Schneier on Security

If I recall the excerpt from a "UFO's Explained" or whatever I flipped through recently, I believe there have been similar sorts of incidents in the US national archives dealing with suspected insertions of alleged reports of the Roswell "incident." Alas, we too often defend only against what we believe is likely to happen.

This couldn't be more ironic - as I believe it was Churchill who is credited with originating the saying "History is written by the victors." Kind of gives a whole new perspective to that saying. For if this is true, he indeed did write history.

Very cunning.... The surviving members of the British SOE that are now in senior positions in MI5, MI6, and GCHQ have managed to convince the press that the real documents that accidentally slipped into the archives are false, thereby covering up their actions of 50 years ago. Otherwise, that would put SOE operatives in Berlin at the same time that the Soviets took the city - very awkward.

There is a very old trick that wonderfully fools everyone, which may be at work here. When there is a record you would not like coming to light, simply replace the original with a forgery of the original. The records will seem to be complete, and when the secret does come to light the document will later prove to be a forgery, which tricks people into automatically thinking the secret never happened. (This is an old business trick, a variant of keeping two sets of books.)

@ Roy

Now that's thinking that reveals a security nut at heart.

I think that the commenters, while raising an interesting thought, are getting side-tracked from the main concern raised by the article. The underlying 1984-esque security breach has occurred, whoever performed the actual replacement and whatever the truth of the original matter.

As someone who spent many long hours at the National Archives, I can attest to the fact that it is easy to see how someone would modify/replace the documents. At least when I was working there the security was little more than a system of trust. You could be left alone with original files, etc. for long periods and I always wondered when I reviewed things like Churchill's personal memos whether testing the paper/ink would actually demonstrate authenticity.

The obvious problem that Bruce has stumbled upon here is that "primary source" material is considered definitive material, and yet extremely weak security has been in effect for decades.

In fact, I was often worried just because I was trusted to walk around with a pile of original paper documents in my grubby fingers, rather than just browse images of them on Microfiche/Screen. That was more access/liability than I felt I really needed to get my work done.

While I agree the incident is horrific, remember that the forgeries did not, in fact, "pass", and that was *not* just a matter of chance:

1) After the forgeries were inserted, somebody found and read them (as intended).

2) Given the enormity of the claims, that person chose to capitalize on them, by writing a book. In the process of publication, various newspapers were approached for comments and publicity.

3) One of those papers, the _Telegraph_, found the claims incredible enough that they decided to confirm the primary documents. As they remembered, "extraordinary claims require extraordinary evidence".

4) The forensic experts they consulted immediately detected the forgery. Now, these fakes were amateurish enough to be spotted with a magnifying glass. But even pages hand-typed on authentic vintage letterhead, and "signed" by an expert forger, still might not pass under a common microscope -- much less, evade the scrutiny of a major forensic lab.

So, "the system" worked, essentially because at least some of the people involved weren't fools. But I like to think "I'd" have pulled out the magnifying glass, *before* writing a freakin' book!

Roy: similar to the old trick of stealing a painting by replacing the painting in the gallery with a reasonable forgery and then slashing the forgery with a knife, on the assumption that people won't bother to check that the slashed painting was actually the real thing. Of course, curators *do* check these days because they know about the trick, but the principle is the same.

@David Harmon

Excellent post, but the cost of forensic analysis is only justified in these extreme cases. How many books do you read that cite primary source? How often do you think someone validates that
A) the primary source material actually exists
B) the primary source material was properly cited
C) the primary source material was properly interpreted
before you even get to forensics on the source material.
The cost of auditing a work is so high, readers basically have to trust the author, the editors, the publishers, etc.. I have personally checked on primary source references and found them to not exist or be completely out of context. The "system" you refer to really only works in cases of controversial subjects where further readership (sales) drives investigators to publish their results.

If it's true of the UK National archives at Kew (South West London), I wonder if it's also possible to change registers of Births Maragies and Deaths...

Where's my colour lazer printer I feel a new ID comming on :(

Hmm, anyone read "killing time" by Caleb Carr? A fiction book but carries a heavy handed message. Basically his argument is that we are so inundated with information that we do not know what to believe anymore. So we make an unjustifiable decision to trust one source of information more than another.
One example in the book is when a forged video is released of Stalin touring a German concentration camp during WW2. Even when evidence was produced showing that the video was falsified, people still refused to believe it because the video came from a "trusted" source while the evidence that the video was false came from an "untrusted" source.
So as long as we continue to base our information on "trusted" sources and nothing else we will end up being manipulated in the same way that the author of this book was.

If it were technically feasible, a physical "checksum" might offer a solution. You summon up an archive file, the clerk puts it in a machine and records a number, you take the file away to a desk to study, you return it to the clerk who puts it back in the machine and checks if it still gives rise to the same number. The crudest thing the machine could do would be to weigh the file: if papers have been added or removed then that will detect it. To detect substitution you clearly need something a bit more sophisticated. Perhaps "sniffing" the file with an array of chips that detect low concentrations of various chemicals. The original file would have a signature smell and that smell would likely change if pages were replaced.

@Parsi
No doubt there are many many potential solutions (including the one recently discussed regarding Torah identification), but as Bruce mentioned Archive security has traditionally been directed towards preventing theft rather than verifying authenticity of extant documents.

Who controls the past controls the future; who controls the present controls the past.
-- Georege Orwell, _1984_

"There is a very old trick that wonderfully fools everyone, which may be at work here. When there is a record you would not like coming to light, simply replace the original with a forgery of the original. The records will seem to be complete, and when the secret does come to light the document will later prove to be a forgery, which tricks people into automatically thinking the secret never happened. (This is an old business trick, a variant of keeping two sets of books.)"

I am impressed.

@Bruce,

I'd be impressed too, but I detected that the original post was actually a forgery.

There really is no such trick.

Well, it's much easier to plant distrust than convince trustworthiness.

@ Roy

Isn't that (the replacement of a real smoking-gun document with a self-discrediting forgery) what happened to Dan Rather with the Killian memos?

He will think that I do A, thus I will do B instead to get him.

But wait, he may think that I think that he thinks me of doing A, thus he expects me to do B. I'm better off with doing A as intended.

Wait again, what if he thinks of me thinking all of this, thus expecting me doing A nonetheless, and I should do B?

Ad infinitum.

Now, what were the forgerers thoughts about our thoughts when we discover the forgery?

An interesting incident, but I think it's a little overwrought. It's not as if people haven't tried to fake official documents in the past, and it's not as if we don't have mechanisms in place to assist in detecting those forgeries. In this particular case, the forger was detected in his attempt to duplicate a signature; signatures are of course added to documents for precisely this reason. (Perhaps he made other errors as well, but since he stumbled at the first hurdle it doesn't matter.) Most of the examples in the Telegraph's sidebar "Faking our history" are utterly implausible because their grandiosity ensures they will be subject to withering analysis. Perhaps the forger might have gotten away with it if he tried something a bit less spectacular; but then again the existing checks already cover matters as trivial as a grocery receipt.

Someone asked how often primary sources are properly vetted. Rarely indeed in populist books, which is one reason why they're often wrong. But comparing, contrasting, cross-checking, validating or invalidating primary sources is exactly what historians spend most of their time doing. It is far from unheard of for fakes (or more commonly, gross but unwitting errors) to be uncovered. Perhaps the most spectacular example was the "Donation of Constantine", a document in the old Roman Imperial archives held by the Vatican which supposedly gave the Pope secular authority over vast lands. It was proved to be a forgery by careful textual analysis by an historian -- in 1440 !!

Given the evident ease of access to original documents by persons of demonstrated lack of integrity and extreme views, what is more of a concern to me is perhaps the possibility of systematic vandalism of irreplaceable primary documents which happen to offend some bigoted viewpoint.

There are many areas where our ancestors have pondered the security issues for centuries and eventually ended up with neat, practical protocols to deal with a problem. But it seems to me that today we often spend much of our time discussing security of matters that have been totally open in the past because no-one would dream of abusing them, yet now are being abused. When the National Archives last worried about the matter, their concern was that someone might steal a document for financial gain. The possibility that an educated person might vandalise irreplaceable BOOKS, was inconceivable.

Many of these inconceivabilities have become commonplaces. Today we not only have to worry about literate vandals, but engineers who design plots to slaughter thousands because of some perversion of religious belief, people who poison food in the markets for extortion, people who blow themselves to bits in order to slaughter innocent strangers, and people who set off bombs in the shape of a giant smiley face because they're Just Plain Nuts. It sometimes seems that no longer are our baser passions restrained by public morality, and our society is not very well designed to cope, but in continuous catch-up mode, successively closing door after door as the evildoers get new ideas. In bleaker moments it seems to me that we are rapidly approaching Hobbes' War of All Against All, and the consequences are much as he predicted.

The popularization of information on the Internet will exacerbate this problem.

If an archive is online, who will even look at the originals any more? Few "facts" are traceable to actual source information, and inserting false histories into the global body of knowledge becomes easier and easier every day. Consider the difficulties often experienced by folks such as those at snopes, who deal with such matters daily, in establishing whether a simple story is true or false. How much more difficult is it to establish veracity when fact gives way to interpretation of fact, and to opinion. What written records of our own age will archivists of the future be able to rely upon?

Perhaps the lesson is to stop trying to learn from history? Few seem to avoid repeating the mistakes of the past anyway.