Sunday, October 09, 2011

People Who Don't "Get" Transparency or Positive Sum Games


A recent research paper resurrects the idea of "security by obscurity." A notion I've been fighting for decades. (e.g. in The Transparent Society: Will Technology force us to choose between privacy and freedom?).

 The basic idea is that you will better thrive by hiding information from your foes/competitors/rivals, even if this accelerates an arms race of obscurity and spying, creating a secular trend toward ever-reduced transparency.

Now, I want to talk about a special case in which my objection - still strong in principle - is softened by pragmatic arguments.

In Gaming Security through Obscurity, Dusko Pavlovic contends that you can improve system security by making it hard to find out how the system works. This concept is familiar to computer programmers:  Alex Armstrong explains, "Your code can be disassembled and decompiled and in many cases, a well written program is much easier to reverse engineer. The solution generally adopted is not to write a bad program but to use "obfuscation" as a final step. That is, take a good clear program and perform a range of syntactic transformations on it to make it a mess that is so much more difficult to read and therefore to reverse engineer."


In cryptography, Kerckhoff's Principle says that a system should be secure even if everything is known about it, formulated by Claude Shannon as "The enemy knows the system."  This stands in contrast to  security by obscurity. (Thanks to xkcd for the cartoon!) The recent paper by Dusko Pavlovic suggests that security is a game of incomplete information and the more you can do to keep your opponent in the dark, the better.

Now there's a lot of misleading discussion, so, if you are expecting "Mr. Transparency" be all up in arms over this, you are mistaken.  What is at issue here is fundamentally the question of the ZERO SUM GAME.

(First, look up the concept of zero-sum and positive sum or win-win games.  It is probably the most vital idea you could possibly own in your head and being able to tell these things apart should be a pass-fail requirement for citizenship.)

UnlikelinessPositiveSumSocietyMost human beings used to live pretty much zero-sum existences. If you wanted to get ahead in the world, you needed to win points by causing your enemy to lose. This applied when it came to mate-seeking, food-seeking, heck at almost any level. Tribes and societies formed in order to eke a small surplus that might go to positive-sum activities like irrigation and libraries, but the pyramid-shaped, inheritance-based oligarchies that ruled them made sure there were winners above and losers below. And when it came to human inventiveness, clever craft workers knew -- if you discover a better way to do something, keep it secret or you'll lose every advantage.

(Why do you think the Baghdad Battery, the Antikythera Device, and the wondrous steam engines of Heron all vanished, to be forgotten and lost to progress?)

The Enlightenment's core discovery was the positive-sum game... ways that democracy, markets and science can "float all boats," so that even those who aren't top-winners can still see things get better, overall, year after year -- leading to the diamond-shaped social structure we discussed in an earlier post (last week), with a vibrant and creative middle class outnumbering the poor.

This dream did not come true by emphasizing cooperation alone, though cooperation is an ingredient.  Just as important is competition, nature's great locus of innovation and the driver of evolution. But it has to be regulated and carefully tuned. If competition results in a new oligarchy, you get right back to the pyramid again, with topmost cheaters restoring zero-sum thinking and squelching new competitors! And everybody loses.  Look at 6000 years of history, fer gosh sakes.

One of the most ingenious "regulations" -- supported by Adam Smith and Ben Franklin etc, -- was the notion of intellectual property or IP.  Patents and copyrights were never intended to mean "I own that idea!"  That is absurd mystical crap. No, intellectual property was born entirely as a pragmatic tweak, offering creative people a subsidy in order to draw them into openly sharing their discoveries... so that others might use and improve them and we get the virtuous cycle of positive-sum improvements, ever-accelerating knowledge, skill and wealth.

Let there be no mistake. That is one of many ways that regulated competition delivers on the promise of markets and Smithian capitalism, vastly and demonstrably far better than anything that ever resembled laissez faire or Randian cannibalism festivals.

Which brings us full circle to Pavlovic's paper and the storm of simple-minded misinterpretations that are going around.  As you'd expect, my initial reaction was "bullshit!" In The Transparent Society: Will Technology force us to choose between privacy and freedom? I show mountains of evidence that we're all better off in an increasingly open world. All of our positive-sum Enlightenment "arenas" -- Democracy, Markets, Science etc -- are healthy precisely in proportion to the degree that all participants know what's going on so they can make well-informed decisions and choose better products.

Even when it comes to security, we should all be aware of how the dream of Dwight Eisenhower finally came true, after Sputnik, when spy satellites flew around the globe taking pictures... and it did not trigger a third world war.  Rather, Ike's "Open Skies" helped to prevent war, to calm the arms race, to save us all.

Yet, I willingly accept the validity of Pavlovic's paper, in the limited context that he chooses. True, a positive sum game is nearly always better than a zero sum... or a sick negative sum game. And true security will only really happen for us all when the world is so awash in light that thieves and oppressors generally get caught and deterrence reigns. Transparency isn't a naive, utopian dream. It is empowerment of all, so that reciprocal accountability keeps the cycles virtuous. It is the Enlightenment's core.

But Pavlovic is describing a specialized case.  A situation in which things are already decidedly zero sum. In which your company knows that its competitors cheat. They steal IP and our Enlightenment civilization is all too often failing to do anything about it. As America and other western nations are failing miserably to protect western IP... the goose that lays the world's golden eggs.

Reciprocity has broken down and with IP no longer protected, innovators must fall back on the old ways. Concealment. Trade secrets. Squirreling away your tricks so the other guy won't get to copy them.

ConsiderCopyrightOverall, that is the world we're heading back toward, for a number of reasons.  Because certain countries and companies are rampant intellectual property thieves. Because Western leaders won't act to stop it. Because some western mystics and idiotic "legal scholars" actually believe that IP is based on principles of palpable ownership, and thus secrecy is somehow equivalent to patent declaration, instead of its diametric opposite!

And because life is still life. Even in the context of a positive-sum civilization, you and your company may find yourselves in a zero or negative sum situation, needing to protect -- with "obscurity" -- the code tricks that you feel you have a right to benefit from.

Let there be no doubt, the prescription is a nasty and ugly one. Deliberately flood your own code with so much spurious junk that a competitor will be rendered clueless and unable to reverse engineer it? This may be an effective short term tactic, but it will also result in -- well -- junk-filled code!  Harder for YOU to engineer and repair. Or to benefit from crowd-sourced improvements. Sluggish and inherently inefficient.

This is a different matter than slipping in Tattler Code...  segments that reveal if a competitor stole or copied from you. Even segments that go online and tattle when the code is run!  These are clever, legal, and involve transparency of a sort! A searing light of accountability that seems a lot like an immune system, at work.

I could go on. But swamped, so I'll leave it there. Except to add this:

Fight for a civilization that becomes more filled with light, wherein competition isn't cut-throat, but simply the way that people like you and me and Steve Jobs get the best out of ourselves! I push transparency as the most-frequently applicable medicine.  But even more important is to stay calm, and understand what we should defend.

And defend it.

==For more, see also: Consider Copyright

 and The Unlikeliness of a Zero Sum Society

====

My profile and collected links on xeeme.

Remember - I'll be holding an open house meet-up in New York City on Monday, October 17, at around 8:30pm at O'Reilly's, 21 W 35th St. (upstairs: byo-drinks.) An informal gathering of folks who love the future, sci fi or just lots of talk! (If you really like all those things, then check out the Singularity Summit in NYC. I'm speaking on October 16.

I'll also be the Guest of Contraflow, the New Orleans science fiction convention:November 4-6.  Join us if you're in the area!

31 comments:

duncan cairncross said...

"Because certain countries and companies are rampant intellectual property thieves. Because Western leaders won't act to stop it."


Not sure I agree with this - from our (NZ) perspective we see America strong arming us into increasingly restrictive IP agreements


From a mechanical engineering point of view the knowledge of how to make something is the most important thing - and that is given away when you outsource

From what I have seen most Asian countries that abuse copyright do it for internal markets,

Funnily enough the older books I have (1960's??) - say - Not for Sale in the USA - because of America's contemporary abuse of copyright.

IP is important - very important - but I think we have swung too far in terms of restrictions in fair use

sociotard said...

I know it was just a tangent in your opening post, Dr. Brin, but how long do you think copyright should last?

Patent terms are, of course, very reasonable. 20 years isn't too long. Copyright, though? 120 years? Really?

Here's the solution I thought would work well:

Renewable Copyright. Each period lasts 25 years.

Period One (0-25 years) is automatic, the way copyright is now. You don't have to do any paperwork or anything.

Period Two and Period Three (25-75 years) are free renewable. Just fill out a form, show you own the original, and demonstrate that there is a copy or two in a registered content warehouse. These facilities are responsible for preserving works for at least full copyright length + 25 years. If anybody wants to get a copy to play with when the copyright expires, they will find one there. Preserved. None of this The Film Foundation crap.

Periods Four, Five, and Six (75-150 years) Content owner must show that they are still building on the original. If they want to keep the Mickey Mouse copyright, they have to show they have produced new Mickey Mouse content for the previous 25 year period. It may be sufficient to show that the author is still licencing "covers" and other derivative works to be produced.

Now, that system would be more complicated, and it would actually let some works keep copyright longer than is done now. Most works, though, would expire much sooner. It'd cost money to buy a 50+ year contract with a content warehouse to preserve the work, and not all works would be worth that. Those would just slip through to the public domain.

sociotard said...

Not sure I agree with this - from our (NZ) perspective we see America strong arming us into increasingly restrictive IP agreements

Okay, this isn't quite true. Well, it sort of is. America used to have much more lax arrangements, but Europe kept wanting us to sign on to the Berne Convention. They stronarmed us. Sad, because half the fun of being America is getting to be a unilatteral cowboy that does whatever it wants.

Jacob said...

25 years is close to a generation which I consider way too long. Frankly I'd like to see us move to an advertising model. I would buy from the company doing the innovation. But I want other companies to put competitive pressure on the company to continue push forward. A two year cycle (+ normal development time) seems much more reasonable. I add in the development time as some products take a few years to bring fully to market.

A company that is will to improve upon an existing design should be able to. If the original company is worth anything, it will learn and further improve based on developments of others. It improves outcomes the consumer and makes companies more agile.

sociotard said...

I don't know if you want to stick in a flexible term like "normal development time" in there. That sounds like a recipe for abuse.

rewinn said...

How does transparency work in wartime - the ultimate zero-sum game? Formerly, "wartime" was a special era (maximum about four years) temporarily justifying extraordinary security, but recently it's become normal.

This is disturbing. Case Western's hosting a webinar on the topic 10/11/2011 which you may enjoy. Perhaps if we can get back to peacetime, it'll be easier to think in terms of positive-sum gaming.

sociotard said...

War lasted four years, unless it lasted 116 years.

A bigger problem is the expanding definitions of war (drugs, terror) and uses for military force.

Corey said...

On a peripherally related topic, a blustery religious figure has appeared on the App State University campus with a loudspeaker and a sign that reads "Evolution is a LIE" (among a few others).

Normally I wouldn't worry at a highly rated university with a student body of thousands of trained skeptics, but this is the South, where religion tugs strongly on many, and a lot of people who may not have the education to tell fact from fantasy on the subject, who are being told that "following God" DEMANDS rejecting science, might be persuaded.


More than that, it's the principle of the matter that really gets me.


In a civil debate, in an open forum, I could tear these peoples' logic limb from limb, but they're standing out there with a loud speaker, which is basically a way of censoring anyone who doesn't have a loud speaker.

A have to admit being more than slightly annoyed.

David Brin said...

Duncan the core point of my article is that IP can fail in either direction.

(1) if it is inadequately defended from major thieves. (e.g. Elon Musk does not patent any of the rocket advances by SpaceX because a certain country will just steal them and ignore requests for royalties. That country routinely lures western companies into "joint ventures" demanding crown jewell IP, then squeezes them out.

