Shostack + Friends Blog Archive

 

Secrecy is not Privacy

So, I’m really irked by headlines like “Microsoft’s ‘Secret’ Security Summit.”

  • First, it wasn’t Microsoft’s summit. It was an ISOTF meeting that had public web pages. Microsoft provided conference facilities and lunch. I don’t think we even bought the beer.
  • Second, it wasn’t a secret. It has web pages: “Internet Security Operations and Intelligence II – a DA Workshop.” Things with web pages are rarely secret.
  • Finally, it was a security summit, but hell, 50% is a rotten ratio for a headline.

So let me delve in to the words “secrecy” and “privacy” just a little. The meeting was private: you had to know the secret handshake to get in. You had to agree not to talk about what was said. That’s about privacy. It also includes some secrecy about what, precisely, was said. As I’ve said before, privacy is a good way to build trust. It allows people to speak openly, because they can rely on anyone who blogs about it not being invited back.

I’m speaking for myself here.

7 comments on "Secrecy is not Privacy"

  • Alex says:

    Sure Adam, Sure…..

    Don’t try to act like this isn’t some sort of Bohemian Grove/Illuminati meeting. You guys are like the Skull and Bones for the security and privacy market.

    I hear that the NSA was there collaborating with Microsoft to build back doors into Age of Empires IV, and transmitting via the WiFi in Zunes any teenager who listens to or tries to "squirt" Janet Greene songs.

    How long until our xBox 360’s send us subliminal messages in TV programming?!!!

  • “privacy is a good way to build trust. It allows people to speak openly, because they can rely on anyone who blogs about it not being invited back.”
    The argument seems flawed as you are describing a post-hoc defection & punishment that has no effect on your current privacy. The Prisoner’s Dilemma kind of thing. That would imply caution in speech depending on your existing trust of the individual speaking.
    I think too, that whatever trust “privacy” builds in-group, it totally “is” secrecy from the out-group view and that does nothing to build trust.
    When you return from your secret meeting who’s privacy we were not permitted to share, what faith need we have in the proceedings and outcomes?

  • Adam says:

    Hamish,
    I have no idea why you think threat of punishment is a flawed argument.
    I don’t know who is asking you to have faith, or care, about a meeting or its outcome.

  • Chris says:

    I don’t know what the big fuss is about. If I understand the criteria, even *I* could have gone to this thing. Having failed the Groucho test, it isn’t something people need to get all worked up about. :^)
    Next time, maybe outsiders who successfully use the Admin Interface should be let in. Kinda like a Google job application.

  • Alex says:

    Chris,
    Good job uncovering the conspirators “secret handshake”! Now we know how to infiltrate their meetings and learn the dire secrets of their conspiracy. I imagine their quest is nothing short of world domination!
    No doubt they’ll be courting an alliance with the aliens, the unicorns, and Proctor & Gamble.

  • wow adam, what can i say? you are so l33t! and also so secret! now i known who is my hero

  • Anonymous says:

    Was that akin to “closed source is a good way to build strong security?”
    Privacy is a two-edged sword; it does increase ability to speak openly, and also it increases ability to craft a certain message … including deceive, dissemble, lie.
    Whether this is a good thing or not can’t be determined a priori. It may raise the trust of those inside, but it will probably reduce the trust of those outside.

Comments are closed.