Schneier on Security
A blog covering security and security technology.
« New Directions in Malware |
| Security Myths and Passwords »
April 27, 2006
The Case for Eliminating Secrecy
Larry Beinhart makes an interesting case for the elimination of most government secrecy.
He has a good argument, although I think the issue is a bit more complicated.
Posted on April 27, 2006 at 7:47 AM
• 16 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I hope they keep things secret, it scares me enough knowing what they are up to that the *are* prepared to talk about. Ignorance is bliss. (joking of course ...)
The only advantage to secrecy in government most of the time is to protect the incompetent and the guilty whilst alowing others to build up huge empires without question (Any Three Letter Agencies springs to mind ;)
In reality it should only be invoked after an impartial observer (oversite) has agreed it is required, and also to set the scope and time limits etc (similar to what is supposed to happen with a wire tap order).
Sometimes Governmnets do need to maintain secrecy for all sorts of reasons, however in the majority of cases it is realy not required.
Also secrecy costs real money and lots of it which you and I the unfortunate Tax Payer have to fund out of our own pockets...
It is a complex question. Side channel leaks are very easy with too much information getting out.
There is another problem, if every single document someone produces is classified as "top secret" and among them are trivial stuff and real secret papers the discipline of guarding those "top secret" naturaly relax.
Having read the artical I find Larry Beinhart's arguments week and actually not realy relevant.
He argues that two of the 9/11 hijackers would have easily been stoped if the information about them was not Oh so Secret nobody could be told.
There is the issue of human rights to be considered (which he ignored) The CIA / FBI and other investigatory bodies look at many many pepole. The majority of which are inocent, their only involvment has been to have some lose connection to the main target of the investigation.
For instance a suspect terorist always takes his cloths to be cleaned at the same dry cleaners. He does this at almost the same time of day on the same day of the week. He appears to always had his cloaths to the same attendent.
The Agency needs to investigate not just the attendent but the dry cleaners as well. However it is very likley that the suspect is a creature of habit like the rest of us, and the attendent works a shift pattern.
Now under Larry's argument the attendents name should be passed to every agency doing investigations (and even made public through the press).
1, The attendent has their life ruined through no fault of their own.
2, There will be so many names floating around the snow drift effect will happen and nobody will be investigated.
Interesting article. I see some flaws in the logic. Number one, he takes an intelligence triumph and compares it to a snafu. Of course you can make an argument from that. Let's compare apples to apples.
We had good intel on what Japanesse agents were like in WWII, namely, Japanese. So, we locked all of them up on the west coast we could find. Let's talk human rights, shall we?
As crytpo has taken huge leaps the last century, so has intel in general. Being able to look at budgets and such seemingly third and fourth order things can reveal a lot. Everyone has gotten better at the game and so the game has to be upped. Nimitz pulled of his coup because the Japanese didn't realize we had upped our game so much.
Finally, as another poster mentioned, so we put these two suspected terrorist on the FBI list or whatever. How many outstanding warrants are out now in the US, just in general terms? Our "system" doesn't just rake them in willy-nilly. It catches some, but if you are smart you can avoid most of the common "check points" and a little social engineering can get you through most of the rest.
Finally, it's like identity theft breaches. When's the last on eyou heard reported on the news? They happen all the time. Federal law mandates disclosure. Sure, for a while it's news. Soon, it's routine. How long would the "terrorist deal" take to be the same thing? Joe and Jane American don't care, they would rather hear about Brittany Spears and her latest escapade.
What we need are not less secrets, necessarly, but a better way to process and handle the ones we have.
Bruce, it seems to me that what Beinhart writes is perfectly consistent
with your application of Kerckhoff's principle to general security analysis.
In that piece, you wrote that the guiding principle of such an analysis
should be the question "Does the security benefit of secrecy outweigh the
benefits of publication?"
Beinhart is claiming that to a very great extent, government secrecy
policies flunk that test. Blanket secrecy as a default policy is
constipating the flow of knowledge _within the government_, so that
officials who need critical information aren't getting it from other
officials who have that information.
If the Great Intelligence Re-Organization (GIRO) of 2005 were to work as
intended, perhaps that would diminish the force of Beinhart's criticism.
However, there is no evidence that the GIRO is working, and many reasons to
believe that you can't alleviate this kind of constipation by adding new
layers of management and increasing the complexity of the organization
chart (which already looked like that "Boiler Room Pipes" Windows screen
saver before the GIRO doubled the number of pipes).
If FBI agents can get the information they need more efficiently by reading
it in the New York Times than by hoping someone will say something useful
in an inter-agency committee meeting, it sounds worth a shot to me. Like
Beinhart says, it's not as if we can do any worse than we are now.
"If the Great Intelligence Reorganization (GIRO) of 2005 were to work as
As it is common knowledge that the CIA and the FBI would rather America burnt to the ground than co-operate with each other this is not likley to happen any time soon.
