Forward Ho? No!

The term “forward security” doesn’t mean much to most people, but here is one definition: a myth that you should not bet your life on. Yet that is literally what Wikileaks is suggesting that people should do.

Wikileaks sounds like something nifty, new, politically cool, and maybe even useful: a forum for “untraceable mass document leaking and analysis” that’s endorsed by Daniel Ellsberg of Pentagon Papers fame. However, mail and Web anonymizer services have been around for a while, and plugging them into a public wiki doesn’t seem that innovative. The claimed innovation, however, is in the political purpose: people who live in countries with oppressive regimes (China is mentioned as an example) are encouraged to post documentation of abuses and other politically sensitive information that formerly was “costly in terms of human life” but now can be leaked with safety. That’s my summary of Wikileaks, anyhow, and thanks to the BBC’s Bill Thompson a for writing a more in-depth article.

So maybe not so technically innovative, but perhaps an example real world value created by Internet related technology? No. Emphatically, no. As with every claim of benefit from security/privacy/safety technology, tradeoffs are shifted, risks are reduced, but never eliminated. There is no guarantee of “forward secrecy,” that is, the claim that an encrypted secret (your identity in this case) remain just as secret years from now as today. Anyone who claims to guarantee Internet anonymity is either deceptive or ignorant, regardless of what anonymizer software they use to implement whatever clever protocol using whatever kind of encryption. Here are some sad facts. All cryptosystems have shown as decreasing in practical strength over time as mathematicians whittle at them. All crypto protocol implementations have had weakness discovered over time. And most important, all software has bugs. In fact, crypto-related software is notorious for how a subtle error can bring down the whole house of cards.

Imagine you’re a prospective whistle-blower in an oppressive environment, worried that your communication is monitored, and that speaking out could cause retaliation, even if discovered years from now. If you’re considering Wikileaks, the following questions are vital, literally. How likely is it that years from now my recorded anonymous message turns out to be crackable, because of new discovery of weakness in crypto, or protocol, or software? How likely is Wikileaks software to be bug free? Why would I trust the strength of Wikileaks software? The history of software, and of crypto, and of, well, of history – not encouraging. Boiled down even further:
Q: Is it secret? is it safe?
A: Don’t bet your life on it!