« Resist | Main | ...but who's counting? »
July 08, 2003
Stuffing the Genie Back In the Bottle
The Washington Post has a well-written article on suppressing the work of a grad student because it might compromise national security. The twist here is that the student is reorganizing publicly-available data using mapping techniques. Nothing proprietary, no espionage involved. So where's the risk? Only that it makes government and corporations nervous.
More commentary on this in a moment. I need to have breakfast.
UPDATE: I've included my thoughts in the extended entry below.
In Columbo style, I'll state my conclusions first. We should not restrict this kind of information, either in parts or when it's compiled into a whole like Sean Gorman has done. On the surface it may seem like information that could be dangerous in the hands of those who would do us harm, but it is actually an effective weapon against attack. My reasoning goes a bit like this:
- The information is public for a reason. A Slashdot reader made the excellent point that highways are crucial infrastructure, but detailed maps are widely available. The reason is because people need these maps to work effectively. In the case of telco infrastructure, accidents and outages happen much more often than terrorist attacks, and having a good map makes finding the problem that much easier.
- Finding infrastructure flaws is a good thing. I've dealt with Web security for years, and it's become plain that the best way to prepare for an attack is to simulate it yourself and be aware of all the vulnerable spots. Big clients like to see a comprehensive list of limitations because it lets them plan effectively. If we told a client "there may be flaws, but we can't tell you because they're classified", the client would drop us immediately.
- Infrastructure companies would love to keep this data secret. So would the government. Clients (or citizens) with access to all the flaws in the system are likely to demand that they be fixed or at least protected. In both cases, it's much easier to deny access to the problem than come up with an adequate defense.
- Terrorists don't use high-tech means. Our most recent terrorist attacks were carried out with box cutters and envelopes. Suicide bombers in Israel don't carry out surgical strikes. The point of terrorism is to be random and symbolic, so a target will be found whether infrastructure information is available or not.