Privacy optimize

The difference between secrecy and privacy as security concepts

WikiLeaks is not the danger to national security that many people think it is. It is merely the superficial manifestation of the real danger: the naive belief that secrecy is security.

The future is already here -- it's just not very evenly distributed.

- William Gibson

As the future we can sense creeping up on us approaches, some of it much faster than we expect and some frustratingly much more slowly, some uncomfortable likelihoods come to light. They are not uncomfortable for everyone, but for some, they are intensely disturbing. Many of those people are in denial about the inevitability of the future. These are the people whose conception of "security" is rapidly becoming obsolete. They are also, however, some of the most influential people in the world.

Much of this conflict between people who want to hold on to old ideas of security and a future that will push their concerns aside with irresistible indifference is centered around the difference between privacy and secrecy. As becomes increasingly obvious with the passage of time, and with the advancement of digital communication (and thus copying) technologies, privacy is security, and secrecy is not.

The essential difference between secrecy and privacy as security concepts is that secrecy attempts to hide information that can be gleaned through simple observation and analysis from others, while privacy attempts to keep communications between people from being intercepted. The two are easily conflated at times because the security technologies of privacy -- including access control, encryption, and verification -- are the very technologies employed in the pursuit of secrecy. Because of the fundamental inefficiencies of secrecy, however, such technologies are constantly subject to failure, and that failure often has nothing to do with the technologies used.

An excellent example of this truth in action is the WikiLeaks scandals of recent months. In particular, so-called Cablegate demonstrates a dramatic failure of the security policies of secrecy, though not a failure that should be surprising to anyone who understands basic principles of security. The upshot is that one person in the middle of one of the largest secrecy operations in the history of the world, the US government, managed to leak more than 250 thousand embassy cables to a website whose sole effective purpose is to publicly display information people try to keep secret. It is not the only site that does this. There is, in essence, an entire industry growing around this concept, encouraging whistleblowers of just about any stripe to smuggle secret data into the public awareness.

Perhaps the most amazing thing about all this noise over the matter is that WikiLeaks is such a vulnerable, unreliable avenue for distributing such leaks. The US government's campaign targeting WikiLeaks in an attempt to shut it down does not only betray the culture of secrecy in government to the public at large, undermining any claims to value transparency; it also showcases the simple fact that government officials just do not get it. WikiLeaks is not the cause of the "problem" for secretive government officials. It is merely a superficial indicator of much deeper problems -- of a deeply flawed security model.

That security model maintains long-term storage of private communications, presumably for accountability purposes. It attempts to maintain the secrecy of these archives -- not their privacy. The need for a means of ensuring accountability requires that people have access to the stored data, but the desire for secrecy requires prohibiting such access. A basic conflict of goals arises, and secrecy is the goal that loses out because secrecy (as opposed to privacy) is essentially untenable. The same thing happens as when DRM is cracked, because of the conflicting goals of giving people access to protected content in a convenient manner while preventing them from accessing the protected content in the manner of their choosing.

Phase Leap writer/editor Marcelo Rinesi points out the ultimate absurdity of obsessing over the "danger" to secrecy represented by WikiLeaks in a provocative short essay, The Backwardness of WikiLeaks:

I suspect their underlying mental model is that of TV stations or printing presses, which can be taken over or destroyed when needed. Very few in politics or media seem the understand that unlike tv sets and tv transmitters, all networked computers are essentially the same. Private citizens might not be able to quickly replace a shelled TV station, or Google’s search infrastructure for that matter, but a cheap smartphone is perfectly capable of storing and distributing gigabytes of sensitive information.

The implications of this state of affairs are profound. We carry in our pockets the tools of mass distribution, with an ease and cheapness never known in history. It is difficult to imagine a greater ease of distribution on this world than what technology already provides us, short of what is today the utterly fantastical: species-wide mass telephathy.

In case the implications have not yet fully hit home, though, consider this statement from Rinesi's next paragraph:

The only thing that WikiLeaks provided, their unique value, lies on their well-earned ability to gather the attention of politicians and the press. The documents might have just as easily been given to, say, 4chan, who more likely than not would have proven to be even more resilient to government pressure than WikiLeaks. Or, for probably far less than the cost of hosting WikiLeaks traditionally, a botnet could have been rented to literally spam people with fragments of the documents.

Just as with the matter of copyright enforcement, the systemic failures of secrecy in government are being band-aided by short-sighted legalisms. In the case of the major copyright-based industries, the modern era of legislative secrecy began in the United States with the passage of the DMCA in the final hours of the Clinton administration. Such legalities have been used to return copyright law more forcefully to its roots in seventeenth century England as a system of censorship, as in cases where DMCA takedown notices are sent to sites where people have published the content of emails sent to them by rapacious corporations who do not want mistreated customers telling others about their experiences in dealing with said corporations.

More frightening for those of us who value the accessibility of modern communication technologies is the noises that have been made in Congress of late regarding an Internet "kill switch" (Editor's Note: See Egypt). Such a capability, assuming it is effective, would represent the single most powerful tool of censorship this country has ever known.

Even this would not be a terribly effective protector of secrecy, however. While the ease of speedy widespread distribution of any data would be greatly diminished by an Internet "kill switch", it would by no means be eliminated. Pocket-sized devices capable of storing gigabytes of data via wireless networking technologies will see to that. Even if decades of computing technologies could be erased, physical distribution of hardcopies of "secret" data would still be possible. Privacy can sometimes be effectively perfect, but secrecy is never effectively perfect once one can no longer account for the motives, security practices, and privacy technology utilization of every single individual who has access to the data. In short, once distribution is widespread enough within a context such as a government, a corporation, or an economic market, the game is over; secrecy simply is not a reasonable expectation.

The key to maintaining security under these conditions is to reorient one's perspective on security. Protect the right things -- privacy, for instance -- and you can maintain reasonable security. Protect the wrong things, like secrecy, and you are doomed before you begin. The shelf life of a secret, especially in large organizations, is increasingly minuscule, and effectively limited only by the quickness with which modern technology can be leveraged to distribute such secrets beyond the set of people authorized to access those secrets.

WikiLeaks is an advertisement for transparency, a gigantic billboard whose message is written in six foot tall bold-face block letters. It is telling us not only that transparency is good for the people, but that it is good for security -- because any data that cannot withstand public scrutiny in broad daylight cannot be effectively kept secret. Once it moves beyond the realm of privacy, such data is in severe danger of becoming transparent to the world, whether you like it or not.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

17 comments
Lazarus439
Lazarus439

There is a fundamental flaw in your argument. Despite what some idealists, including yourself, seem to think, a government cannot function without some secrecy. You take as an axiom that people need to have, and are entitled to, privacy and I agree completely. Presumably you keep private your thoughts about your boss's competence, or lack thereof (particularly the latter) or what you really think your friend's new car, new dress/suit, etc. to name a couple of relatively trivial examples. Secrets are a governments thoughts. The confidential cables that appeared on Wiki Leaks that provided the assessments by the State Departments staff in Egypt, for example, are no different to the government than your opinion of your boss, except it MUST be communicated from the people on scene to the people in Washington who need it to help determine how the country will deal with Egypt. Without argument, this makes is harder to keep the governmental thoughts private, but it must be done. Governments, regardless of whether they are elected or not, are comprised of people. If we want to reach a trade agreement with China or a nuclear arms treaty with Russia, it is not helpful for it to be publically known that the US regards the Chinese Premier as a doddering old fool or the Russian President as an egotistical megalomaniac. Whether either is actually regarded as such is beside the point. If it becomes publically known that the US thinks so, getting the agreements not just negotiated but actually approved by the respective people is a lot less easy. The Chinese Premier, the Russian President, or your boss, may know exactly what we think of them, but having it publically broadcast does not enhance relations with them. There is another aspect to government secrets: what does the government actually think is true? As do we, the Russians, and the Soviets before them, have professional military journals that discuss all manner of military topics. These journals are open source not classified though you probably wont find them on the magazine rack at the drug store. Some of the material in them reflects reality and some of it reflects wishful thinking or ideas on how something could be done better. However, while this is all open source material, how the government regards it, fact or fancy, can be critical. Countries develop capabilities and strategies based, in part, on what they think their likely opponents will be able to do. One doesnt, for example, need anti tank weapons if one doesnt think the likely opponent has any tanks. However, if that opponent figures this out, tanks might move to the top of the shopping list. Tom Chancy is reputed to have been subject to some federal investigations after his first book or two, because there was a lot of material in them that also lived in Top Secret and above files. He cleared himself by showing that there were open, albeit obscure, source references for all of it. What made it secret is that the US considered that information fact, not fancy, and had, so to speak ordered tanks. Frankly, I dont know whether this is true or not, but it is illustrative. Is there stupid secrecy? Of course, there is. However, some secrecy is as vital to a government's successful functioning as your privacy is to yours.

