My blog post on Monday about privacy and DRM was read by some as suggesting that we abandon any and all notions of privacy over night. That was not the point I was trying to make so let me try again, this time with an analogy. We secure our homes by closing and (generally) locking the front door. That serves as a demarcation and keeps out a completely opportunistic thief. It does not, however, prevent anybody even remotely determined from entering. For that we rely on some combination of social norms and laws together with law enforcement. It hasn’t always been that way. There was a time when people tried to protect their belongings by building castles and fortresses. Obviously this was an expensive strategy and only accessible to those few living behind the walls. It also turned out to be a futile strategy as far back as the city of Troy.

So when it comes to privacy and encryption I feel much the same way. Of course our bank balances or medical records shouldn’t be public web pages by default and we should use authentication and something like SSL when we interact with those pages to prevent the casual sniffer from observing them, but beyond that the benefits from applying more crypto diminish incredibly rapidly. For instance, should the bank encrypt their disks? Maybe, but will that block someone who is carrying out a focused attack from the inside? Unlikely. The same goes for medical records. Search queries. And so on. There will be more leaks of more data in the future because ultimately none of these systems can be secured perfectly (among other things against Trojans).

From an overall perspective then (and using a heuristic for prioritization that I wrote about just last week), we should not be applying our talents to ever more clever encryption schemes where we face dramatically diminishing returns. Instead, we should be working on laws and social norms. First and foremost among those right now should be that the government cannot conduct any secret broad scale surveillance. Second we should expand any non-discrimination provisions that we have to explicitly include known medical conditions. There is a lot more and it will provide great subject matter for many posts to come.

My blog post on Monday about privacy and DRM was read by some as suggesting that we abandon any and all notions of privacy over night. That was not the point I was trying to make so let me try again, this time with an analogy. We secure our homes by closing and (generally) locking the front door. That serves as a demarcation and keeps out a completely opportunistic thief. It does not, however, prevent anybody even remotely determined from entering. For that we rely on some combination of social norms and laws together with law enforcement. It hasn’t always been that way. There was a time when people tried to protect their belongings by building castles and fortresses. Obviously this was an expensive strategy and only accessible to those few living behind the walls. It also turned out to be a futile strategy as far back as the city of Troy.

So when it comes to privacy and encryption I feel much the same way. Of course our bank balances or medical records shouldn’t be public web pages by default and we should use authentication and something like SSL when we interact with those pages to prevent the casual sniffer from observing them, but beyond that the benefits from applying more crypto diminish incredibly rapidly. For instance, should the bank encrypt their disks? Maybe, but will that block someone who is carrying out a focused attack from the inside? Unlikely. The same goes for medical records. Search queries. And so on. There will be more leaks of more data in the future because ultimately none of these systems can be secured perfectly (among other things against Trojans).

From an overall perspective then (and using a heuristic for prioritization that I wrote about just last week), we should not be applying our talents to ever more clever encryption schemes where we face dramatically diminishing returns. Instead, we should be working on laws and social norms. First and foremost among those right now should be that the government cannot conduct any secret broad scale surveillance. Second we should expand any non-discrimination provisions that we have to explicitly include known medical conditions. There is a lot more and it will provide great subject matter for many posts to come.