Forward Ho? No!

The term “forward security” doesn’t mean much to most people, but here is one definition: a myth that you should not bet your life on. Yet that is literally what Wikileaks is suggesting that people should do.

Wikileaks sounds like something nifty, new, politically cool, and maybe even useful: a forum for “untraceable mass document leaking and analysis” that’s endorsed by Daniel Ellsberg of Pentagon Papers fame. However, mail and Web anonymizer services have been around for a while, and plugging them into a public wiki doesn’t seem that innovative. The claimed innovation, however, is in the political purpose: people who live in countries with oppressive regimes (China is mentioned as an example) are encouraged to post documentation of abuses and other politically sensitive information that formerly was “costly in terms of human life” but now can be leaked with safety. That’s my summary of Wikileaks, anyhow, and thanks to the BBC’s Bill Thompson a for writing a more in-depth article.

So maybe not so technically innovative, but perhaps an example real world value created by Internet related technology? No. Emphatically, no. As with every claim of benefit from security/privacy/safety technology, tradeoffs are shifted, risks are reduced, but never eliminated. There is no guarantee of “forward secrecy,” that is, the claim that an encrypted secret (your identity in this case) remain just as secret years from now as today. Anyone who claims to guarantee Internet anonymity is either deceptive or ignorant, regardless of what anonymizer software they use to implement whatever clever protocol using whatever kind of encryption. Here are some sad facts. All cryptosystems have shown as decreasing in practical strength over time as mathematicians whittle at them. All crypto protocol implementations have had weakness discovered over time. And most important, all software has bugs. In fact, crypto-related software is notorious for how a subtle error can bring down the whole house of cards.

Imagine you’re a prospective whistle-blower in an oppressive environment, worried that your communication is monitored, and that speaking out could cause retaliation, even if discovered years from now. If you’re considering Wikileaks, the following questions are vital, literally. How likely is it that years from now my recorded anonymous message turns out to be crackable, because of new discovery of weakness in crypto, or protocol, or software? How likely is Wikileaks software to be bug free? Why would I trust the strength of Wikileaks software? The history of software, and of crypto, and of, well, of history – not encouraging. Boiled down even further:
Q: Is it secret? is it safe?
A: Don’t bet your life on it!

Vista: More Security Widgets, More Security Value?

As part of Microsoft’s customer awareness campaign for Windows Vista, the latest issue of the Microsoft Security for Home Computer Users Newsletter has a column about “five security features in Windows Vista that might just surprise you.” These features are actually interesting, but the article begs a question about the value of more security features that are part of the operating system or application software like browsers and mailers. Compare the user-empowering tone of that article with another article in the latest issue of the parallel newsletter for IT folks, Microsoft Security Newsletter that explains the prevalence of botnets and “rootkits on the rise.”

Taken together, I see valiant efforts at adding more security mechanisms that could be managed by home users, despite the lamentable fact that these new mechanisms are just a liable as the older one to be subverted by malware that modify the OS in order to hide itself (rootkits) and its activity (bots participating in botnets).

I see real innovation in better empowering home users to manage their own security mechanisms, but even assuming that most people did manage security as suggested, is there real value these new features? Well, yes, insofar as some actual attacks are foiled more often because of easier-to-manage security features, especially those that help users avoid participation in phishing, for example. But, no, insofar as these new mechanisms don’t really amplify the OS’s ability to prevent itself being compromised.

What is the value problem here? And where would some real value lie? As is often the value, the value problem it is a disconnect on assumptions. One the one hand, we’d like OSs (all of them! Windows, Linux, etc.) to better protect themselves, and these new features don’t help at all there. On the other hand, the creditable work done on these features assumes an intrinsic value on new features that can do new protection in the cases where the OS hasn’t already been compromised.

I think that this assumptions disconnect can actually be re-connected, but I’ll save that idea for another day and another recent development that might help make that connection.

What this blog is about

The thorny relationship between innovation and value – that’s one of the main themes that you’ll see in this blog. Here’s why:

Innovation only sometimes results in creation of value – an adage nowhere more true than in computing technology, where the pace and range of innovation continues to grow. Yet we’ve all seen many excellent technical developments that fail to deliver sufficient value to a large enough number of people to have significant impact. And let’s not confuse this with commercial success or lack thereof – there are plenty examples of commercial successes that are based on some important innovation, and yet are not high in value. (Some of which you’ll see highlighted here.)

In fact, value is a notoriously slippery idea, so (at least in this blog) perhaps the best way to discover its meaning, and its connection to innovation, is by taking a focused look at specific cases.

Another key theme is where security gets in the mix of innovation and value. I’ve been engaged in a variety of types of technical security endeavors off and on in my checkered past, and perhaps that accounts for why security, innovation, and value comprise a fascinating topic for me. Certainly I’ve seen a lot of cool security technology prove to have little practical benefit.

So, some (not all) of the examples of innovation and value (or lack thereof) will be either about innovation in security itself, or – more interesting to me as time goes by – innovations that when applied turn out to significantly effect the way that a valuable asset is used. Often it just isn’t clear at the outset how applying a technical innovation affects an asset’s risks of security, integrity, privacy, or the trust that underpins these three.

Last but not least, and particularly were security is involved – hype. Just about every technical innovation you hear about claims to be valuable, and often some simple claims are obscured by claims full of hyperbole, exaggeration, jargon, of just plain poor communication. So a certain amount if cut-through-the hype is needed, and you’ll find that here too. So …

… visit here often, for view on the ongoing stream of tech innovation, and de-mystification of claims of new value and/or security.