Your computer is tormented by a wicked god

Bootkits are why we can’t have nice things.

Cory Doctorow


Computer security is really, really important. It was important decades ago, when computers were merely how we ran our financial system, aviation, and the power grid. Today, as more and more of us have our bodies inside of computers (cars, houses, etc) and computers in our body (implants), computer security is urgent.

Decades ago, security practitioners began a long argument about how best to address that looming urgency. The most vexing aspect of this argument was a modern, cybernetic variant on a debate that was as old as the ancient philosophers — a debate that Rene Descartes immortalized in the 17th Century.

You’ve doubtless heard the phrase, “I think therefore I am” (Cogito, ergo sum). It comes from Descartes’ 1637 Discourse on the Method, which asks the question, “How can we know things?” Or, more expansively, “Given that all my reasoning begins with things I encounter through my senses, and given that my senses are sometimes wrong, how can I know anything?”

Descartes’ answer: “I know God is benevolent, because when I conceive of God, I conceive of benevolence, and God gave me my conceptions. A benevolent God wouldn’t lead me astray. Thus, the things I learn through my senses and understand through my reason are right, because a benevolent God wouldn’t have it any other way.”

I’ve hated this answer since my freshman philosophy class, and even though the TA rejected my paper explaining why it was bullshit, I still think it’s bullshit. I mean, I’m a science fiction writer, so I can handily conceive of a wicked God whose evil plan starts with making you think He is benevolent and then systematically misleading you in your senses and reasoning, tormenting you for His own sadistic pleasure.

The debate about trust and certainty has been at the center of computer security since its inception. When Ken “Unix” Thompson accepted the 1984 Turing Prize he gave an acceptance speech called “Reflections on Trusting Trust”:

It’s a bombshell. In it, Thompson proposes an evil compiler, one that inserted a back-door into any…