rdtraversi
rdtraversi

Arguing over whether either privacy or secrecy is prefered over the other is irrelevant and a waste. How about we condense this to your statement "... In short, once distribution is widespread enough within a context such as a government, a corporation, or an economic market, the game is over; secrecy simply is not a reasonable expectation. ..." I also think the comments about transparency and the so-called internet kill switch are misplaced. Transparency has to do with responsibility and accountability, secrecy has to do with something else entirely. Sometimes that thing is "security". Think of it in terms of the difference behind the minute technical details of building the atomic bomb (kept secret during the war for national security) versus the responsibility and accountability for dropping it on Japan. Every reference I have seen to an "internet kill switch" is in terms of attempting to isolate critical infrastructure from attack vectors, not stopping the communications of individuals.

AnsuGisalas
AnsuGisalas

breeds bad habits. Trusting in secrecy leads to poor security in many ways. If the vault can only be accessed by the authorized (if they have the code, they must be authorized, right?) then there's no point in organizing the contents of the vault in such a way as to inconvenience an intruder. After all, there won't be any intruders, will there? And there will be no reason to establish procedures to track the actions of the of the ones who get into the vault, either. After all, they must be trustworthy if they got the code, right? Privacy seems to me to be an entirely different kind of beast... what is privacy? Not having someone be able to track one's every move? It's confounding. But it clearly is not the same as secrecy, which is far easier to define.

lshanahan
lshanahan

"Such legalities have been used to return copyright law more forcefully to its roots in eighteenth century England as a system of censorship." This statment is factually not true. The first copyright law historically was the Statute of Anne, which specifically gave authors the right of reproduction of their works, taking it away from government-sponsored institutions such as the Privy council and the Stationer's Company. It was this Statute that formed the basis for copyright law as written in Section 8 of the Constitution. To state otherwise is either appalling ignorance of history or an utter misrepresentation of fact.

l_e_cox
l_e_cox

As a Scientologist and follower of alternative media, I have a bit of an odd-ball take on this whole subject. Here's an example of something you expect to be private: a love letter. Here's an example of something you expect to stay secret: your passwords. The intentions are different. You want to be private in your own thoughts and personal actions, including actions that might be a little embarrassing. You want to keep secret things that could be used by rivals or criminals to harm or destroy some aspect of your life. It is possible to violate both privacy and secrecy, and rivals and criminals will attempt to do both to find ways to undermine you or your activities, or simply to enrich themselves (so they think). Criminals, by the way, thrive on secrecy in their own operations. So: are the technologies we use to maintain privacy and secrecy the ultimate target of any search for greater security? No. The ultimate target is the problem of criminal intent. Many feel that this is something we just have to "live with." But that is an apathetic approach which the criminals very much hope all will continue to pursue! What is the only way to totally depower criminals? Deprive them of their secrecy! You want a totally secure society? Eliminate all forms of secrecy. To me, the logic of this is pretty obvious. The problem shifts, then, to the real heart of the matter: intention. To be secure, you need a society (or more generally, a game) run by honest, decent people who intend to play by the rules and will act to expose and debar anyone who refuses to act honestly and decently at all times. Utopia? Maybe. But we DO have technologies that could accomplish this. If we do NOT take this route, we have the alternative: a continued technology war between honest and criminal elements in society. Each side will attempt to find a technology that gives them an advantage. And right now the criminals are leading in this. Why? Because they have us totally convinced that even THEY have a right to privacy and secrecy. Therefore, they can secretly use technologies that act to undermine secrecy! Though their logic is obviously flawed, their tactics have been sufficiently workable so that they have become brazen enough to attack the most powerful country in the world - the US. Because of my interests I am aware of and believe in the existence of purely spiritual, as well as "psychotronic" technologies, that make traditional ideas of secrecy and privacy a total joke. We are talking about mind reading, remote viewing, etc. Because these technologies definitely exist and are in use, I believe I am justified in stating, as I did above, that ultimate security depends on total openness. It would be a very different game, but I think ultimately a better one.

bboyd
bboyd

Secrecy 1. The quality or condition of being secret or hidden; concealment. 2. The ability or habit of keeping secrets; closeness. Secret 1. Something kept hidden from others or known only to oneself or to a few. 2. Something that remains beyond understanding or explanation; a mystery. 3. A method or formula on which success is based: The secret of this dish is in the sauce. Privacy. a. The quality or condition of being secluded from the presence or view of others. b. The state of being free from unsanctioned intrusion: a person's right to privacy. 2. The state of being concealed; secrecy. i'd say they are entangled to the point that most understandings are easily defined wrong. Secrets are critical to security. The "Key" must be kept secret, a good system can be known. Using a good system with a secret key one can hold a private conversation.

Professor8
Professor8

Privacy, security and secrecy are different, but connected. You can't have security without both privacy and secrecy. But, as you note, some privacy haters store information for the sake of what they consider to be "security". Of course, as soon as those stored bits are hacked or released or sold or simply abused by those who stored them, a great deal of security is lost; as a matter of fact, simply capturing and storing that info is a violation of security and privacy of others. Any use for any other purpose is a violation of privacy. Any retention beyond the time explicitly and freely granted is a violation of privacy.

apotheon
apotheon

The article's intended reference was not to the Statute of Anne, but to the Licensing of the Press Act of 1662, as bblackmoore pointed out. The reference to the eighteenth century was an error.

bblackmoor
bblackmoor

Perhaps the author thinks that the copyright laws of the past 20 years have their roots in the use of the copyright laws which predated the Statute of Anne. For example, the monopoly on printing granted to the Stationers' Company through the Licensing Act 1662 (which is the 17th, not 18th, century -- so I suppose that fact is in error). To state that the first copyright law is the Statute of Anne (passed almost 50 years later) is either appalling ignorance of history or an utter misrepresentation of fact.

oldbaritone
oldbaritone

Much discussion has been made of keeping the key secret, but if one has access to both the encrypted and decrypted versions of "secrets", it becomes much easier to crack the encryption system. Not only the keys, but the unencrypted data itself must be protected. What's the point of creating high-security passwords that you can't remember, then writing them on a sticky note and putting it on your screen or in your top desk drawer? Sure, it's a great password according to security standards, but since the only way to remember it is to write it down, it's self-defeating. The "Red side" referred to the unencrypted version of the data stream - the encryption gear was just a box, a stream and a key went in, and another stream came out. The big concerns were to protect the keys and the "red side". If several passwords are stored in an encrypted "locker" and a hacker has one or two of the passwords from a sticky note, the amount of work to crack the decryption key is reduced significantly, because the first character solution identifies correct possibilities and incorrect/incomplete attempts may be identified and discarded immediately because the solution is known. Anyone who took math in college probably did the same thing - don't just work the problem from the top; start at both ends and work toward the middle, it's much easier when you know the solution in advance. And many, many security systems are compromised by sticky notes - the "Red side."

santeewelding
santeewelding

And shove it. You assume the nature of both without benefit of either credible insight or established evidentiary process. Makes you a danger to all. _________ Am I the only freaking poster on this planet who gets his heading garbled? Worked with quotes the first time. Didn't work when I changed "and" to "with". Conspiracy theorists, unite.

apotheon
apotheon

> The "Key" must be kept secret No -- the key must be kept private. Secrecy involves a limit on what others may do; privacy involves care in what you do. When you start storing stuff in databases with distribution lists for it, the "you" in that sentence includes a great many people no longer under your control, and you are now practicing secrecy (by trying to keep others from giving up your information), rather than merely practicing privacy (by taking care in how you handle the information). Of course, the definitions of these terms are context-sensitive. Consider them in the context of security policy.

apotheon
apotheon

In general, I agree with what you say here, but I have one problem with it: > You can't have security without both privacy and secrecy. So you say, but you offer no argument or evidence. Why can't you have security without "secrecy"?

apotheon
apotheon

When typing the article, I made the mistake of drawing the era from memory, and entered "eighteenth" when it should have said "seventeenth". I have edited the article to reflect the correct century. Thank you for pointing out my error.

bboyd
bboyd

Conspiracy theorists are fundamentally a unity of zero elements. Besides most of the so called conspiracy theorists are part of the conspiracy themselves. (to make a profit from bogus information) They would hate your credible insight and established evidentiary process.

AnsuGisalas
AnsuGisalas

"Why y'all should be blasted into space - We have the technology, you know" -Lose the quotes, they're bubonic. Amputate and cauterize - no helping it for now.

santeewelding
santeewelding

That last of yours was a pretty decent, albeit quick, treatment of privacy, secrecy, and security. I was looking -- excuse me, trolling for it -- in the original piece. The simplicity of the notion was missing; left unsaid. You would be well-advised to more thoroughly develop the notion in a separate piece all its own, and in a separate place, like the Water Closet. The notion of personal responsibility and control has nothing whatever to do with IT, and has no place in Discussions, or so has been intimated to this troll.