(2) if it is too heavily defended by patent trolls who forget why IP exists. Which is to help ideas spread by offering a decent income, not a stranglehold. Some countries have "compulsory licensing" where the patent holder MUST make several (not just one) license deals and if some time passes, the price gets imposed lower.

Sociotard, I consider the Mickey Mouse Law to have been absurd. A blatant betrayal of the meaning of IP.

Rewinn, war can be an EXCUSE to go zero-sum. e.g. Bushite use of emergency clauses to grant contracts directly to pals.

David Brin said...

Corey, is there a railroad cut through sedimentary rock anywhere near campus? A geologist who'd be willing to take folks there on a "tour through the ages?

If so, you could stand in front of the doofus with a placard offering weekly "Tours of God's Rock of Ages... and the true ages of God's rocks!"

When people stroke with their own hands the layers and are told the rate that sediments form... and chip out fossils of extinct SEA creatures who could not have been drowned in Noah's flood, it does change them.

Acacia H. said...

Actually, isn't war a Negative-Sum game? Think on it: almost no nation ever comes out of a war better than it began because it's inevitable people die, economies suffer some level of upheaval, and uncertainty causes damages to all parties involved.

------

I found an interesting article concerning titanium on the Moon. While I know Dr. Brin rails against returning to the Moon, I think there may be a case for a limited return. Just... not a manned return.

Think, for a moment, of the possibility of a robotic mining facility set up in pieces on the Moon's surface to start harvesting titanium, oxygen and iron from the Moon. Railguns could be used to transport the iron and titanium back to the Earth (either with some form of parachute system after reentry, or just letting it smack into the planet - if small enough bits are sent, then the damage from impacts will be minimal). And best of all, it becomes a test bed on how to build a robotic facility on a distant body, while remaining close enough that it's pretty much real-time.

This could either be a multi-corporation project or a multi-nation one, with each party sharing in the costs and profits from the operation. And considering the price (and relative rarity) of titanium, it would likely prove profitable, given time. The ecological effects would likely be far less than mining it from the Earth as well.

Rob H.

Corey said...

@David

I like your thinking :)


@Robert

That could give surprising payoff, because that would allow make for easy exploration for other potentially valuable resources, like tritium.

Tony Fisk said...

Corey, yes, observation trumps assumption.

If you wanted to engage the megaphonically gifted gent directly, you could try the human microphone technique.

Speaking of fossils...

Iaa!

According to an... interesting... new hypothesis, it may just be that HP Lovecraft knew a little more about the Earth's past than we think.

Sleep well, kiddies!

carcinge: ancient Cthulhu craftwork

BCRion said...

@Corey,

Not sure where you're going to get all the tritium on the moon from, considering it is radioactive with a 12 year half life. More likely, you are referring to the stable helium-3 isotope that is in relative abundance in the lunar regolith and has uses in radiation detection here on Earth.

Tim H. said...

Tony, that might be a good illustration for "First to be eaten", a "Chick tract" style document promoting The Old Ones.
"cerfibi", professional alibi service.

Acacia H. said...

Here's an article on the 99% Protests that I think you all will find interesting: http://howconservativesdrovemeaway.blogspot.com/2011/10/occupy-wall-street-vs-tea-party.html

http://howconservativesdrovemeaway.blogspot.com/2011/10/
occupy-wall-street-vs-tea-party.html

Rob H.

BCRion said...

Paul Krugman hits another home run. This topic on the motivations of those who vehemently criticize the "Occupy" protests:

http://www.nytimes.com/2011/10/10/opinion/panic-of-the-plutocrats.html?_r=3&src=tp&smid=fb-share

http://www.nytimes.com/2011/10/10/opinion/panic-
of-the-plutocrats.html?_r=3&src=tp&smid=fb-share

Doug S. said...

In the Olden Days, war could be profitable because, if you won, you'd get to steal whatever your enemy had. The Romans got a lot of their wealth this way.

This stopped being true some time around World War One. Ever since then, even winning a war (between nations) became a money-losing proposition. (Civil war can still pay, though; if you manage to take over a government, you can exploit the natural resources and tax the people.)

