A few days ago, Ed Felten at Freedom to Tinker wrote about a new paper he and eight other authors have written concerning the ability of an attacker (physical) to access all the contents of an encrypted hard drive (the paper is linked from here). He followed up with a second post to clarify some things that had arisen in response to his initial post. For me, the most interesting bit is this:
“Fundamentally, disk encryption programs now have nowhere safe to store their keys. Today’s Trusted Computing hardware does not seem to help; for example, we can defeat BitLocker despite its use of a Trusted Platform Module.”
This ties in to posts I have made in the past about the “Trusted Technology Fallacy.” The basic premise is that we are wasting our time in searching for technology that we can trust to solve our problems. In fact, technology is not even particularly good at solving the problems that it itself has created.
This is a perfect example of the trusted technology fallacy in action. Here’s how it works:
- computers are put into widespread use;
- information is put on the computers;
- someone steals the computer and gets the information (or the computer is lost);
- someone decides we need to solve the problem of lost data by encrypting it (that is, we need to “solve” our problem through technology);
- technology is developed to achieve this goal (and it might even be called “trusted”technology)
- someone figures out a way to get around the technology.
This seems natural. So why do I say it reflects the trust technology fallacy in action? Because it’s wasteful. It’s wasteful because as we put our trust in the technology, we forget the other and likely more important bits. We forget that technology, made my people, will be broken by other people. It just will. Microsoft has built Trusted Computing around the mistaken position that this isn’t true. But it is.
Don’t believe me? Then show me technology that hasn’t been. I can’t think of one (that’s an invitation to prove me wrong, by the way). Fairplay: broken. Microsoft DRM: broken. DeCSS: broken (and kicked while down). This observation is especially true in the “plastic” world of information technology. Some technologies might be unbreakable, but they usually have a “hard” technological (ie, physical) not “soft” technological (ie, software) element to them (things like Fort Knox, for example). If anything, hooking up hard technology to soft makes it more likely that the hard technology can be compromised. Use of many kinds of information technology is more likely to hurt security, even information security, than it is to secure it in such a way that we can fully trust it.
My conclusion is that we should stop wasting time trusting technology, trying to build trusted technology, and supporting allegedly trustworthy technology with laws that attempt to fill in what the technology itself cannot achieve. It is wasteful and we could be doing better things with our time and our money.
Don’t get me wrong here. I like technology. I use technology. I want technology around me. We should still build it, and we should still build information technology security products. But we should also educate people as to security and best practices to staying secure. Everyone who interacts with information technology must have at least basic knowledge of security; we cannot teach them that they can trust technology to do it for them. We must teach them to avoid social engineering, and to develop best practices (like not having your password on a post-it note next to your computer) for their own safety. People need to understand that security, information or otherwise, is not a simple matter. It is complicated, and difficult, and requires our attention. And we should not think we can trust technology to achieve for us what we really need to achieve for ourselves.