Slashdot Mirror
Freedom of Information Act vs Homeland Security
psyki writes "Should vulnerabilities in our public infrastructure be handled like vulnerabilities in computer security? Wired has an interesting article about the state of the Freedom of Information Act, particularly how it is becoming increasingly difficult to obtain documents from reluctant agencies in the security-conscious post-Sept 11 era. What really made me think, however, was this line: "While keeping information about security vulnerabilities out of terrorists' hands is a legitimate goal, McMasters believes the government is taking secrecy a step too far. In the end, he said, communities would be safer and better able to plan for their own protection if they were aware of potential security holes in power plants, airport terminals or other facilities.". Sounds an awful lot like the raging debate in the computer security community regarding publicizing vulnerabilities."
I admit that I am a firm believer in publicizing software vulnerabilities and that it increases security. As such I believe that open systems are more secure than closed systems in the long run. In other words, I think that it's easier to hack into a closed-source system (via binary disassembly) than into an open-source system (by looking at source code).
But we're not just talking about software here. And there is no question that when an exploit is published that some individuals will take advantage of it. Publishing exploitable details could very well allow a single exploit, which IMHO is one too many.
So, Thomas Jefferson is immature and doesn't understand liberties and responsibilities?
Actually, I misremembered. I meant Franklin.
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
I would certainly place government transparency under the essential liberty, as too much will happen if it's covered up.
With no sensible limits to the transparency? It may be a problem that the gov't is too secretive with some information, but the opposite end of the spectrum is requiring things down to the schematics of military weapons and installations be available for perusal by any Tom, Dick, and Ahmed.
The right path lies in the middle, but full transparency of the government is most definitely not an essential liberty.
The difference is that FOIA covers the government while the debate about security vunerabilities is in the private sector.
The analogy is a good one but let's not confuse private industry's interest in profit with our interest in an open government.
The arguement can be made that Microsoft is so vital that it has to be as equally transparent as the government is (supposed to be). But, as influencial and omnipotent as Microsoft is, it isn't government, it is owned by Bill Gates and stock holders not a voting public.
Demand that the government FIXES it rather than just relying on security through obscurity. . .
The U.S. Government seems intent on the idea that if they HIDE the security flaws that those flaws will not be exploited by terrorists. (and of course as a bonus side effect they don't have to hear the public keep on bitching about those security holes either!)
Well first off, it is fairly hard to stop people from WALKING THROUGH public places. Second off, copies of plans still exist in archives unscrupulous individuals (a category which terrorists definitely fall into the category of) are more than willing to find ways to gain access to.
So does hiding the security flaws make any difference? No, shit will still get blown up. The only difference is that the people won't get to realize how much danger they are in and thus will not be able to force their legislators to FIX those problems before those problems ARE exploited.
Democracy relies on the principle of a populous educated on issues pertinent to society. Kind of hard to have an EDUCATED populous when the government keeps on taking away the relevant data!
Need help treating your acne? Come here!
This is a response to several posts made here.
I've seen several posts so far that deal primarily with terrorists causing nuclear plants to meltdown, but really that's an extreme point of the kind of information that is being held back. One poster said, basically, that a dead man doesn't have any civil liberties, and that's certainly true and there are some things that the government should keep secret, like the locations of military weapons depots and our own nuclear arsenal. But the article isn't about just nuclear plants and military weapons. It's about all sorts of ways that communities could make themselves safer. Maybe folks could brainstorm some things that the government should be telling us, and then we can get of this extremist example.
To refer to another post, somebody asked if "you would pour the concrete yourself," presumably in reference to making some sort of architectural structure safer in the event of a terrorist attack. There are a lot of people out there who know how to pour concrete, and I would bet quite a few of them would be willing to provide their knowledge and experience to help make their communities safer.
Finally, a lot of words have been given to the comparison of community security issues to open vs. closed software. Well, I have to say that it's simply not true that secrecy is the best policy because, as any Thursday-night sitcom can tell you, no matter how "secret" you keep something, it's going to be found out sooner or later. Last year sometime I remember hearing a report on NPR about how the government was trying to get libraries to remove from circulation CDs that contained information about reservoirs and water supply sheds, etc., because this information could be used to make a terrorist attack. But the problem with this, besides the fact that the information is already "out there" (you can't close Pandora's box, at least not effectively), is that terrorists obviously do their research, and they're gonna find the reservoirs they want anyway. Heck, all they need to do is read Stephen King's "Dreamcatcher" to take care of greater Boston...perhaps we should ban that! But it's not just about terrorist attacks. People should have the right to know where the water they drink comes from. Sure, a lot of people will do nothing with the information, but should the day come that they need it, god forbid the info isn't there!
Essentially, I do believe that some things should be kept secret, but not many things. Plans for WMDs? Certainly! The structural integrity of the bridge I drive over everyday to go to work? Certainly not!
"The evil of the world is made possible by nothing but the sanction you give it." -- Ayn Rand
And you do this through betraying them by exposing them to harm from enemies?
By trying to protect my liberties I do no such thing.
I would rather live in a free United States, than a Soviet United States with an Orwellian style government, even if the latter is more secure, because the former is worth dying for. If the latter is something you are interested in go move to Communist China where everything and anything about you and what you do is able to be watched and controled by the government, and you have no access to any information regarding the government or what they have done, what they are planning, etc... Sounds like the type of country you are interested in.
This propaganda that you either have liberty or you have security is just that: propaganda bullshit.
http://www.archive.org/details/ThePowerOfNightmares