May 19, 2019

Keeping Honest People Honest

At today’s House committee hearing on the broadcast flag, Fritz Attaway of the MPAA used a popular (and revealing) argument: the purpose of the broadcast flag is “to keep honest people honest.” This phrase is one of my pet peeves, since it reflects sloppy thinking about security.

The first problem with “keeping honest people honest” is that it’s an oxymoron. The very definition of an honest person is that they can be trusted even when nobody is checking up on them. Nothing needs to be done to keep honest people honest, just as nothing needs to be done to keep tall people tall.

The second problem is more substantial. To the extent that “keeping honest people honest” involves any analytical thinking, it reflectss a choice to build a weak but conspicuous security mechanism, so that people know when they are acting outside the system designer’s desires. (Mr. Attaway essentially made this argument at today’s hearing.) The strategy, in other words, is to put a “keep out” sign on a door, rather than locking it. This strategy indeed works, if people are honest.

But this is almost never the kind of security technology that the “keeping honest people honest” crowd is advocating. In my experience, you hear this phrase almost exclusively from advocates of big, complicated, intrusive, systems that have turned out to be much weaker than planned. Having failed to build a technologically strong system, they say with cheerful revisionism that their goal all along was just to “keep honest people honest.” Then they try to sell us their elaborate, clunky, expensive system.

The problem is that it’s cheap and easy to build a “keep out” sign. If that’s all you want – if all you want is to help honest people keep track of their obligations – then simple, noncoercive technology works fine. You don’t need a big, bureaucratic initiative like the broadcast flag if that’s your goal.

The funny thing here is that the MPAA is getting out in front of the curve. Usually vendors wait until their security technology has failed before they change their sales pitch to “keeping honest people honest.”

Comments

  1. Keeping Tall people Tall

    In his “Freedom-To-Tinker” blog, Edward W. Felten posted comments in response to statements made by Fritz Attaway of the MPAA