The basic idea is that you will better thrive by hiding information from your foes/competitors/rivals, even if this accelerates an arms race of obscurity and spying, creating a secular trend toward ever-reduced transparency.
Now, I want to talk about a special case in which my objection - still strong in principle - is softened by pragmatic arguments.
In Gaming Security through Obscurity, Dusko Pavlovic contends that you can improve system security by making it hard to find out how the system works. This concept is familiar to computer programmers: Alex Armstrong explains, "Your code can be disassembled and decompiled and in many cases, a well written program is much easier to reverse engineer. The solution generally adopted is not to write a bad program but to use "obfuscation" as a final step. That is, take a good clear program and perform a range of syntactic transformations on it to make it a mess that is so much more difficult to read and therefore to reverse engineer."
In cryptography, Kerckhoff's Principle says that a system should be secure even if everything is known about it, formulated by Claude Shannon as "The enemy knows the system." This stands in contrast to security by obscurity. (Thanks to xkcd for the cartoon!) The recent paper by Dusko Pavlovic suggests that security is a game of incomplete information and the more you can do to keep your opponent in the dark, the better.
Now there's a lot of misleading discussion, so, if you are expecting "Mr. Transparency" be all up in arms over this, you are mistaken. What is at issue here is fundamentally the question of the ZERO SUM GAME.
(First, look up the concept of zero-sum and positive sum or win-win games. It is probably the most vital idea you could possibly own in your head and being able to tell these things apart should be a pass-fail requirement for citizenship.)
Most human beings used to live pretty much zero-sum existences. If you wanted to get ahead in the world, you needed to win points by causing your enemy to lose. This applied when it came to mate-seeking, food-seeking, heck at almost any level. Tribes and societies formed in order to eke a small surplus that might go to positive-sum activities like irrigation and libraries, but the pyramid-shaped, inheritance-based oligarchies that ruled them made sure there were winners above and losers below. And when it came to human inventiveness, clever craft workers knew -- if you discover a better way to do something, keep it secret or you'll lose every advantage.
(Why do you think the Baghdad Battery, the Antikythera Device, and the wondrous steam engines of Heron all vanished, to be forgotten and lost to progress?)
The Enlightenment's core discovery was the positive-sum game... ways that democracy, markets and science can "float all boats," so that even those who aren't top-winners can still see things get better, overall, year after year -- leading to the diamond-shaped social structure we discussed in an earlier post (last week), with a vibrant and creative middle class outnumbering the poor.
This dream did not come true by emphasizing cooperation alone, though cooperation is an ingredient. Just as important is competition, nature's great locus of innovation and the driver of evolution. But it has to be regulated and carefully tuned. If competition results in a new oligarchy, you get right back to the pyramid again, with topmost cheaters restoring zero-sum thinking and squelching new competitors! And everybody loses. Look at 6000 years of history, fer gosh sakes.
Let there be no mistake. That is one of many ways that regulated competition delivers on the promise of markets and Smithian capitalism, vastly and demonstrably far better than anything that ever resembled laissez faire or Randian cannibalism festivals.
Which brings us full circle to Pavlovic's paper and the storm of simple-minded misinterpretations that are going around. As you'd expect, my initial reaction was "bullshit!" In The Transparent Society: Will Technology force us to choose between privacy and freedom? I show mountains of evidence that we're all better off in an increasingly open world. All of our positive-sum Enlightenment "arenas" -- Democracy, Markets, Science etc -- are healthy precisely in proportion to the degree that all participants know what's going on so they can make well-informed decisions and choose better products.
Even when it comes to security, we should all be aware of how the dream of Dwight Eisenhower finally came true, after Sputnik, when spy satellites flew around the globe taking pictures... and it did not trigger a third world war. Rather, Ike's "Open Skies" helped to prevent war, to calm the arms race, to save us all.
But Pavlovic is describing a specialized case. A situation in which things are already decidedly zero sum. In which your company knows that its competitors cheat. They steal IP and our Enlightenment civilization is all too often failing to do anything about it. As America and other western nations are failing miserably to protect western IP... the goose that lays the world's golden eggs.
Reciprocity has broken down and with IP no longer protected, innovators must fall back on the old ways. Concealment. Trade secrets. Squirreling away your tricks so the other guy won't get to copy them.
Overall, that is the world we're heading back toward, for a number of reasons. Because certain countries and companies are rampant intellectual property thieves. Because Western leaders won't act to stop it. Because some western mystics and idiotic "legal scholars" actually believe that IP is based on principles of palpable ownership, and thus secrecy is somehow equivalent to patent declaration, instead of its diametric opposite!
And because life is still life. Even in the context of a positive-sum civilization, you and your company may find yourselves in a zero or negative sum situation, needing to protect -- with "obscurity" -- the code tricks that you feel you have a right to benefit from.
Let there be no doubt, the prescription is a nasty and ugly one. Deliberately flood your own code with so much spurious junk that a competitor will be rendered clueless and unable to reverse engineer it? This may be an effective short term tactic, but it will also result in -- well -- junk-filled code! Harder for YOU to engineer and repair. Or to benefit from crowd-sourced improvements. Sluggish and inherently inefficient.
This is a different matter than slipping in Tattler Code... segments that reveal if a competitor stole or copied from you. Even segments that go online and tattle when the code is run! These are clever, legal, and involve transparency of a sort! A searing light of accountability that seems a lot like an immune system, at work.
I could go on. But swamped, so I'll leave it there. Except to add this:
Fight for a civilization that becomes more filled with light, wherein competition isn't cut-throat, but simply the way that people like you and me and Steve Jobs get the best out of ourselves! I push transparency as the most-frequently applicable medicine. But even more important is to stay calm, and understand what we should defend.
And defend it.
==For more, see also: Consider Copyright
and The Unlikeliness of a Zero Sum Society
My profile and collected links on xeeme.
Remember - I'll be holding an open house meet-up in New York City on Monday, October 17, at around 8:30pm at O'Reilly's, 21 W 35th St. (upstairs: byo-drinks.) An informal gathering of folks who love the future, sci fi or just lots of talk! (If you really like all those things, then check out the Singularity Summit in NYC. I'm speaking on October 16.
I'll also be the Guest of Contraflow, the New Orleans science fiction convention:November 4-6. Join us if you're in the area!