Call to Arms for Software Engineers

Newsgroups: comp.risks
Subject: Re: Tenth Anniversary Issue
Distribution: world
Date: Aug  6  1995

In issue 17.23, Dave Parnas (parnas@triose.crl.mcmaster.ca) has made
some observations and assertions that don't sit quite as well as does
the other hoopla surrounding comp.risks' tenth anniversary. I find
myself agreeing with him. Though it is wonderful and surprising that
comp.risks has become a veritable pop phenomenon, standing out against
a backdrop of homogeneous Usenet gunk, it seems wrong for this
obviously bright and involved group of people to be satisfied simply
_reporting_ the slow burning of our cities of information, the
misguidance and futility of their laws, and the slapshod construction
of their infrastructures.

Virtually every time I talk shop with my colleagues, within or outside
my company, I encounter the same attitude: security is, in their view,
unmarketable and over-complicated. Moreover, they have rarely taken
even the first baby steps toward the information-scientific view of
networked computing. They view security as obscure, unglamorous, and
boring, leaving me and a precious few others in a small society of
those who view good security as prerequisite.

It truly irks me when I am told to get something out the door as fast
as possible, and "worry about security in the next release." That is
something I must not do, and I can only hope that all the other
professional software engineers and architects out there will follow
suit. Conscience is becoming part of the package: Winn Schwartau's
_Terminal Compromise_ barely qualifies as fiction.

What to do? Grab a keyboard, a copy of the U.S. Constitution (*with*
Bill of Rights), and go to work. If you're already working, grab that
Constitution and try to think of a way someone could use the fruits of
your labor to deny someone else's constitutional rights. If you find a
way, change your design strategy. Change it until you leave open as
few avenues for malicious exploitation or destruction as possible.
Never espouse or use security by obscurity or authority by
intimidation. Never justify a reduction in individual quality of
life, or in our collective national security, with arguments about
time-to-market. It's un-American. Never justify a reduction in our
individual privacy and responsibility with arguments about revenue or
law enforcement. It's doubly un-American.

Finally, it is becoming much more apparent that software engineers
must also view themselves as social engineers. Case in point: there
are countless organizations which use "firewalls" as the proverbial
carpet, under which to sweep all their security problems. This is
representative neither of the best interests of those in the
organizations, nor of the reality of how to secure information. Many
firewalled networks can be compromised from the outside, and virtually
all of them can be trivially compromised from the inside (since the
firewall convinces those behind it that they need not be concerned
with security).  Organizations should take it upon themselves to adopt
cryptographically secure information infrastructures and auditing
strategies, and the software community should recognize the mandate to
provide the tools to implement them. Without a doubt, organizations
which manage information about private individuals should be required
by law to appropriately secure this information. The promise "we will
not reveal this information to anyone without your permission" must
cease to be idle.

Daniel Pouzzner