Monday, 29 November, 2004
I often read Bruce Schneier blog but today's entry is of particular interest. He talks about the recent publicity surrounding the Google Desktop Search (GDS) regarding the fact that it's meant to invade privacy. Schneier points out that it is not the Google's fault that it invades privacy - all it does is index information that's already freely accessible on a computers hard-drive - it's the fault of third-party software that's written sloppily and consequentially doesn't destroy sensative information properly.
It's a potent point he makes. In fact, in the cold harsh reality of the world he's only really just scratched the surface of the problem. It is very difficult to keep a secret on a PC connected to the internet. The man in the street who doesn't have the ability to configure his PC correctly would do better to assume he has no privacy at all when he uses his computer on the internet.
Just by browsing the web using Internet Explorer or by engaging in downloading files from Kazaa or other similiar services you will contract so much spyware that expressing concern over something as innocent as GDS looks a little silly. It's a story I saw repeated time and time against in my former job. A colleague would bring in their PC complaining that it'd got sluggish. We'd remove all the viruses, spyware and adware. We'd install a virus checker, firewall and Spybot Search & Destroy and send the poor box on it's merry way, only to see it return having given up the ghost four months later.
Computers are complex and all that complexity makes robust security practically impossible. Almost all computer security is brittle, by brittle I mean that it only takes a single failure (or two at most) to bring the whole security "house of cards" crashing to the ground. In other areas where we've met complexity in computer science we've had much better success. For example, We've developed object orientated languages that allow us to disect a complex problem into various mini problems that can solve much easier than trying to solve the whole problem in one go. If we do this dissection properly we can expect the whole thing to work when we put it together.
The problem is that with security this just doesn't work that way. You can take two secure pieces of code stick them together and end up with something insecure. Because of this inability to modularise the security you must consider the whole system in full which is why complexity is the nemesis of security.
The Economist made the point that computers are too complex and all that complexity needs to "disappear". Unfortunately while this might be good from a usability stand-point it's horrible from a security stand-point. By hiding complexity we always makes the innards more complex and therefore less secure. In one of his rants, Schneier once made the point that it seems easier to get a drink of water from the tap than to go to a well at the bottom of the garden but that's only possible because of the complex water purifcation and transportation infrastructure we've developed. From a security stand-point ask yourself how much easier is it put poison in this system than it would be to poison a set of isolate wells? Similarly, we have a centralised and complex air transportation system yet we're all less secure as a result. A team of thirty men could not have killed four thousand people as swiftly as they did on September the 11th if they'd tried it a hundred years ago.
In conclusion, I'd say that the computer privacy issues are a symptom of a much wider problem. Privacy has been under attack for the last hundred years and slowly but surely it's eroding away. Is this a bad thing though? Sometimes people trade-off their privacy for a bit of convenience. I often talk about private matters using an instant messenger program which typically utilises an unencrypted connection. Sure, I could armor the connection with some kind of encryption but what's the point? After all, the likelihood is many of friend are recording (unencrypted) logs of the chat sessions I have with them. They might even swap them with each other. Despite these privacy concerns I like the fact that I can talk to them more readily and discuss something important without having to go through the hastle of meeting up in person. To me, changing to an encrypted system delivers no real benefit. However, in contrast, doing online banking without some kind of strong authentication is unthinkable and bordering on the insane.
The key point is that if a trade-off is to be made people should be aware they're making it and this is a serious problem with todays problem of widespread spyware infestations. The end-user typically has no idea that their privacy is making someone else a quick profit. If GDS makes an end user wake up to the fact that all that private data is sitting on their disk they might approach the security of the PC a little more thoughtfully. Power to them I say.
Simon.