November 04, 2006

Torture and Computer Science

Greetings. As reported in the Washington Post, the Bush Administration is now apparently asserting that the interrogation techniques that have been used against suspects who were/are held in the "secret" CIA prisons are now classified TS/SCI (effectively the highest conventional level of security classification in the DOD hierarchy).

The administration is arguing that these suspects must not be allowed to meet with lawyers since interrogation techniques might be disclosed, and that (by implication) these suspects must never be allowed to tell anyone how they were interrogated.

Some suspects who have already been released have made claims of torture at the hands of the U.S. The U.S. says that it does not torture, but refuses to disclose the interrogation techniques that are in use. Vice President Cheney famously agreed recently that a "dunk in the water" was a no-brainer technique, but the White House has subsequently claimed that while this remark did not specifically admit that the U.S. used the torture technique of waterboarding, the exact meaning of Cheney's remark would not be further explained.

The logical implication of the administration's assertion of TS/SCI level classification for interrogation techniques would seem to be that they indeed plan to hold remaining suspects indefinitely -- for how else can be ensured the confidentiality of the interrogation techniques so classified? An innocent suspect who was released could not be prevented from talking (after all, they don't hold TS/SCI clearances that could be pulled!) and if the administration is unsatisfied with the current procedure of refusing to address the claims of already released suspects, then the only other option would seem to be to make sure that there aren't any more released suspects.

In computer science and crypto work, there is sometimes used a "technique" called "security through obscurity" -- a largely discredited philosophy of trying to ensure security by keeping design elements secret, rather than ensuring secure design principles themselves. For example, a well designed crypto system should not need to include any secret tables that cannot be publicly released and so subjected to broad scrutiny and evaluation of the system's actual strength.

A major problem with security through obscurity is that obscurity tends to dissipate with time. For example, in the news right now are reports of concerns over a U.S. government Web site that apparently disclosed some level of nuclear weapons design information. That data has now reportedly been removed from that site, but is presumably already mirrored and archived at other locations around the world. Even more to the point, the real limit (such as it is) on the proliferation of basic nuclear weapons at this stage is not so much design techniques, but rather the availability of fissile materials.

Security based on secrets rather than design is always vulnerable to those secrets being disclosed or reverse-engineered. In the case of information that relates directly to potential human rights violations such as the use of torture (or "alternative interrogation techniques" -- seemingly six of one or half-a-dozen of the other) asserting that U.S. security would be compromised by the revelation of those techniques indeed suggests that methods generally classified as torture or other human rights violations may indeed be in use against potentially innocent suspects.

If our national security is now truly based on a foundation of keeping interrogation techniques secret -- and everything therefore implied about holding suspects indefinitely and incommunicado -- then we not only have horrendously flawed and vulnerable security, but we have lost our way as a nation as well.


Posted by Lauren at November 4, 2006 09:00 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein