Privacy is safety, and safety IS liberty.

Aspects of security are ways to ensure aspects of autonomy. Safety is, at a short remove, liberty; without safety, one cannot be free. The path lies through autonomy.

Autonomy is control over yourself: self-determination of action, self-declaration of identity, and so forth. We slowly establish autonomy as a part of growing up, gaining volition over bodily functions, then more slowly gaining autonomy over what we do and when we do it. During this process, we learn that autonomy must be negotiated with others in order to integrate as a part of civilized society.

Autonomy is routinely reduced in the name of society, parenting, or to enforce public order. This last is the excuse usually given to override personal security: personal security means personal control, which is antithetical to state control. But by living in a civilization, we agree to a modicum of deferred control — we agree that there are behaviors that cause someone to lose autonomy.

This is a balancing act, and security is one of the ways to ensure autonomy. As per Franklin’s adage[1], security is liberty. Liberty is ensured through continued autonomy. Autonomy permits liberty. And security enables autonomy.

In thinking through security puzzles[2], I use this metaphor a lot. What privilege does this form of security protect? What other mechanisms provide that same protection? What other protections are required?

Mapping Security Concepts to Control

The seven concepts I cover today are:

  1. Authorization: control over action
  2. Authentication: control over identity
  3. Authenticity: control over reproduction
  4. Restricted delivery: control over reading of content
  5. Fingerprinting: control over altering content
  6. Connectivity: control over delivery

These are important building blocks from which most designs can be built. Let’s take them in order.

Authorization

Old World Example: Power of attorney. A legal document proving that you have granted certain rights, normally reserved for yourself, to another person.

New World Example: The root user is given all authorizations in a Unix system. (This isn’t always a good thing.) Or, you may grant a phone application a privilege such as accessing your phone’s camera.

Authentication

Often there is a sliding scale of how much proof you provide, and what it authorizes; for example, to receive a package, you might just need to state your name, but to get a passport, you need to show a number of hard-to-get documents and provide biometric data.[3]

OWE: photo ID. NWE: two-factor login, TouchID.

Authenticity

Authenticity is an open shared secret: recipients must know what an authentic item looks like, because it’s up to them to authenticate ‘in the clear’. This is in contrast to both restricted delivery and fingerprinting, which can rely on a shared secret in their mechanism. This means that enforcement of authenticity is as much a social mechanism as it is a physical or mathematical one.

In practice, there is a sliding scale of authenticity, with a corresponding scale of how much expertise is required to test it: everyone knows what dollar bills look like, but there are other anti-counterfeiting measures in the bills (embossed paper; the paper itself; metallic strips; etc.) that require advanced equipment or know-how to detect.

OWE: Dollar bills; signet rings; travel papers with embossing or itaglio printing.

NWE: Blockchains. The blockchain is a public record showing the work performed to verify that a transaction is authentic, enabling users of a blockchain to trust that there is no counterfeiting.

Restricted Delivery

In practice it is impossible to ensure restricted delivery, due to the nature of the human body — we must physically perceive content, which makes it possible to eavesdrop on it or reshare it. In most cases, the mechanisms we use are also susceptible to interception.

OWE: A sealed envelope delivered by the US Postal Service: physical security and laws reduce the chance of interception, and the seal discourages eavesdropping along the way. A cypher also counts; these have been used since pre-history to send private messages that were expected to be overheard.

NWE: Encrypted content. Decryption requires either a key or a payment of computing power chosen to be infeasible with near-future hardware.

Fingerprinting

Fingerprinting is useless without an authentication scheme. It is a way of ensuring that the content was not changed since a particular authority fingerprinted it; but if the authority is not authenticated, then the operation is without value.

OWE: Wax seals, with the physical security of the signet ring / seal stamp providing the authentication mechanism. (The signet ring itself was a token of authenticity, providing authentication, while the wax seal provided the tamper evidence: the paper or seal would be irreversibly damaged.)

NWE: A cryptographically signed checksum for a document. The checksum is very hard to forge, and is sensitive to any change in the contents; the signature provides the authentication.

Connectivity

Connectivity allows you to weather attacks on your ability to communicate, whether those are censorship, DDoSing, or always being last in the priority queue.

OWE: Privileged access, for example, courtiers in a royal court paying to get an audience with the monarch.

NWE: On-site location of high-frequency trading. Non-neutral networking that privileges certain sources of information over others. OSes that gives some apps access to special, faster APIs.

In Summary

Are there other concepts that fit in this framework? What don’t? What would you add or remove?

Footnotes:

[1] “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” There are many imitators of the form out there, but this is the original. At least, so I am told by an unauthenticated source on the internet.

[2] Despite not being ‘officially’ in a security field, it keeps coming, and I ended up writing two different novels about it (one moreso than the other.)

[3] The passport itself then becomes an authentication token with high authenticity which in turn is used as proof of authority (the authority to, for example, enter a country).

[4] For the sticklers, I’m blurring together processing power, bandwidth, and latency, because to the end user they are deeply intertwined.

--

--

Obligate infovore. All posts made with 100% recycled electrons, sustainably crafted by artisanal artisans. He/him/his.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alex Feinman

Obligate infovore. All posts made with 100% recycled electrons, sustainably crafted by artisanal artisans. He/him/his.