The End of Secrecy
Blogger: Bob Blakley
Scott McNealy famously said "You have zero privacy anyway. Get over it."
I disagree, but let's save that for the end. If you want evidence for McNealy's position, you don't have far to look.
You could look at your typical day. Here's one of mine. Get up at 5am. Get ready for my trip, get in the car, notice that I'm almost out of gas. Head to the Shell station down the street. It's not "open" yet, so I put my credit card in the pump and fill my tank.
CREDIT CARD RECORD: BOB BLAKLEY BOUGHT $17.57 OF MID-GRADE. SHELL STATION #xxx, RM 620, ROUND ROCK, TX. 5:31 AM.
Get back on the highway. Drive a couple of blocks to Starbucks, which is open. Buy a tall coffee, black.
STRIP MALL SURVEILLANCE VIDEO: BOB BLAKLEY ENTERING STARBUCKS, CORNER OF RM 620 and IH-35, ROUND ROCK, TX, 5:37 AM.
Get back on the highway. Decide to take TX 45 to HWY 183 because it avoids some lights.
TXTAG TOLLWAY RECORD: BOB BLAKLEY'S CAR CHARGED $1.45, TX 45 SOUTHBOUND AT HOWARD LN., WILLIAMSON COUNTY, TX, 5:41 AM.
Drive to Austin Bergstrom Airport. Park car.
ABIA PARKING SYSTEM RECORD: BOB BLAKLEY'S CAR ISSUED TICKET TO LONG-TERM PARKING. TRAVIS COUNTY, TX, 6:17 AM.
Check in at the counter
US AIRWAYS: BOB BLAKLEY CHECKED IN FOR FLIGHT FROM AUSTIN TO PHOENIX (CONNECTION TO VANCOUVER), ABIA AIRPORT, TRAVIS COUNTY, TX. 6:21 AM.
Call home to assure everyone that the coffee worked & I made it safely to the airport.
CINGULAR WIRELESS: BOB BLAKLEY CALL TO KAREN BLAKLEY, DURATION 3 MINUTES. ORIGINATING CELL #xxx. 6:22 AM.
(the cynics among you may be thinking:
NSA WIRETAP: BOB BLAKLEY TO FEMALE SUBJECT, PRESUMED TO BE KAREN BLAKLEY. NO KEYWORDS OF INTEREST. DURATION 3 MINUTES. CINGUAR RECORD #yyy. 6:22 AM.)
And so on. You get the picture. If I want to do something a determined investigator can't find out about, I've got to work very hard and be very careful.
David Murakami Wood and colleagues put the situation this way: "We live in a surveillance society. It is pointless to talk about surveillance society in the future tense. In all the rich countries of the world everyday life is suffused with surveillance encounters, not merely from dawn to dusk but 24/7. Some encounters obtrude into the routine, like when we get a ticket for running a red light when no one was around but the camera. But the majority are now just part of the fabric of daily life. Unremarkable." My personal blog's entry about Wood's report, which is entitled "A Report on The Surveillance Society," is here.
I know what you're thinking – you're thinking "hey, Bob, I thought you disagreed with McNealy. Why are you making his case for him?"
Good question. Luckily, there's a good answer.
What McNealy should have said is "You have zero secrets anyway. Get over it." That's true. There are no more secrets.
Let me say that again. THERE ARE NO MORE SECRETS.
Don't believe me?
Look here.
Or here.
Or, if you don't want to use a cell phone, why not just chip the people?
On the other hand, cell phones can be used for more than just tracking.
Think you've got a friend others don't know about? Possibly not.
Think you can protect yourself by anonymizing your access to electronic resources? Think again.
There are even proposals to outlaw online anonymity.
Want to find all the pictures of yourself (or your estranged girlfriend) on the web? Try this.
Let's say it one more time: THERE ARE NO MORE SECRETS.
Luckily, privacy is not secrecy. Privacy is privacy. It has much more to do with me respecting your dignity, and you respecting mine, than it does with either of us keeping secrets. This is where McNealy got it wrong. I gave a talk about this recently; it's entitled "What is Privacy, Really?" You can find the audio and the slides here.
The end of secrecy has implications far beyond privacy, of course. Secrecy has been at the heart of information security from the beginning – some of the earliest computers were built to compute, and break, ciphers. The biggest annual computer security conference is hosted by a cryptography company (RSA).
Ironically, cryptographers have never been big believers in secrecy. I recall (from memory, so probably somewhat inaccurately) a quote attributed to Robert Morris, Sr. (formerly NSA's chief scientist): "World War II represented a brief period of sanity in cryptographic history; during the war, people spoke of using encryption to protect messages for hours or days, whereas both before and after the war they spoke of protecting the messages forever."
The skepticism continues; Mihir Bellare and others have done extensive work on frameworks for proving cryptographic protocols correctly under a small number of carefully stated assumptions. I've never been comfortable with these results, because I can't figure out how to reconcile them with Shannon's definition of "perfect security" of a cryptosystem, which doesn't require assumptions and which I can understand and believe.
Shannon said that the best you can do is to use one bit of key material to protect one bit of plaintext material – and whenever the text is longer than the key, statistical correlations (which can be exploited by an adversary to attack the security of the cipher) begin to creep into the system. Public-key cryptosystems, of course, use short keys to protect long texts.
Neil Koblitz and Alfred Menezes recently published a paper entitled "Another Look at Provable Security" in the Journal of Cryptology; they argue that keeping secrets using cryptography is much harder than is envisioned in many of the proposed proofs of security.
Even if our cryptographic primitives and protocols were unbreakable, though, we'd still be in a lot of trouble as concerns keeping secrets. The analog hole guarantees that conversations can always be wiretapped, and texts can always be read, the old fashioned way (it also guarantees that DRM will always be broken). A key is fine as long as it's you – instead of the trojan horse you picked up last week – in the driver's seat when the key is used to unlock your secret. And so on.
I'll be focusing on "The End of Secrecy" and its implications (for privacy and also for security) at our Catalyst conference in San Francisco in June. If you're interested, why not make plans to join us there? If you disagree, email me or leave a comment – or just come to the conference and we'll discuss it in person!
Comments