Security Experts:

Information Selection: Wikileaks, Memes and Information Singularities

“Within thirty years, we will have the technological means to create superhuman intelligence. Shortly after, the human era will be ended.” –Vernor Vinge, The Coming Technological Singularity, 1993

Information Security

Wikileaks is the buzzword of the moment, so why is it such a hot topic? Well, it involves intrigue and spies and cloak and dagger tactics, it involves secrets, technology, politics and people – all at a time when we are afraid of change, terrorism, identity, economics, the list goes on. In a world where information appears to be pouring out of organizations, the issue of actually securing it all looms dauntingly. The Wikileaks logo itself is a rather ominously dripping globe.

And why now? What’s really going on here? Where is it going and how do we deal with this phenomenon?

To answer these questions, we need to first look at the ideas themselves.

In his The Selfish Gene, Richard Dawkins postulated memetics as an evolutionary theory applied to cultural transfers of information. The idea is that “memes,” which are “units” of thought (i.e. ideas) behave like genes in an environment that is biological, but is rather rooted in the chemistry of brains (as in the case of bird song) or in the abstraction of consciousness in the case of Human beings. Memes, or ideas, that are more “attractive” move on and spread, while those that are less attractive die or adapt in the brutal arithmetic of pseudo-natural selection.

We then need to look at the information and how it flows.

Information is liquid; it moves like water and flows and spreads. A better though less intuitive analogy might be found in electromagnetism (EM) as charge “flows” too and the notion of conductivity and even superconductivity makes sense here. Charge flows through channels and dissipates, and we even have a notion of superconductivity where electrical resistance is reduced to zero.

The reason I like the EM analogy is because of something called a Technological Singularity. This was first proposed by Vernor Vinge who looked at exponentially improving fields and thought it through to its boundary condition. The “singularity” occurs when the line “goes vertical” in a growth curve, a point after which we cannot predict what the world will look like.

Why do I mention this? Well it’s useful when looking at some attributes and parameters around information: how it moves and most importantly how fast it moves. Whether we move to an information singularity or not, the rate at which information flows and the (virtual) distances that it travels are not just increasing, they are accelerating. Information today goes further, faster than ever before; and most importantly, this rate will only continue to grow.

Now a clearer picture emerges. The list of things that I started with (intrigue, terrorism, economics) are by nature attractive memes. People want to know secrets because being secrets they are inherently interesting. Further, the technologies we are embracing are all getting more powerful, faster connected, more capable of sophisticated communications. In the EM analogy, the resistance is dropping and the number of conductors is increasing. The media are becoming more widespread and more porous. These two trends, people / ideas and information / media are facts of life. Secrets will always be attractive and will always leak and behave like water flowing out through the lowest points or like charge moving in a flow dipole.

Now onto security and privacy.

To address “leakage”, we must have policies, enforcement, auditing, and processes in place for the people, the ideas and the media, all of which is facilitated by solid information classification (as with the NSA’s Classification of Secrets):

1. The people need clear policies around Human behavior: clear descriptions and definitions, mechanisms for communication and education, tools for helping people make the right decisions easily and it may even ultimately lead to an information bill of rights and empowering Internet Citizens.

2. The media themselves require attention in a similar way to how traditional media is used (e.g. what can be published in a newspaper in time of war) through clear policies, controls, monitoring and so on.

This isn’t just a technology problem, it’s also one that touches on how we see information for example, in the United States with the First Amendment. This is a cultural, a political and a legal issue as much as it is a technology issue. This dual approach to the issue should cast things like the recent Wikileaks stories in a new light, providing the basis for progressively improving the confidentiality, integrity and availability of information and giving us an idea of what the world of security might look like after that point.

view counter
Sam Curry is Chief Technology Officer, Marketing at RSA, The Security Division of EMC. He has more than 18 years of experience in security product management and development, marketing, quality assurance, customer support and sales. Prior to his current role, Mr. Curry was VP of Product Management where he led the strategic direction for all RSA solutions. Prior to joining RSA, Mr. Curry was VP of Product Management and Marketing at CA. Previously, Mr. Curry was also Chief Security Architect and led Product Marketing and Product Management at McAfee. He is a frequent speaker at industry events and has been quoted in Forbes, Bloomberg, CNET, Technology Review, PC World and Computerworld. He has also appeared on Tech TV, CNN and MSNBC. Mr. Curry holds a B.A. in English from the University of Massachusetts and a B.S. in Physics from Mount Allison University.