Solving Problems In Secret

Matt Blaze computer and information science at University of Pennsylvania and blogs about security at Exhaustive Search. His recent post on mistakes in spying techniques, protocols, and hardware caught my interest:

Indeed, the recent history of electronic surveillance is a veritable catalog of cautionary tales of technological errors, risks and unintended consequences. Sometime mishaps lead to well-publicized violations of the privacy of innocent people. There was, for example, the NSA’s disclosure earlier this year that it had been accidently “over-collecting” the communications of innocent Americans. And there was the discovery, in 2005, that the standard interfaces intended to let law enforcement tap cellular telephone traffic had been hijacked by criminals who were using them to tap the mobile phones of hundreds of people in Athens, Greece.

Blaze is pretty sure he knows what the problem is, and it’s one that anybody who’s passionate about open source will appreciate:

A common factor in these failed systems is that they were designed and deployed largely in secret, away from the kind of engineering scrutiny that, as security engineers know well, is essential for making systems robust. It’s a natural enough reflex for law enforcement and intelligence agencies to want to keep their surveillance technology under wraps. But while it may make sense to keep secret who is under surveillance, there’s no need to keep secret how. And the track record of current systems suggests a process that is seriously, even dangerously, broken.

To emphasize the point, in another post he explains:

The real problem is that these protocols — used in the most serious criminal investigations — were apparently designed and deployed (and mandated in virtually every communications switch in the US) without first subjecting them to a meaningful security analysis. They were engineered to work well in the average case, but ignored the worst case of an adversary trying to create conditions unfavorable to the eavesdropper. And as the services for which these protocols are used have expanded, they’ve created a wider range of edge conditions, with more opportunities for manipulation and mischief.

Not every problem is as shrouded in secrecy as the the workings of our security apparatus, but I’m pretty sure that most every problem is made easier when the people involved in it share their work publicly.