Issue No.06 - November/December (2006 vol.4)
Published by the IEEE Computer Society
Eugene Spafford , Purdue University
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.150
Eugene Spafford discusses the books that have been most influential in shaping his attitudes about security and privacy.
When I reflect on books that were significant in my life, it's an odd and eclectic collection. I read a lot when I was younger: I had an undiagnosed vision problem until sixth grade, so while everyone was outside playing, I went to the library and read all sorts of things.
When I was 11 or 12, I read David Kahn's The Codebreakers. It led to books on codes, ciphers, and, eventually, number theory. Undoubtedly, it started me down the road of information security. About that time, I started reading the entire World Book Encyclopedia! It took me roughly 18 months to finish. It was fascinating to read about so many new things—and realize there was more to learn than I would ever have time to study.
In later years, I read a lot of fantasy and science fiction, such as the Lord of the Rings and Frank Herbert's Dune, and stories by Isaac Asimov, Robert A. Heinlein, and H.P. Lovecraft. I also read a diverse set of books by other authors, including Edgar Allen Poe, George Orwell, Hermann Hesse, and Friedrich Nietzsche, many of which led me to ponder reality. I've always wondered about the limits of what we can observe: What is real? What is imaginary but can become real? I still recommend to others the works of Jorge Luis Borges, particularly The Library of Babel and Pierre Menard, Author of the Quixote. They're wonderful stories about the nature of reality and knowledge.
As a grad student, I had less time to read for fun. I had a class with a stimulating professor who studied the philosophy of thought and the mind, and he got me thinking about the interface between technology and human beings. He introduced me to Doug Hofstadter's Godel-Escher-Bach: An Eternal Golden Braid, which led me to consider the fundamental differences between computing and people. The book investigates relationships, how things are connected—such as math and music—and computation and psychology. It made me think about what machines can't do, such as recreating human thought. Hofstader's book can be interpreted on many levels; I still suggest it to students to read and think about. Reading books like this one can lead us to questions that we should consider as security practitioners and computer scientists: What can we automate? What should we automate? Is technology ultimately for the good?
Another similar book is The Making of the Atomic Bomb, the Pulitzer-Prize-winning book by Richard Rhodes. It discusses researchers and their motivations as well as technology. It illustrates self-reflection by scientists who create technology that we don't see as much today—but should. For instance, as we create technologies that invade privacy, we aren't asking questions about whether we should be doing these things.
When I have time, I still read philosophy, particularly philosophy of science. Not enough computer scientists are familiar with the formal foundations of science. They build things; they're engineers, not scientists. There's no hypothesis, no refutation. Serious scientists should read Karl Popper's original works, as well as Thomas Kuhn's The Structure of Scientific Revolutions.
I still read fantasy and science fiction (most recently, Jim Butcher's The Dresden Files). I also enjoy learning about unexpected causality—changing the way I look at the world. Jared Diamond's Guns, Germs, and Steel and Carl Zimmer's Parasite Rex discuss unexpected relationships and unusual interactions: I finished both recently and recommend them highly.
I like books that influence my practice and teaching of information security, and books that challenge me to question reality. Should we be doing with technology the things we are? To me, life is learning, and books are the path to new ideas.
Eugene Spafford is a professor at Purdue University who doesn't have enough time to read and can't possibly fit all his thoughts into 650 words. For more detail, see http://spaf.cerias.purdue.edu.