There’s been a lot of discussion of secrets this week. First, we have state secrets and WikiLeaks. Second, we have Theo de Raadt exposing that the FBI may have paid programmers to put a backdoor in OpenBSD’s IPSEC stack. The programmers involved deny de Raadt’s allegations but a former FBI agent has verified the story. OpenBSD is an open source operating system managed by Theo De Raadt that is often used in network appliances, routers and firewalls. IPSEC is a protocol that is used to create virtual private networks (VPNs). In Wikileaks, we have a situation where one person (a junior non-commissioned officer) decided not to keep a secret. In the case of OpenBSD, we see an effort to systematically break secrecy in what may be a sell out by developers . There are two immutable facts where secrets are concerned, and these two cases show just how simple secrecy really is:
- Secrets stay secret because people choose to keep them secret.
- No amount of technological measures, law or threats can prevent someone who doesn’t want to keep a secret from spilling the beans.
The funny part is that neither technology, procedures nor the law cannot stop someone who doesn’t want to keep a secret from breaking trust. It doesn’t matter if it’s a family matter, classified material or banking information. Security and secrecy are 100% dependent on people’s ability to keep a secret. Oh, and if you think computers are secure, Ken Thompson, who is considered one of America’s greatest computer scientists, has applied a wrecking ball to the very notion that computer systems can even be trusted. Thompson reasons that because you can’t trust the programmers and advocated criminalizing hacking, which at the time (1984) he wrote the paper, was viewed as harmless fun and glorified by the media. This week’s OpenBSD IPSEC situation is a real world manifestation of Thompson’s warning.
There’s really very little that can be done to ensure that secrets remain secrets, and when you see disclosures or systematic breakdowns of trust only a few places where trust can break down:
- People must be aware that secrets, are in fact secrets. “I didn’t know” is one of the most common excuses when trust is violated.
- Making the cost of breaking trust is sufficiently high to discourage disclosure. This cost can range from the death penalty to loss of friendship or embarrassment.
- Creating certainty that if trust is violated, it will be discovered. This defends against “I thought I could get away with it.”
- Not giving people in positions of trust a reason to disclose secrets. Trust is often two way, and when an employer, fiend or government break their trust with a person, secrets are often revealed as a form of revenge.
In the case of WikiLeaks, I suspect when we get the real story on why Cpl. Manning chose to give WikiLeaks the documents he did, we will find that he simply thought there was a good chance he could get away with it. He did, until ironically, hacker Adrian Lamo outed him. In the case of OpenBSD’s IPSEC, it appears but has not yet been proven that the programmers involved thought they could get away with it and were were paid enough to trade in the OpenBSD community’s trust.
How does your company handle trust?
Secrets are a necessary part of any business, ranging from trade secrets like the secret blend of herbs and spices that makes your fried chicken famous to simple, to competitive information like your competitive pricing model, to the mundane, like usernames and passwords. The question is, how does your company handle trust? Does your company’s policy enhance trust or is it what amounts to security theater?