A Model for When Disclosure Helps Security
Full Title of Reference
A Model for When Disclosure Helps Security: What is Different About Computer and Network Security?
Peter P. Swire, A Model for When Disclosure Helps Security: What is Different About Computer and Network Security? (Journal on Telecommunications and High Technology Law, Vol. 2, Public Law and Legal Theory Working Paper Series No. 17, 2004). Web SSRN
Issues: Information Sharing/Disclosure
security, free software, secrecy
This Article asks the question: When does disclosure actually help security? The discussion begins with a paradox. Most experts in computer and network security are familiar with the slogan that there is no security through obscurity. The Open Source and encryption view is that revealing the details of a system will actually tend to improve security, notably due to peer review. In sharp contrast, a famous World War II slogan says loose lips sink ships. Most experts in the military and intelligence areas believe that secrecy is a critical tool for maintaining security. Both cannot be right - disclosure cannot both help and hurt security.
Using a law and economics approach to resolve the paradox, Part I provides a model for deciding when either the Open Source or the military/intelligence viewpoints is likely to be correct. Part II explains why many computer and network security problems appear different from the traditional security problems of the physical world. Part III applies the analytic tools developed earlier in the paper to issues including the following: the enlargement of the public domain in a world of search engines; the relationship between disclosure and deterrence; the importance of not disclosing passwords or the combination to a safe.
Additional Notes and Highlights
* Outline key points of interest