A recent research paper resurrects the idea of “security by obscurity.” A notion I’ve been fighting for decades. (e.g. in The Transparent Society). The basic idea is that you will better thrive by hiding information from your foes/competitors/rivals, even if this accelerates an arms race of obscurity and spying, creating a secular trend towards ever-reduced transparency.
Now, I want to talk about a special case in which my objection – still strong in principle – is softened by pragmatic arguments. In Gaming Security through Obscurity, Dusko Pavlovic contends that you can improve system security by making it hard to find out how the system works. This concept is familiar to computer programmers: On I, Programmer, Alex Armstrong explains, “Your code can be disassembled and decompiled and in many cases, a well written program is much easier to reverse engineer. The solution generally adopted is not to write a bad program but to use “obfuscation” as a final step. That is, take a good clear program and perform a range of syntactic transformations on it to make it a mess that is so much more difficult to read and therefore to reverse engineer.”
In cryptography, Kerckhoff’s Principle says that a system should be secure even if everything is known about it, formulated by Claude Shannon as “The enemy knows the system.” This stands in contrast to security by obscurity. (Thanks to xkcd for the cartoon!) The recent paper by Dusko Pavlovic suggests that security is a game of incomplete information and the more you can do to keep your opponent in the dark, the better.
Now there’s a lot of misleading discussion about this, so, if you are expecting “Mr. Transparency” be all up in arms over this, you are mistaken. What is at issue here is fundamentally the question of the ZERO SUM GAME.
(First, look up the concept of zero-sum and positive sum or win-win games. It is probably the most vital idea you could possibly own in your head and being able to tell these things apart should be a pass-fail requirement for citizenship.)
Most human beings used to live pretty much zero-sum existences. If you wanted to get ahead in the world, you needed to win points by causing your enemy to lose. This applied when it came to mate-seeking, food-seeking, heck at almost any level. Tribes and societies formed in order to eke a small surplus that might go to positive-sum activities like irrigation and libraries, but the pyramid-shaped, inheritance-based oligarchies that ruled them made sure there were winners above and losers below. And when it came to human inventiveness, clever craft workers knew — if you discover a better way to do something, keep it secret or you’ll lose every advantage. Why do you think the Baghdad battery, the Antikythera Device, and the wondrous steam engines of Heron all vanished, to be forgotten and lost to progress?
The Enlightenment’s core discovery was the positive-sum game… ways that democracy, markets and science can “float all boats,” so that even those who aren’t top-winners can still see things get better, overall, year after year — leading to the diamond-shaped social structure we discussed in an earlier post (last week), with a vibrant and creative middle class outnumbering the poor.
This dream did not come true by emphasizing cooperation alone, though cooperation is an ingredient. Just as important is competition, nature’s great locus of innovation and the driver of evolution. But it has to be regulated and carefully tuned. If competition results in a new oligarchy, you get right back to the pyramid again, with topmost cheaters restoring zero-sum thinking, and everybody loses. Look at 6000 years of history, fer gosh sakes.
One of the most ingenious “regulations” — supported by Adam Smith and Ben Franklin etc, — was the notion of intellectual property or IP. Patents and copyrights were never intended to mean “I own that idea!” No, intellectual property was born entirely as a pragmatic tweak, offering creative people a subsidy in order to draw them into openly sharing their discoveries… so that others might use and improve them and we get the virtuous cycle of positive-sum improvements, ever-accelerating knowledge, skill and wealth.
Let there be no mistake. That is one of many ways that regulated competition delivers on the promise of markets and Smithian capitalism vastly and demonstrably far better than anything that ever resembled laissez faire or Randian cannibalism festivals.
Which brings us full circle to Pavlovic’s paper and the storm of simple-minded misinterpretations that are going around. As you’d expect, my initial reaction was “bullshit!” In The Transparent Society I show mountains of evidence that we’re all better off in an increasingly open world. All of our positive-sum Enlightenment “arenas” — Democracy, Markets, Science etc — are healthy precisely in proportion to the degree that all participants know what’s going on so they can make well-informed decisions and choose better products.
Even when it comes to security, we should all be aware of how the dream of Dwight Eisenhower finally came true, after Sputnik, when spy satellites flew around the globe taking pictures… and it did not trigger a third world war. Rather, Ike’s “Open Skies” helped to prevent war, to calm the arms race, to save us all.
Yet, I willingly accept the validity of Pavlovic’s paper, in the limited context that he chooses. True, a positive sum game is nearly always better than a zero sum… or a sick negative sum game. And true security will only really happen for us all when the world is so awash in light that thieves and oppressors generally get caught and deterrence reigns. Transparency isn’t a naive, utopian dream. It is empowerment of all, so that reciprocal accountability keeps the cycles virtuous. It is the Enlightenment’s core.
But Pavlovic is describing a specialized case. A situation in which things are already decidedly zero sum. In which your company knows that its competitors cheat. They steal IP and our Enlightenment civilization is all too often failing to do anything about it. As America and other western nations are failing miserably to protect western IP… the goose that lays the world’s golden eggs.
Reciprocity has broken down and with IP no longer protected, innovators must fall back on the old ways. Concealment. Trade secrets. Squirreling away your tricks so the other guy won’t get to copy them.
Overall, that is the world we’re heading back toward, for a number of reasons. Because certain countries and companies are rampant intellectual property thieves. Because Western leaders won’t act to stop it. Because some western mystics and idiotic “legal scholars” actually believe that IP is based on principles of palpable ownership, and thus secrecy is somehow equivalent to patent declaration, instead of its diametric opposite!
And because life is still life. Even in the context of a positive-sum civilization, you and your company may find yourselves in a zero or negative sum situation, needing to protect — with “obscurity” — the code tricks that you feel you have a right to benefit from.
Let there be no doubt, the prescription is a nasty and ugly one. Deliberately flood your own code with so much spurious junk that a competitor will be rendered clueless and unable to reverse engineer it? This may be an effective short term tactic, but it will also result in — well — junk-filled code! Harder for YOU to engineer and repair. Or to benefit from crowd-sourced improvements. Sluggish and inherently inefficient.
This is a different matter than slipping in Tattler Code… segments that reveal if a competitor stole or copied from you. Even segments that go online and tattle when the code is run! These are clever, legal, and involve transparency of a sort! A searinglight of accountability that seems a lot like an immune system, at work.
I could go on. But swamped, I’ll leave it there. Except to add this:
Fight for a civilization that becomes more filled with light, wherein competition isn’t cut-throat, but simply the way that people like you and me and Steve Jobs get the best out of ourselves! I push transparency as the most-frequently applicable medicine. But even more important is to stay calm, and understand what we should defend.
And defend it.
Remember – I’ll be holding an open house meet-up in New York City on Monday, October 17, at around 8:30pm at O’Reilly’s, 21 W 35th St. (upstairs: byo-drinks.) An informal gathering of folks who love the future, sci fi or just lots of talk! (If you really like all those things, then check out the Singularity Summit in NYC. I’m speaking on October 16.
I’ll also be the Guest of Contraflow, the New Orleans science fiction convention:November 4-6. Join us if you’re in the area!
Also, see my updated profile and links collected on xeeme.