Ben Laurie blathering

26 Sep 2010

The Tragedy of the Uncommons

Filed under: Rants,Security — Ben @ 3:46

An interesting phenomenon seems to be emerging: ultra-hyped projects are turning out to be crap. I am, of course, speaking of Haystack and Diaspora (you should follow these links, I am not going to go over the ground they cover, much).

The pattern here is that some good self-promoters come up with a cool idea, hype it up to journalists, who cannot distinguish it from the other incomprehensible cool stuff we throw at them daily, who duly write about how it’ll save the world. The interesting thing is what happens next. The self-promoters now have to deliver the goods. But, for some reason, rather than enlisting the help of experts to assist them, they seem to be convinced that because they can persuade the non-experts with their hype they can therefore build this system they have been hyping. My instatheory[1] is that it’d dilute their fame if they shared the actual design and implementation. They’ve got to save the world, after all. Or we could be more charitable and follow Cialdini: it seems humans have a strong drive to be consistent with their past actions. Our heroes have said, very publicly, that they’re going to build this thing, so now they have a natural tendency to do exactly what they said[2].

But the end result, in my sample of two, is disastrous. Haystack has completely unravelled as fundamentally flawed. Diaspora seems to be deeply rooted in totally insecure design. I hope I am preaching to the choir when I say that security is not something that should be bolted on later, and that the best way to do security design is to have the design reviewed as widely as possible. In both Haystack and DIaspora’s cases that could, and should, have been a full public review. There is no excuse for this, it wastes a vast amount of enthusiasm and energy (and money) on ultimately destructive goals.

I don’t have any great ideas on how to fix this, though. Yes, reporters getting expert assistance will help. Many of the experts in the security field are quite outspoken, it isn’t hard to track them down. In Diaspora’s case, perhaps one could have expected that Kickstarter would take a more active role in guidance and mentoring. Or if they already do, get it right.

Natural selection gets you every time.

BTW, if any journalists are reading this, I am absolutely happy to take a call to explain, in English, technological issues.

[1] I love this word. Ben Hyde introduced me to it.

[2] This is known as “consistency” in the compliance trade.

14 Sep 2010

Experimenting With Client Certificates

Filed under: Crypto,Identity Management — Ben @ 16:30

I was recently contacted about yet another attempt to use client certificates for authentication. As anyone paying attention knows, this has some attractions but is pretty much unusable in browsers because of their diabolical UIs. So, I was fascinated to learn that this particular demo completely avoids that issue by implementing TLS entirely in Javascript! This strikes me as a hugely promising approach: now we have complete freedom to experiment with UI, whilst the server side can continue to use off-the-shelf software and standard configurations.

Once UI has been found that works well, I would hope that it would migrate to be part of the browser, it seems pretty clear that doing this on the webpage is not likely to lead to a secure solution in the long run. But in the meantime, anyone can have a crack at their own UI, and all they need is Javascript (OK, for non-coders that might sound like a problem, but believe me, the learning curve is way shallower than any browser I’ve played with).

Anway, pretty much end-of-message, except for some pointers.

I am very interested in finding competent JS/UI people who would be interested in banging harder on this problem – I can do all the crypto stuff, but I confess UI is not my forte! Anyone out there?

Note, by the way, that the focus on browsers as the “home of authentication” is also a barrier to change – applications also need to authenticate. This is why “zero install” solutions that rely on browsers (e.g. OpenID) are likely doomed to ultimate failure – by the time you’ve built all that into an application (which is obviously not “zero install”), you might as well have just switched it to using TLS and a client certificate…

13 Sep 2010

Wasting Public Money: Birth, Marriage and Death Digitisation

Filed under: Open Data — Ben @ 14:10

In 1998 a group of us started FreeBMD, a project to transcribe and make freely available the Birth, Marriage and Death records for England and Wales. The project has been wildly successful and 12 years on we have 250 million records in our database.

In the meantime the government has twice decided to spend a vast amount of taxpayers’ money duplicating our work. The first project, DoVE, was started in 2005. Three years and £8.5 million later, the project had transcribed 130 million records and was closed down. At no point in the process was FreeBMD contacted – not even to inform us that there was a tender open to do what we clearly were highly qualified to do. Nor were the transcribed records made freely available to those who had paid for them. Oh no, that wouldn’t be the thing to do at all – they were instead given to the GRO to sell.

Fast forward a few years, Big Brother is upon us. And I don’t mean the TV program. In 2009 the Identity and Passport Service decide to try again. I’ll quote it here,

The D&I project is currently in a pause status as IPS awaits the outcome of the government’s Comprehensive Spending Review (CSR). It is possible that the outcome of the CSR will impact the overall scope of the project, as well as timescales and procurement activity.

since history shows that the government are not very good at preserving records[1]. Anyway, you’ll notice that it’s been suspended again, at what cost to the taxpayer I don’t know, perhaps someone out there does. Since the new government has decided to scrap identity cards, which were the driving force for this project (note: no public access to the transcription was planned) I am quietly confident that the outcome of the CSR will be to scrap the project. Again. Of course, they will call it “stalled” or “delayed” so when they next decide to waste our money on it they can revive it.

Anyway, let me go on record now and say this: FreeBMD will complete this transcription, without cost to the taxpayer, given access to the source records. There’s just one condition: we have to be able to publish the complete transcription, free of charge, on the Internet. Of course, it’ll go a bit faster if we do get some money, so I won’t say we wouldn’t accept if it were offered!

Of course, we’ve always been prepared to do this, but why would civil servants shaft their cronies by saving money in that way?

[1] All references to DoVE[2] seem to have been conveniently obliterated by a “move” of the GRO’s website, even though some of it is still hosted on the same website!

[2] Well, at least all references on this rather nice timeline I discovered while researching this post.

Powered by WordPress