Overheads from Parnas’ Presentation The next slides are transcribed versions of (most of) the transparencies in Parnas’ presentation.

1 Overheads from Parnas’ Presentation The next slides are transcribed versions of (most of) the transparencies in Parnas’ presentation.
Doctoral Seminar 2007 Debrup Chakraborty. All proceedings in this class would be in English. It is unfortunate that most scientific proceedings today.

Doctoral Seminar 2007 Debrup Chakraborty. All proceedings in this class would be in English. It is unfortunate that most scientific proceedings today.
Can North Korea Build More Nuclear Weapons?. A North Korean People’s Army naval unit tests a new type of anti-ship cruise missile in this undated photo.

Can North Korea Build More Nuclear Weapons?. A North Korean People’s Army naval unit tests a new type of anti-ship cruise missile in this undated photo.

Similar presentations

Ads by Google