[liberationtech] openness and transparency Re: Deconstructing the security risks narrative of Haystack
Zooko O'Whielacronx
zooko at zooko.com
Sat Sep 18 09:18:44 PDT 2010
Hi folks:
I've been hacking on security, decentralization, and freedom tools
either for money or for love for around 16 years now. I've been
following this discussion but not speaking up because other computer
security experts such as Jacob Appelbaum and Alec Muffet have already
said what I would have said: that the conventional wisdom in the
computer security community is Kerkhof's Principle--keeping the
security mechanism secret damages the overall security of the system.
I'm just jumping in now to point out something else: violating
Kerkhof's Principle damages not only on the technical security of the
tool itself, but also damages the community around it. It damages the
relationships between its developers, its users, developers of
alternative or complementary tools, the media, political communities
that are related to it, etc..
If Haystack had been developed in openness and transparency from the
beginning, then the mistakes and misunderstandings would long ago have
been cleared up, letting everyone learn from them, instead of
festering and leading to worse mistakes and misunderstandings.
To my ears (as one long steeped in the cultures of computer security
and of Free/Open Source software development) this observation sounds
too almost obvious to mention, but maybe it is not so obvious to
everyone.
The benefits of openness and transparency, and the dangers of secrecy
and insularity, apply to us just as well as they apply to others.
One consequence of this observation is that it is very important, in
my humble opinion, not to give the people responsible for Haystack a
break--not to refrain from blaming them just because they were
well-intentioned.
I assume that they were all well-intentioned. But it doesn't matter if
they were. Whether they were well-intentioned or self-aggrandizing,
whether they were honest or duplicitous, skilled or incompetent--none
of that is important. What is important is that other young activists
who might choose to engage in actions like this in the future hear
about the Haystack debacle and hear that the people behind it were
irresponsible when they chose the path of secrecy and insularity, thus
condemning the project to do more harm than good. This is an important
lesson for others to learn, and it isn't obvious, so we need to be
clear about teaching it.
Regards,
Zooko Wilcox-O'Hearn
More information about the liberationtech
mailing list