How Changing Technology Affects Security
+ Brandon Fuller
Bruce Schneier on how changing technology affects security. An interesting example of how human progress is driven by the coevolution of technologies and rules. When our rules fail to keep up with the pace of technological change, the social benefits of advances in technology get diluted.
Security is a tradeoff, a balancing act between attacker and defender. Unfortunately, that balance is never static. Changes in technology affect both sides. Society uses new technologies to decrease what I call the scope of defection — what attackers can get away with — and attackers use new technologies to increase it. What’s interesting is the difference between how the two groups incorporate new technologies.
Changes in security systems can be slow. Society has to implement any new security technology as a group, which implies agreement and coordination and — in some instances — a lengthy bureaucratic procurement process. Meanwhile, an attacker can just use the new technology…Defectors are more agile and adaptable, making them much better at being early adopters of new technology.
Schneier goes on to point out that some technologies do seem to make us unambiguously safer.
There are technologies that immediately benefit the defender and are of no use at all to the attacker — for example, fingerprint technology allowed police to identify suspects after they left the crime scene and didn’t provide any corresponding benefit to criminals. The same thing happened with immobilizing technology for cars, alarm systems for houses, and computer authentication technologies. Some technologies benefit both but still give more advantage to the defenders. The radio allowed street policemen to communicate remotely, which increased our level of safety more than the corresponding downside of criminals communicating remotely endangers us.