Until the '60s, governments were not really involved in car design. Then people like Ralph Nader started noticing that a lot of people were being killed in cars and made it clear why this was happening. We have spent the last 35 years or so designing safety into cars, and it's had a pretty dramatic effect. . . We're in that same era now with security on computer systems. We know we have a problem and now we need to focus on design.
10 THINGS YOU SHOULD KNOW ABOUT SECURITY, PRIVACY AND ENCRYPTION: RICHARD M. SMITH [10.21.02]
Smith is one of the nation's most outspoken privacy mavens,
with a difference. Smith is a veteran software hacker who
who has a deep understanding of both computers and the Internet.
He uses his expertise in Sherlock Holmes fashion to ferret
out privacy and security flaws and abuses. Smith is a personal
computer industry veteran. He recalls meeting Bill Gates
in the 1970s when the two men attended a meeting in Kansas
City to establish a standard for PC data storage on tape
RICHARD M. SMITH has been described by The New York Times as "perhaps the nation's most vocal authority on data privacy." Smith has been in the computer business since the early 70s, and has been involved in microprocessors from day one. He began his career as a programmer, co-founded a software company, and became the head of the nonprofit Privacy Foundation, where he served until November, 2001. Since September 11, he has changed his focus from privacy to security. He is now focuses on technology related to security issues and he operates a web site that reports "computer bites man" stories, named ComputerBytesMan.com. He lives and works in Brookline, Massachusetts.
10 THINGS YOU SHOULD KNOW ABOUT SECURITY, PRIVACY AND ENCRYPTION
1. A lot of the concerns about cyber-security and cyber-terrorism are overblown. A relatively simple solution to many of these problems is to design security into products from the beginning rather than having to come up with retrofits on top of them to fix problems that may arise. It's just like the car market. Until the '60s, governments were not really involved in car design. Then people like Ralph Nader started noticing that a lot of people were being killed in cars and made it clear why this was happening. We have spent the last 35 years or so designing safety into cars, and it's had a pretty dramatic effect. Now the number of people that are killed on the highways every year is lower than it was in 1965, even though both the number of people who drive and the total miles driven is much higher. We're in that same era now with security on computer systems. We know we have a problem and now we need to focus on design.
2. There's a big push now to use facial recognition systems to catch terrorists at airports. The idea is that if you're a bad guy you would be in a data base, and we would have video cameras taking pictures of people all day long, trying to match them with those in the data base. Being a natural skeptic about high technology I have a lot of problems with such systems. This technology is very much mixed in with business and the people who run it. There are a couple of companies producing the technology, and after September 11 they saw a way to make billions of dollars, so they're offering it as a solution to the terrorist problem in ways that are totally exaggerated.
3. Lots of people who look at security problems seem to focus on web servers. But at the same time we have to look at desktop products products that people use every day like web browsers and e-mail. A problem in one of them can potentially affect everyone.
4. One of the issues I've noticed repeatedly in the culture of programming is that, frankly, security and product quality are of secondary importance to people writing code. For them it's a waste of time. They're more interested in creating great new features in the software. Security is really about getting people to do the right thing, not to be lazy. I'm constantly selling them on the idea of the importance of fixing this particular problem. Usually what it takes is for something bad to happen, and then they realize that they've got a problem because they look bad in the press. The fundamental problem is that there's very little liability for software problems. If there were we'd clearly be in a different world, since in a sense, the market would fix the problems a lot more quickly.
5. Parallel to Moore's Law is a development which nobody's ever identified: namely, that the capacity of hard disks is growing even faster than the number of transistors they can put on a chip. Now we have all of these hard disks that need to be filled up with data. God abhors a vacuum, and he also abhors an empty hard disk. Surveillance systems are being pulled along by this increase in available technology. We can record more stuff, so why not do it? The problem is that people running the Fast Lane system on the Massachusetts Turnpike probably have never thought about what to do with all these records they are accumulating, other than to try to keep them. They know not to give them out to just anybody who comes along, but have they ever thought about how long to keep the data, and how the data could be misused?
6. At the Privacy Foundation we focused on surveillance and on understanding how technology would be used to watch us. The word "surveillance" generally has a negative connotation. But at the same time, we are surveilled every day of our lives and we don't mind it in the least. The first example of a type of surveillance that we saw on a wide scale was credit cards. We travel around and buy things with credit cards and over time they have become more and more popular. In order to make the whole system work, every time we make an economic transaction a record has to be made of who we did business with, what we did with them, how much money we spent, where we were physically located, and what time this was all of which goes into a computer data base. This surveillance system exists to enhance commerce, and since we don't have to carry around a lot of cash, it makes it easier to buy and sell things. We very willingly participate in that.
7. In the future, much more of our lives is going to be recorded in computers, since hard disks are getting very inexpensive and sensors that watch what we do are becoming more common. We're seeing all sorts of ways in which what used to be anonymous transactions suddenly become recorded in order to make our lives work better. But at the same time there is a down side. With the E911 system, for example, the FCC is going to require wireless companies to locate where an individual cell phone user is to an accuracy of about a hundred feet. The rationale is that when you make an emergency call to the fire or the police department, they want to be able to know where you are. Most people agree that that's a good thing if I'm dazed from in a car accident and not sure where I am, it's great that someone can find me. But then we have to think about some of the other uses. This technology will roll out over the next five years, and constitutes a government mandated surveillance program in which everyone who wants to use a cell phone is going to have to participate. It's just another example of the technology that's being developed out there in order to watch us more. Police are going to start using this as a poor man's tracking system to watch where we go. There are a lot of possibilities for this technology beyond what's being stated.
8. If we had to pay ten cents per e-mail sent, or even five cents, then the spam problem would disappear because the spammers couldn't afford to do what they do. They're taking advantage of the fact that it's easy and cheap to send. You get into problems with spam when you start signing up for sweepstakes or situations where things are given away. Most legitimate companies tend not to give out your e-mail address. If you give it to the New York Times, for example, they'll make it fairly clear how they're going to use it. You just want to be very careful and check off all the boxes so you don't get all the extra stuff.
9. I'm a business person, and when I look at recent proposals for download systems for media files, I just don't see them flying. The media companies are clearly trying to use encryption to move away from a sales model to a leasing model. They want to get us on a gravy train that we can't get off of. When you buy a CD today, that's pretty much the end of your relationship to the music publisher. You buy the CD, you play it as much as you want, and there's nobody else there to control you. With these new systems, though, you would download the music, and the music would expire unless you kept up your subscription. In a way it's almost like they want to create a music tax system. But people want to have something they hold in their hands.
I've been involved with the case of Dmitry Sklyarov, who is a Russian
programmer who figured out a way to convert the Adobe e-book format
into PDF files. This led me to begin researching the e-book business
and the problems it has. One of the conclusions that I came up with
is that the idea of downloading a book is a) too complicated for people,
and b) not something they understood very well. To get people to start
using e-books, they have to see the advantages of them. If you put
an e-book on a 3-inch CD, then you could put it inside a physical
book. You start getting people interested in e-books by first including
them with the regular book. Trying to force consumers to download
e-books was a mistake. And the publishers also very importantly
pissed off the retail channel by saying that customers should
go directly to the downloads, bypassing the stores. This totally ignores
the fact that people like to browse bookstores, and it would have
been a great place to introduce people to e-books. It was just all
wrong the perfect example of how not to do it right.