Tom Craver said...

Robert - I've suggested elsewhere that we give our kids the moon - literally. It's not like we adults are doing much with it...

Bootstrap a robotic moon program, and transition control to kids - eventually, ideally, to the point that adults just provide the funding and maybe a little high level oversight. Use NASA to bootstrap the program, but aim to turn more and more operation and control over to kids as they grow up in the program.

For a fraction of the cost of sending people back to the moon, and far less than we dump into the US educational system with relatively little impact, we could have a long-term inspirational program where kids can have an exciting real world impact.

And when the kids get too old to take part in the lunar program, I'll bet there'll be a bunch that feel driven to move on the Mars or the asteroids...

Tony Fisk said...

Occupy Boston is being evicted

Acacia H. said...

Here's an article concerning a CNN report suggesting bullying is a form of "social combat" where children jockey for social positioning. In short, we bully because of instinctual behaviors, much like wolves snarling at each other over who is submissive and who is dominant (though this is my interpretation, not what they said specifically in the article).

http://edition.cnn.com/2011/10/10/us/ac-360-bullying-study/

http://edition.cnn.com/2011/10/10/us/
ac-360-bullying-study/

Rob H.

rewinn said...

@Doug -
"...even winning a war (between nations) became a money-losing proposition..."
Sure, because plunder of goods just isn't that profitable anymore, especially when goods are sold into an international market. But change your unit of analysis from the nation to the nation's decision-makers, for whom going to war can be VERY profitable, because, as Dr. Brin pointed out ...

"...war can be an EXCUSE to go zero-sum. e.g. Bushite use of emergency clauses to grant contracts directly to pals...."

...isn't it more efficient to use the Afghans as an excuse to plunder our Treasury than to try to extract gold from the Afghans?

@Tony Fisk's Kraken link is wonderful; It's a good thing prehistoric kraken couldn't use fire. Imagine an industrial revolution, space travel, diverting comets, an industrial accident: no more dinosaurs!

@Tom
1. Put remote-controlled robot on moon - something like the Spirit rover, solar-powered with nice cameras ...

2. Auction right to drive it for a while, with some minimal safety overrides...

3. Internets go crazy!!! (Seriously. How much would YOU bid???)
...

5. PROFIT!!!!

Brendan said...

The only problem with the Kraken story is: that is all it is. Brian Switeck of wired comments here:

The giant, prehistoric squid that ate common sense

Tony Fisk said...

I like the Kraken story, even though it doesn't come with extraordinary evidence.

Switeck disses it without disproving it.

In other news...
Australia's 'Carbon Tax' legislation has been passed in the lower house.

Boston's Green square was cleared of protestors with the minimum of fuss.

- twitter reports were rapid, and somewhat, umm melodramatic at times (maybe rename to 'twitcher'?)
- to date, far less 'brutality' in cameras than in tweets. Police seemed fair but firm (daresay there's a few exceptions, as there were in NYPD at the weekend)
- Simply dumping the entire contents of the camp into waiting dump trucks is malicious damage to property, isn't it? (Ironic, since the police supposedly moved in to protect the newly installed shrubbery!)
- what the media *does* show is a helluva lot of cops loaded with heavy tackle arresting occupiers peacefully, in the wee small hours of the morning... having ordered all media to be shut down!? Which suggests real pride in their job! I think that this is a more telling image of authoritarian over-reaction than over-hyped claims of abuse.

duncan cairncross said...

Hi Guys
I have been watching your politics thinking
- it took English voters a long time to see through Maggie Thatcher -

Then I realized - I have never seen such dog in the manger politics anywhere!!
Republicans openly sabotaging your economy to regain power

Why do you put up with it? - in any other country a party deliberately sabotaging the economy would lose their deposits at the next election - not be re-elected in larger numbers (2010)

Why is American politics so different?

Tim H. said...

Duncan, as much as anything, it's the churches, mostly conservative (Or what passes for conservatism these days.), conflating their religion and politics.

