Saturday, April 16, 2005

Security through Obscurity?

During the Cold War, the terms secrecy and security were nearly synonymous. Since then we have undergone a paradigm shift, though, driven largely by the computer revolution. In the digital age, government transparency protects us more often than secrecy.

Apparently Texas state Rep. Mark Homer, D-Paris, hasn't been receiving his subscription to Wired magazine, because on Monday the House State Affairs Committee will hear his HB 3245, that would sweepingly close all meetings related to computer security. Not only would this keep citizens with computer security expertise from contributing to state and local policymaking and administration of IT security, ACLU of Texas Cyberliberties Project Director Adina Levin says it would "kill our efforts to get computer security experts involved in scrutizing electronic voting technology -- where systems with hard-coded encryption keys got state-certified." ACLU and the Electronic Frontier Foundation had sued to open the meetings up, and
a district court judge agreed. Homer's bill would overturn their court victory.

Beyond those unhappy implications, I've got a personal dog in the fight. In 2003, I spent many long hours -- over more than half a dozen contentious meetings -- negotiating the openness provisions surrounding computer and other security in a post-9/11 environment on behalf of ACLU of Texas in HB 1191/HB 9. What we got wasn't perfect, and includes the provisions I often complain about
closing information about security cameras, but certainly it closed all the information a reasonable person might think should be kept secret about one's computer system, see the statutes here, here, here, and here.

In particular, meetings may be closed to discuss the "technical details of particular vulnerabilities," passwords and encryption keys are secret, indeed, basically every real security risk anybody ever came up with during those grueling meetings (which involved about 15 special interest lobbyists, the AG and Governor's offices, and Rep. Ray Allen's staff), so beyond that I don't know what they're protecting.

Word has it the bill may be revised, and I sure hope so. It's time to discard the idea that making government decisions behind closed doors makes us more safe.

UPDATE: Ed Felten and Adina have got more.

No comments: