A little knowledge is a dangerous thing
Bruce Schneier demonstrates the truth of the old saying in a must-read blog entry.
In a nutshell, Nature published an article written by a physicist with little or no background in cryptography, claiming to have devised a mechanism foroptically transmitting encrypted messages using a “chaotic carrier”. Bruce trains his skeptical and expert eye on the article and demolishes it: he shows how the system allows anyone with a compatible receiver to decrypt traffic, that the system offers no ability to change keys, and more. The result is an object lesson on the value of peer review (even if it is not anonymous and is informal), and of the dangers of not doing a literature review.
the thing i find sooo funny about this, is how it’s so relevant to Bruce Schneier – he is the original peddler of a little [security] knowledge is a dangerous thing – his past and present musings are so full of factual innacurraices it’s not even funny anymore.
Please feel free to comment. Please also feel free to recall that accusations of inaccuracy are best when accompanied by words like “for example” or “another instance would be.”
The problem is that, while Nature reviewers aren’t qualified to review the cryptographic merit of the system, people at JCrypt wouldn’t be able to evaluate whether anything they’re saying about lasers makes any sense. So it’s hard to do effective peer-review of a cross-disciplinary paper.
In conferences, the prevalent culture seems to be to grant that the authors know what they’re talking about in the area outside of the committee’s expertise. The review timelines make it difficult to do anything else.
In a journal context, it would probably make sense to delay publication and contact outside reviewers who actually know something about the second field, but I’m sure that’s not the established practice.