One of the main problems with Intelligence gathering is that the agencies concerned are always fighting other agencies for resources etc. They do this in their heads all the time even if (as in recent times) unlimited resources are available on the table without question.
This mind set encorages them to entrench and horde information whilst digging the dirt as much as possible on what they see as the "oposition" ie the other agencies, not the terorists or suspects.
So I confidently predict that GIRO 05 will be a dismal failier in just about every respect (except the face saving ones).
Herbert Clark writes that there are four steps required for the interpretation of any message. Roughly speaking, one must A: be paying attention, B: capture the data (hear the sounds), C: assemble the data (form words), and D: interpret the data (understand the sentence).
Regarding interception, cryptography can help prevent C, while anonymizing proxies can do the same for A. However, the Beinhart article mentions the common use of 'code words,' or encryption on the interpretation level. Words that have a common ground meaning only to the group who is intended to hear it.
Has there been much work on coming up with effective interpretation-level scrambling? Other than the use of Navajo in WW2?
Your focus is being affected by the "large cryptographic community ".
Both Beinhart and your viewpoints are valid, but your stance is going to be more topical since you are in the "now" of security issues.
If you were on a team of security people today you would get the "A" and Beinhart a "C" on your yearly review. 20 years ago I think it would be reversed
We are in a time of Terrorism, Corporate Fraud, and Government Corruption
NOT International Superpower vs International Superpower, Mafia type crime syndicates in every major city, or International Communist Conspiracies which were all the order of the day not so long ago.
Secrecy and Security concerns change over time do to current events.
What concerns me most is way our technology marketplace is exporting our advances to future competitors around the world.
Isolationalism is inherently bad, but I still worry that moving Boeing plants to China is going to get us bombed 20 years from now.
You see--->My point is there was a time not so long ago where YOU(As a security expert.) would be talking about the secrecy and security of exporting long range bomber and transport aircraft design to a communist country.
It seems to me that the security field is behaving too much like the media. Security people appear to be always focused on the Top Security Story of the Hour be it Terrorist, MS Windows, Airports, Crypto, etc.
I find it a bit of a stretch to say that the article argues for the removal of most secrecy. It seems to be arguing for more sharing of information about our enemies. It is, indeed a difficult balance to strike. On the one hand, too much secrecy is pretty clearly the only reason we're fighting our stupid war in Iraq. That failing alone is pretty damning. The argument that less secrecy might've prevented or mitigated the 9/11 attacks is less clear cut, but still has merit. Certainly, sharing information within our security services is an effective security tool, and is (or was at one point, at least) one of the prime mandates of DHS.
If I were to try to bulletize the article, which seems a bit unspecific, I'd say that things that the author thinks should be less secret are:
1) Information relating to policy decisions
2) Information relating to our enemies, especially "bad guys to look out for"
Information to keep secret:
3) Information about ourselves, especially the identities of our agents
4) Tactical information about ourselves and our enemies
The problem, of course, is that these are entangled. Drawing a definite line between #'s 2 and 3 seems impossible to me. #'s 2 and 4 seem pretty murky, as well. Of course, the dividing line between #'s 1 and 4 isn't precisely clear-cut, either.
However, the current state of affairs is to keep everything secret (unless leaked by corrupt officials). This is unambiguously unacceptable in a country that purports to be run of, by, and for the people.
One of the telling points of the issue, not mentioned in Beinhart's article, is that disclosure "after the fact" of a secret may not have any effect.
I take the secret document, edit it, and release the edited version to the public. Based upon this, everybody thinks something is a good/bad idea. Later, the secret document is revealed and the discrepancies are pointed out.
* some members of the public think it is just a political ploy
* some members of the public don't hear about it
* most members of the public aren't incented to do anything about it
* There is most likely no audit trail
* Ergo, I'm unlikely to be held accountable
* If my edit was to encourage a particular course, goal accomplished!
Buzzflash is a decent site with content one isn't likely to see on TV. However, I wish they'd quote/link-to Bruce.
He's on the right track, but not quite there.
There is a good case to be made for the elimination of government itself.
If one wanted to solve the terrorist problem, one would stop dicking around in foreign areas. Otherwise the argument is moot.
quincunx beat me to the point.
In any case, any security expert must be aware that there's an often overlooked, but very effective method of defense: ceasing to be a target.
The government, by claiming that it "represents" and executes the will of all its subjects (as modern governments do), automatically makes anyone associated with it to be a target of hostile actions aimed to hurt the government.
It would be in the best interests of the citizens to dissociate themselves from the government by getting rid of it - the similar act by Russians in 1991 effectively removed them (and the rest of the world, too) from the imminent danger of nuclear annihilation. They did proceed to erect a new government, which promptly created a different kind of danger for them in the form of pissed-off Chechens.
Somehow people keep forgetting that letting a demagogue to speak for them makes them responsible for the consequences of that demagogue's actions - in the eyes of those who vere victimized.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.