Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Security vulnerabilities in journalism

From: Dave Farber <dave () farber net>
Date: Mon, 28 Apr 2003 07:00:48 -0400

------ Forwarded Message
From: Matt Blaze <mab () crypto com>
Date: Mon, 28 Apr 2003 01:41:13 -0400
To: dave () farber net
Subject: Security vulnerabilities in journalism

There was a short piece on NPR's _All_Things_Considered_ yesterday (26
April) about Bill Gaines, a journalism professor at UIUC, and his
students.  They claim to have discovered the identity of "Deep
Throat," the confidential source who famously led Bob Woodward and
Carl Bernstein to break the Watergate story, which ultimately brought
down the Nixon administration.  As I understand it, the UIUC project
took facts from previously published material and applied the basic
techniques of investigative journalism to eliminate, one-by-one,
possible Deep Throats until, finally, only a single candidate
remained.

As interesting as it was to learn the (possible) identity of this
important figure of modern American history, I found even more
interesting the reaction of some of Professor Gaines' colleagues to
his research.  Several prominent practitioners and scholars of
journalism roundly condemned it as irresponsible and unethical.  I
could not help but be reminded of how the discovery of computing and
cryptologic security vulnerabilities sometimes draws similar
reactions, and in particular of how we ultimately recognize that
vigorous research aimed at uncovering flaws is the only known way of
discovering and correcting them.

The NPR report included comments from Tom Rosenstiel of the Project
for Excellence in Journalism, who worried that this work will cause
potential confidential sources to be reluctant to talk with
journalists for fear that their identities won't be protected
properly.  Perhaps, but if so, it seems to me that those fears may be
well founded.  I have always though of Woodward and Bernstein's
protection of Deep Throat's secret as something of the "gold standard"
of journalistic confidentiality.  If indeed this turns out to have
been a failure, future Deep Throats would do well to ask their press
contacts what they intend to do differently, and future Woodwards and
Bernsteins would do well to have an answer for them.  To the extent
that sources ask these questions and journalists develop practices
that allow them to give better answers, I would think that the
profession of journalism is being advanced.

But it seems instead that we have someone claiming to seek
"excellence" in journalism apparently advocating that something as
fundamental as source confidentiality would be best served by not
asking too many questions.  I hope that's not what he meant, or at
least that his quote was taken out of context.

Even more disheartening was Carl Bernstein's angry reaction, quoted in
the Cleveland Plain Dealer, where he calls for Professor Gaines to be
"spanked" for investigating this subject:

     "The last thing students in a journalism class should be doing is
     trying to find out who other reporters' sources are," said
     Bernstein, a contributing editor at Vanity Fair magazine who
     broke the stories with colleague Bob Woodward. "They should be
     learning how to protect sources."

Doesn't Bernstein realize that that was exactly what they were doing?

As computer security researchers (and spies) know well, it is very
difficult to keep secrets.  Critical clues, whether they concern
cryptographic keys or the identity of a mole, tend to slowly leak and
accumulate over time and can eventually point toward a single,
unambiguous, answer.  Avoiding this phenomenon in computing systems
requires great care and is well recognized as a difficult problem --
it is frequently the subject of scholarly research.  Surely
journalists, too, recognize that secrecy in their own domain is a
challenge; one hopes they also understand that this kind of research
ultimately raises, rather than degrades, our confidence that they are
up to it.

Matt Blaze
27 April 2003


Links:
Plain Dealer article:
http://www.cleveland.com/news/plaindealer/index.ssf?/base/news/1051263572302
521.xml

All Things Considered piece:
http://discover.npr.org/features/feature.jhtml?wfId=1245255



------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: