Privacy is safety, and safety IS liberty.
Aspects of security are ways to ensure aspects of autonomy. Safety is, at a short remove, liberty; without safety, one cannot be free. The path lies through autonomy.
Autonomy is control over yourself: self-determination of action, self-declaration of identity, and so forth. We slowly establish autonomy as a part of growing up, gaining volition over bodily functions, then more slowly gaining autonomy over what we do and when we do it. During this process, we learn that autonomy must be negotiated with others in order to integrate as a part of civilized society.
Autonomy is routinely reduced in the name of society, parenting, or to enforce public order. This last is the excuse usually given to override personal security: personal security means personal control, which is antithetical to state control. But by living in a civilization, we agree to a modicum of deferred control — we agree that there are behaviors that cause someone to lose autonomy.
This is a balancing act, and security is one of the ways to ensure autonomy. As per Franklin’s adage[1], security is liberty. Liberty is ensured through continued autonomy. Autonomy permits liberty. And security enables autonomy.
In thinking through security puzzles[2], I use this metaphor a lot. What privilege does this form of security protect? What other mechanisms provide that same protection? What other protections are required?
Mapping Security Concepts to Control
For each key concept in security, I’ll outline a basic definition, and give “Old World” (pre-information-age) and “New World” examples. The OWEs are often still relevant, but in some cases have been superceded; the NWEs seem to change every day.
The seven concepts I cover today are:
- Authorization: control over action
- Authentication: control over identity
- Authenticity: control over reproduction
- Restricted delivery: control over reading of content
- Fingerprinting: control over altering content
- Connectivity: control over delivery
These are important building blocks from which most designs can be built. Let’s take them in order.
Authorization
Authorization allows control over action. Authorization is a way of saying “I grant that this action can be done by these people, and not by these other people”. It lets you select who may perform some action on your behalf.
Old World Example: Power of attorney. A legal document proving that you have granted certain rights, normally reserved for yourself, to another person.
New World Example: The root user is given all authorizations in a Unix system. (This isn’t always a good thing.) Or, you may grant a phone application a privilege such as accessing your phone’s camera.
Authentication
Authentication allows control over identity. By agreeing on an authentication mechanism, you and another party can agree on how you can prove you are you. This lets you retain control over your identity; without this, other people could impersonate you, and there would be no agreed-on way to disambiguate. (“No! Shoot him! He’s the evil twin!”)
Often there is a sliding scale of how much proof you provide, and what it authorizes; for example, to receive a package, you might just need to state your name, but to get a passport, you need to show a number of hard-to-get documents and provide biometric data.[3]
OWE: photo ID. NWE: two-factor login, TouchID.
Authenticity
Authenticity allows control over who is allowed to reproduce something. The canonical example is hard currency: the physical entities are created in a way which is hard to counterfeit. Because of this, the token itself is proof of authentication: the bill is therefore “backed by the full faith and credit, …” A Gucci logo provides authenticity to a handbag, providing trust in the consumer that the handbag is of a certain quality.
Authenticity is an open shared secret: recipients must know what an authentic item looks like, because it’s up to them to authenticate ‘in the clear’. This is in contrast to both restricted delivery and fingerprinting, which can rely on a shared secret in their mechanism. This means that enforcement of authenticity is as much a social mechanism as it is a physical or mathematical one.
In practice, there is a sliding scale of authenticity, with a corresponding scale of how much expertise is required to test it: everyone knows what dollar bills look like, but there are other anti-counterfeiting measures in the bills (embossed paper; the paper itself; metallic strips; etc.) that require advanced equipment or know-how to detect.
OWE: Dollar bills; signet rings; travel papers with embossing or itaglio printing.
NWE: Blockchains. The blockchain is a public record showing the work performed to verify that a transaction is authentic, enabling users of a blockchain to trust that there is no counterfeiting.
Restricted Delivery
Restricted Delivery allows control over reading of content. Only the designated recipient is given the right to read the contents.
In practice it is impossible to ensure restricted delivery, due to the nature of the human body — we must physically perceive content, which makes it possible to eavesdrop on it or reshare it. In most cases, the mechanisms we use are also susceptible to interception.
OWE: A sealed envelope delivered by the US Postal Service: physical security and laws reduce the chance of interception, and the seal discourages eavesdropping along the way. A cypher also counts; these have been used since pre-history to send private messages that were expected to be overheard.
NWE: Encrypted content. Decryption requires either a key or a payment of computing power chosen to be infeasible with near-future hardware.
Fingerprinting
Fingerprinting allows control over the integrity of content. (You might think of it as “write permissions” for content.) It ensures that if the content is tampered with, the tampering is evident.
Fingerprinting is useless without an authentication scheme. It is a way of ensuring that the content was not changed since a particular authority fingerprinted it; but if the authority is not authenticated, then the operation is without value.
OWE: Wax seals, with the physical security of the signet ring / seal stamp providing the authentication mechanism. (The signet ring itself was a token of authenticity, providing authentication, while the wax seal provided the tamper evidence: the paper or seal would be irreversibly damaged.)
NWE: A cryptographically signed checksum for a document. The checksum is very hard to forge, and is sensitive to any change in the contents; the signature provides the authentication.
Connectivity
Connectivity allows control over the guarantee of, and speed of, delivery[4]. Because no system provides infinite connectivity, absolute control is also impossible; but most situations allow some control.
Connectivity allows you to weather attacks on your ability to communicate, whether those are censorship, DDoSing, or always being last in the priority queue.
OWE: Privileged access, for example, courtiers in a royal court paying to get an audience with the monarch.
NWE: On-site location of high-frequency trading. Non-neutral networking that privileges certain sources of information over others. OSes that gives some apps access to special, faster APIs.
In Summary
This was a fun mental exercise to try to figure out how to explain various security-related concepts.
Are there other concepts that fit in this framework? What don’t? What would you add or remove?
Footnotes:
[1] “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” There are many imitators of the form out there, but this is the original. At least, so I am told by an unauthenticated source on the internet.
[2] Despite not being ‘officially’ in a security field, it keeps coming, and I ended up writing two different novels about it (one moreso than the other.)
[3] The passport itself then becomes an authentication token with high authenticity which in turn is used as proof of authority (the authority to, for example, enter a country).
[4] For the sticklers, I’m blurring together processing power, bandwidth, and latency, because to the end user they are deeply intertwined.
