Secrecy and Security
In my previous entry, I wrote about the U.S. government’s SSI classification. I meant it as to be an analysis of the procedures of secrecy, not an analysis of secrecy as security.
I’ve previously written about the relationship between secrecy and security. I think secrecy hurts security in all but a few well-defined circumstances.
In recent years, the U.S. government has pulled a veil of secrecy over much of its inner workings, using security against terrorism as an excuse. The Director of the National Security Archive recently gave excellent testimony on the topic. This is worth reading both for this general conclusions and for his specific data.
The lesson of 9/11 is that we are losing protection by too much secrecy. The risk is that by keeping information secret, we make ourselves vulnerable. The risk is that when we keep our vulnerabilities secret, we avoid fixing them. In an open society, it is only by exposure that problems get fixed. In a distributed information networked world, secrecy creates risk—risk of inefficiency, ignorance, inaction, as in 9/11. As the saying goes in the computer security world, when the bug is secret, then only the vendor and the hacker know—and the larger community can neither protect itself nor offer fixes.
Israel Torres • March 9, 2005 9:42 AM
Secrets are supposed to be good for the guys with the secret, and bad for the guys without the secret. It is when the guys without the secret want the secret, but since it is secret may not know there is a secret to be had. This is usually when the guys with the secret that had such a good thing going for them ends up losing the secret in the fact that they mention there is a secret being kept secret.- Setec Astronomy
Israel Torres