encrypted tapes (was Re: Papers about "Algorithm hiding" ?)

Perry E. Metzger perry at piermont.com
Tue Jun 7 19:48:22 EDT 2005 

Ian G <iang at systemics.com> writes:
> No it's not rocket science - it's economic science.
> It makes no difference in whether the business is
> small or large - it is simply a question of costs.  If
> it costs money to do it then it has to deliver a
> reward.
>
> In the case of the backup tapes there was no reward
> to be enjoyed.  So they could never justify encrypting
> them if it were to cost any money.

That's a pretty weird view on several levels.

1) There is a substantial reward in not having one's client data
   compromised.
2) The cost in question is so small as to be unmeasurable.

You keep speaking, Ian, about economic tradeoffs, as though there were
a cost/benefit analysis at work here. 

The truth is, the likely reason no one encrypted the data on the tapes
in transit was because no one thought to do it, or they were too lazy
to bother to make even the simplest effort, or both.

I don't disagree that security often involves cost benefit
tradeoffs. Do you have a human watch a security camera in real time,
or simply record its output? Do you permit external access on people's
own computers, or force them to use vetted devices for external access
that they cannot reconfigure? Do you run Windows on the DMZ
application server because it is easier, or a much more secure OS that
does not have as rich an application set?

Those are complicated situations with real tradeoffs. There is lots of
debate you can have about them. They're not trivial situations.

However, you keep mentioning completely *bogus* tradeoffs. Your
constant stream of comments to the effect that "security is a cost
benefit tradeoff" with respect to things like using SSL or encrypting
tapes or what have you would make some sense if there were, in fact,
measurable cost involved, or of the benefits were distant and
intangible.

The benefits, however, are very obvious and large, and the cost is as
close to nil as anything gets in business.

I understand the point you keep making, but it is not an interesting
point, and not even close to correct so far as I can tell.

> Now consider what happens when we change the
> cost structure of crypto such that it is easier to do it
> than not.  This is a *hypothetical* discussion of course.
>
> Take tar(1) and change it such that every archive is
> created as an encrypted archive to many public keys.
> Remove the mode where it puts the data in the clear.

Oh, good. Then I can't use tar for most of the purposes I use it for
day to day, and all so I can avoid having to put one more command in
the pipeline. No thank you.

You want to understand the real problem in security? It isn't your
constant mythical attention to "cost". It is human stupidity.

Have a look, for example, at 

http://www.americanexpress.com/

which encourages users to type in their credentials, in the clear,
into a form that came from lord knows where and sends the information
lord knows where. Spoof the site, and who would notice?

Every company should be telling its users never to type in their
credentials on a web page downloaded in the clear, but American
Express and lots of other companies train their users to get raped,
and why do they do it? Not because they made some high level decision
to screw their users. Not because they can't afford to do things
right. It happens because some idiot web designer thought it was a
nice look, and their security people are too ignorant or too powerless
to stop it, that's why.

It has nothing to do with cost. The largest non-bank card issuer in
the world can pay for the fifteen minutes of time it would take to fix
it by putting the login on a separate SSL protected page. It has
nothing to do with "ease of use" or tools that default "safe". The
problem is that they don't know there is anything to fix at a level
of the firm that is capable of taking the decision to fix it.

Security these days is usually bad not because good security is
expensive, or because it is particularly hard. It is bad because even
people at giant multinational corporations with enough budget to spare
are too dumb to implement it.

We don't need more encryption algorithms, or replacements for SSL, or
fascinating new tools. What we need is more common sense.

No amount of new, user friendly, defaults-to-safe tools will prevent
American Express, Citibank or anyone else from doing something
idiotically dumb.

In case you think the answer is regulation, by the way, let me note
that most of the regulatory pressure I've seen on security policy
results in people finding extremely well documented ways to do exactly
what the regulators ask, to no actual effect. This is generally
because the regulators are almost uniformly as dumb or dumber than the
people they regulate.

The only thing that will fix this having enough people get so badly
burned that CEOs start taking heads when people do dumb things. I
imagine it can't be too many more years before that becomes the case.

Perry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list