The Argument Against Security Through Obscurity for the Non-Digital World

Presented at H2K2 (2002), July 13, 2002, 10 a.m. (60 minutes).

In the world of networked computers, security through obscurity is generally ineffective. Hiding algorithms, protecting source code, and keeping procedures secret might be effective initially, but eventually the cloak of secrecy is penetrated. This talk will examine how security through obscurity is relied upon in the non-computerized world. When can security through obscurity work? What risk analysis should we use to examine the role of obscurity in the non-computerized world? The talk will present and examine the hypothesis that an "open source" mentality should be applied to security procedures for public places. This is a logical extension of the lesson in cryptanalysis - that no cryptographic method can be considered trustworthy until it has undergone a rigorous examination by qualified persons. Similarly, can we trust security procedures in the physical world designed, ostensibly, to protect the public if these procedures never undergo public scrutiny?


Presenters:

  • Dr. Greg Newby as Greg Newby
    Greg Newby is a professor at UNC Chapel Hill with a Ph.D. in Information Transfer. He teaches Unix/Linux systems administration and information security, and has a research project to develop open source search engines. He is a founding member of the North Carolina chapter of Computer Professionals for Social Responsibility (CPSR), and the CEO of Project Gutenberg.

Links: