Computer Systems Laboratory Colloquium

4:15PM, Wednesday, April 13, 2005
HP Auditorium, Gates Computer Science Building B01
http://ee380.stanford.edu

A Model for When Disclosure Helps Security
What is Different About Computer and Network Security?

Peter Swire
Moritz College of Law, Ohio State University
About the talk:

The full paper can be downloaded at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=531782 ;click on the download button at the bottom of the page.

This Article asks the question: When does disclosure actually help security? The discussion begins with a paradox. Most experts in computer and network security are familiar with the slogan that there is no security through obscurity. The Open Source and encryption view is that revealing the details of a system will actually tend to improve security, notably due to peer review. In sharp contrast, a famous World War II slogan says loose lips sink ships. Most experts in the military and intelligence areas believe that secrecy is a critical tool for maintaining security. Both cannot be right - disclosure cannot both help and hurt security.

Using a law and economics approach to resolve the paradox, Part I provides a model for deciding when either the Open Source or the military/intelligence viewpoints is likely to be correct. The model analyzes the costs and benefits of disclosure for both attackers and defenders. The model also sheds light on when disclosure is likely to provide net benefits in two other important cases: information sharing (such as between the FBI and the CIA) and the public domain.

Part II explains why many computer and network security problems appear different from the traditional security problems of the physical world. The analysis focuses on the nature of the first-time attack or the degree of what the paper calls uniqueness in the defense. Many defensive tricks, including secrecy, are more effective the first time there is an attack on a physical base or computer system. Secrecy is far less effective, however, if the attackers can probe the defenses repeatedly and learn from those probes. It turns out that many of the key areas of computer security involve circumstances where there can be repeated, low-cost attacks. For instance, firewalls, mass-market software, and encryption algorithms all can be attacked repeatedly by hackers. Under such circumstances, a strategy of secrecy - of security through obscurity - is less likely to be effective than for the military case.

Part III applies the analytic tools developed earlier in the paper to issues including the following: the enlargement of the public domain in a world of search engines; the relationship between disclosure and deterrence; the importance of not disclosing passwords or the combination to a safe; why secrecy in surveillance may improve security (while also threatening other important values); and variables that affect when Open Source or proprietary software may provide better security. Part III also explains how the academic literature on the Efficient Capital Markets Hypothesis can illuminate important issues in computer and network security.

In short, this Article provides the first systematic explanation of how to decide when disclosure improves security, both for physical- and cyber-security settings.

About the speaker:

Peter P. Swire is now Professor of Law and John Glenn Scholar of Public Policy Research at the Moritz College of Law of the Ohio State University. He lives in the Washington, D.C. area, teaches in Ohio during the fall semester, and is Director of the law school's Washington, D.C. summer program. He serves as a consultant to the law firm of Morrison & Foerster LLP.

From 1999 until January, 2001 Professor Swire served as the Clinton Administration's Chief Counselor for Privacy, in the U.S. Office of Management and Budget. In that position, he coordinated Administration policy on the use of personal information in the public and private sectors. He was White House coordinator for the proposed and final HIPAA medical privacy rules, and played a leading role on topics including financial privacy, Internet privacy, encryption, public records and privacy, e-commerce policy, and computer security and privacy.

Professor Swire co-authored the book None of Your Business: World Data Flows, Electronic Commerce, and the European Privacy Directive, which was published by Brookings in 1998. He has published extensively and is quoted frequently in the national and international press. Many of his writings appear at www.peterswire.net. With Lawrence Lessig, he serves as Editor of the Cyberspace Law Abstracts of the Social Science Research Network.

Professor Swire graduated summa cum laude from Princeton University and in law school was a Senior Editor of the Yale Law Journal. He received a Rotary Fellowship to study European Community Law in Brussels in 1981-82 and clerked for Judge Ralph K. Winter, Jr., of the Second Circuit. He practiced in the Washington office of Powell, Goldstein, Frazer & Murphy from 1986 to 1990 before entering law teaching.

Contact information:

Peter Swire
8520 Howell Road
Bethesda MD 20817

(240) 994-4142

peter@peterswire.net