Interesting People mailing list archives
Security vulnerabilities in journalism
From: Dave Farber <dave () farber net>
Date: Mon, 28 Apr 2003 07:00:48 -0400
------ Forwarded Message From: Matt Blaze <mab () crypto com> Date: Mon, 28 Apr 2003 01:41:13 -0400 To: dave () farber net Subject: Security vulnerabilities in journalism There was a short piece on NPR's _All_Things_Considered_ yesterday (26 April) about Bill Gaines, a journalism professor at UIUC, and his students. They claim to have discovered the identity of "Deep Throat," the confidential source who famously led Bob Woodward and Carl Bernstein to break the Watergate story, which ultimately brought down the Nixon administration. As I understand it, the UIUC project took facts from previously published material and applied the basic techniques of investigative journalism to eliminate, one-by-one, possible Deep Throats until, finally, only a single candidate remained. As interesting as it was to learn the (possible) identity of this important figure of modern American history, I found even more interesting the reaction of some of Professor Gaines' colleagues to his research. Several prominent practitioners and scholars of journalism roundly condemned it as irresponsible and unethical. I could not help but be reminded of how the discovery of computing and cryptologic security vulnerabilities sometimes draws similar reactions, and in particular of how we ultimately recognize that vigorous research aimed at uncovering flaws is the only known way of discovering and correcting them. The NPR report included comments from Tom Rosenstiel of the Project for Excellence in Journalism, who worried that this work will cause potential confidential sources to be reluctant to talk with journalists for fear that their identities won't be protected properly. Perhaps, but if so, it seems to me that those fears may be well founded. I have always though of Woodward and Bernstein's protection of Deep Throat's secret as something of the "gold standard" of journalistic confidentiality. If indeed this turns out to have been a failure, future Deep Throats would do well to ask their press contacts what they intend to do differently, and future Woodwards and Bernsteins would do well to have an answer for them. To the extent that sources ask these questions and journalists develop practices that allow them to give better answers, I would think that the profession of journalism is being advanced. But it seems instead that we have someone claiming to seek "excellence" in journalism apparently advocating that something as fundamental as source confidentiality would be best served by not asking too many questions. I hope that's not what he meant, or at least that his quote was taken out of context. Even more disheartening was Carl Bernstein's angry reaction, quoted in the Cleveland Plain Dealer, where he calls for Professor Gaines to be "spanked" for investigating this subject: "The last thing students in a journalism class should be doing is trying to find out who other reporters' sources are," said Bernstein, a contributing editor at Vanity Fair magazine who broke the stories with colleague Bob Woodward. "They should be learning how to protect sources." Doesn't Bernstein realize that that was exactly what they were doing? As computer security researchers (and spies) know well, it is very difficult to keep secrets. Critical clues, whether they concern cryptographic keys or the identity of a mole, tend to slowly leak and accumulate over time and can eventually point toward a single, unambiguous, answer. Avoiding this phenomenon in computing systems requires great care and is well recognized as a difficult problem -- it is frequently the subject of scholarly research. Surely journalists, too, recognize that secrecy in their own domain is a challenge; one hopes they also understand that this kind of research ultimately raises, rather than degrades, our confidence that they are up to it. Matt Blaze 27 April 2003 Links: Plain Dealer article: http://www.cleveland.com/news/plaindealer/index.ssf?/base/news/1051263572302 521.xml All Things Considered piece: http://discover.npr.org/features/feature.jhtml?wfId=1245255 ------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Security vulnerabilities in journalism Dave Farber (Apr 28)