Acacia H. said...

There's an interesting article in National Geographic about jellyfishes - it seems that when they swim up from the depths, they drag cold, nutrient-rich waters with them to the surface, and then pull warmer water into the depths. In short, the massive jellyfish blooms happening as we overfish are causing a cycle to occur that is increasing the fertility of the oceans for microorganisms and krill... and perhaps alleviating to a small extent global warming.

Though Dr. Brin's idea of geoengineering through pulling up nutrient-rich water from the depths to encourage new fisheries and the like is still valid, and likely less damaging than jellyfish ultimately are.

Rob H.

Corey said...

Duncan, it's because they convince everyone that it's the fault of the Democrats. The efforts to "sabotage" the economy, even though that's what they are, are passed off, instead, as efforts to save the economy that just happened to fail because the GOP wasn't allowed to go far enough because of the Democrats.


How do they get away with it? As Tim says, the Evangelical Christian movement is very powerful here, and comprises a massive portion of our population.

These are people who, in more than 75% of cases, reject evolution, so how likely do you think it is that this vast majority will listen to logic or reason on anything else? They're also infatuated with the right wing, because they think they represent the "Christian", "Moral" party.

What remains of the Christian movement, while not inherently Republican (Catholics used to be one of the most solidly Democratic groups, for instance), are drawn in by issues like abortion and gay marriage, and so, to avoid the cognitive dissonance that comes with the possibility that they might be supporting very wrong things on every other issue over what basically boils down to legislated morality, they uncritically adopt the entire right wing platform.


So basically, no matter how much BS the GOP is peddling, ~40% of the nation will buy it. That's an awfully big lead to start with, which means they have to screw up EXTRA badly for the nation to actually elect Democratic politicians.

LarryHart said...

duncan cairncross:

Why do you put up with it? - in any other country a party deliberately sabotaging the economy would lose their deposits at the next election - not be re-elected in larger numbers (2010)

Why is American politics so different?


A lot of it is because the news media is all corporate owned. There are large segments of the population who get all they know from right-wing sources. They really think that Obama is a socialist who wants to punish the rich "job creators".

I think Dr Brin also has it right that the old Confederacy is really trying to rise again, and they're in FAVOR of oligarchy.

And one thing that makes American politics different from anywhere else is our system of electoral votes for president, which give small rural states disproportionate power.

Tony Fisk said...

They always said the South will rise again...

Why now? Probably because there's no longer any external commie threats to distract them from the internal ones (China not being openly belligerent like the USSR was)

The current situation in Australia is... bizarre: a minority government propped up by three independents. Greens hold balance in the Senate.
Howard was unable to totally wreck the checks and balances (possibly due to the preferential voting system). His successor (Abbott) is trying the same nah tactics as the GOP, but the independents don't buy it.

Believe me, the carbon tax just passed had *everything* thrown at it. If you followed the News (ltd.) you would be forgiven for assuming that Gillard's about-face on the issue was tantamount to high treason. News polls have her as being as popular as the bubonic plague.

Interestingly, though, the popular turnout at rallies tells a different story (the yes rallies pulled about 10 times the number!!) Whether this would translate to votes at an election, with other issues to weigh, is a moot point.

I believe there are 'occupy' rallies starting in Australia this weekend. We've so far weathered the GFC reasonably well, so how much support they get remains to be seen.

Jack L. said...

Security through obscurity, such as that described in the paper you mention above (admittedly, I haven't read it), is mostly considered a joke from any half-bright programmer's perspective simply because when you distribute obfuscated code in binary form, you are in effect distributing the keys with the lock, and trying to hide the fact that you did so. The most it can buy you is time, because not only does the enemy know the system, but the enemy HAS the same system in their possession. It seems important to remember who "the enemy" is under all circumstances and to consider what kind of game you are playing with him/her...

From a consumer perspective, that of a consumer who is also a programmer, this is often insulting and obnoxious -- but hardly a true deterrent. Does anyone here remember the DeCSS controversy? It was (and still is) enough to make one want to turn off the DVD player and pick up a good book.