Blayne Sucks

Recent cryptography news serves as a microcosm of the development of computer security technologies. The discovery of fully homomorphic encryption by Craig Gentry, a Stanford PhD student working at IBM this summer, is by far the biggest headline in cryptography theory this week, month, year, and (probably) decade. Essentially, fully homomorphic encryption can perform arbitrary computations on encrypted data while preserving the encryption. For example, a spam filter could be used to identify encrypted emails containing spam, or an audit logging system could append an entry into an encrypted log file without decrypting it and then re-encrypting it.

Now, nothing is perfect right out of the gate, and there are caveats to this discovery. For the scheme to work, one must know in advance the maximum number of computations that can be performed on an encrypted file. It’s not practical; the discovery shows only that it is possible. Last but not least, we’ve already developed schemes that allow some limited operations, such as search, on encrypted data. These have been around for years, and some have even been reported on technical news sites. But even taking these concerns into account, the discovery is legitimately headline news.

The media loves to report juicy computer security stories, particularly relating to the discovery of new cryptographic techniques. Unfortunately, these headlines distract from the primary concern of the average computer security professional: We are just not using the tools we have! Consider last summer when a flaw in the DNS protocol became huge news. It was a problem that could have been completely avoided using existing cryptography. We just weren’t using it. In fact, despite Dan Kaminsky’s recent efforts, we still aren’t using it. Here’s a great quote from Dan:

DNS is the world’s largest PKI without the ‘K.’All DNSSEC does is add keys.

Why haven’t we “added the ‘K’” yet? DNSSEC has been sitting in a drawer, and even after last summer, it doesn’t appear to be a priority. It is designed with security in mind from the start; it is real, practical, and can be implemented without another breakthrough in cryptography. Only, we aren’t using it. And this has been the pattern of cryptography technologies for the last few decades:

1. Some smart people create something like public key encryption and/or fight against ludicrous export controls on cryptography tools.
2. The story becomes headline news for a day or two, and we all walk around feeling great about how we ‘solved’ the security problem and we’re all going to be ‘safe’ soon.
3. A few weeks pass and we find that no one is actually using the inventions that were just created and/or saved from oppressive regulation.
4. Eventually, we start all over from Step 1 with a new miracle discovery in computer security. That’s what happened this week.

Consider email encryption. Gmail (and most other webmail providers) still doesn’t support GPG. Gmail also doesn’t use persistent SSL connections by default, which means that your emails are delivered to your web browser in plain text when there’s a cheap and effective form of encryption that could easily be enabled. This was old news when I blogged about it here nearly two years ago, but Google is “looking into whether it would make sense” only recently, perhaps because of a letter organized earlier this month by Chris Soghoian and signed by numerous computer security experts.

I’m not saying that fully homomorphic encryption isn’t important, or that solving this longstanding, open academic question isn’t an achievement. It is important, exciting, and a huge achievement. All I’m saying is that fully homomorphic encryption, or any security technology, won’t solve computer security and privacy problems unless we start using the tools we have.

Edited to add: Here’s a nice piece by Brian Krebs that talks more about the letter sent to Google about ecrypting by default. In particular, I love this quote:

“What we’re saying in this letter is that as an iconic service, and one that professes to be concerned about user safety, Google could set a good example and set the right defaults, and if users want to switch back to something less secure, then they can.”

Dr. Eugene Spafford

(Full Disclosure: I am working with Dr. Spafford this summer at CERIAS on campus at Purdue University.)

One of the first things I learned about baseball was that the umpire is extremely important to the integrity of the game. If the ump doesn’t honor the game by trying to call balls and strikes as consistently and accurately as possible, then it’s not worth playing because no one would know what to expect from pitch to pitch. Although both consistency and accuracy are important, consistency is more important than accuracy because every ump has a slightly different strike zone, but if they call things the same way on both teams, then the game is fair. Both teams agree on this; it’s not even up for debate. If umpires didn’t aim for consistency, then baseball would be a game about trying to convince the umpires to call pitches your way.

During his confirmation, the current Chief Justice of the United States said, “My job is to call balls and strikes not to pitch or bat.” It’s fair to ask: Do baseball’s roles for consistency and accuracy hold true for governments as well as umpires? At some level, is it more important that governments treat people as consistently as possible rather than as accurately as possible according to any one of the many different political positions citizens might have? Clearly accuracy is important, both in both baseball and governing. Umpires get fired if they aren’t at least accurate to some degree. A political system that disenfranchises half its population is too inaccurate to be considered fair no matter how consistent it is. However, at some level of marginal return, is it more important to be consistent than accurate?

Let’s look at two cases. First, consider the bailout of AIG. In mid-September of last year the U.S. Government poured billions of dollars into AIG in an effort to save the company from bankruptcy. Just a week earlier though, the U.S. Government declined to bailout Lehman Brothers, which was operating under similar circumstances. Second, consider the recent bankruptcy proceedings for Chrysler and General Motors. In the Chrysler bankruptcy, secured creditors are getting 30 cents for every dollar owed. In the General Motors bankruptcy, secured creditors are being paid in full. Secured creditors are guaranteed by law to be first in line, so it’s not crazy to say that these creditors were screwed when the Supreme Court decides not to hear the inevitable lawsuit. It’s not unreasonable to label this as a “deadly sin” in the well-settled area of bankruptcy law. I’m not even sure it’s hyperbole to say that this is the end of capitalism as we know it. It is, at the least, inconsistent governing, and I’m not the only asking for an explanation.

It’s easy to be distracted by debates about accuracy. For example, some may argue that secured creditors don’t have as strong a position as intimated by others. That’s a debate about accuracy: which position was right according to some standard. Debates about accuracy are important, but aren’t debates about consistent governing more important at some level? There were secured creditors in both cases, so why were the results different?

The main benefit of consistency is that it allows us to know what to expect. In February 2008, the U.S. Government decided to bailout Bear Stearns. At the time, economists like Russell Roberts wondered publicly if this was setting a bad precedent. Essentially, he disagreed with the decision to bailout Bear Stearns, but thought that the real harm was “the encouragement of recklessness and irresponsibility” down the road. This position disagrees with the accuracy of a particular government action and assumes consistency in future government actions. Precedent, whether good or bad, only has meaning if the government operates consistently.

The cases I’ve mentioned seem strikingly similar on the facts, and yet, they had distinct, different outcomes. As a result, they set no precedent. If we can’t be completely accurate, wouldn’t it help to at least be consistent? In fact, the only precedent that they might set is one of inconsistency regardless of party affiliation. The Lehman Brothers / AIG case was under the Republican Bush administration; the Chrysler / GM case was under the Democratic Obama administration. And yet, they were both handled just about as inconsistently as possible. Unfortunately, this may be the only kind of consistent governing we can expect.