You know, I want to to talk to you about the disclosure threat. Now you recall that disclosure is about confidentiality. And usually the best way to get some deep insight into these types of things is through a story. So this, I think you'll enjoy this. It's kind of fun little, different story. Here in the United States we've had problems with political parties protecting data. And as I speak to you now, roughly 20 years ago, back in the mid 90s, the Democratic National Committee. So here in the United States, we've Democrats and Republicans. But the Democrats actually called me, concerned that email security might be something that would cause him to loose in election and they wanted to know if they could ask some help producing more privacy in their email. How funny is that? Just 20 years later you could argue that had they had a better privacy in your email, might had some differences in the way elections and so on have gone. But at any rate, let me tell you about the story. Say two buildings that were connected in Washington, DC by a telecommunications line. And the way it worked in those days, it would be a private line connection out to the ISP, like a phone line in a sense. And what they were interested in was putting encryption at either end of the line. Now here's the idea. A lot of disclosure and confidentiality problems are fixed by a technique known as encryption. We're going to talk about that at length in these lectures. But the idea'is that you garble or scramble what's going on between two buildings, between two people, between two entities, two computers, whatever, or a group. You garble it, the idea that if somebody comes along in the middle, and listens, puts a tap on your communication, then they won't be able to understand what's there, does that make sense? Like if you and I were together in a room, and we're talking the way we're talking now. Somebody's sitting next to us and they're listening. Then they understand what we're saying, there's no secrecy at all. In fact here in the United States we have laws that say if you and I are sitting say in a Starbucks together, talking. And we're jibber jabbering back and fourth. And somebody's sitting next to us? They have every right to listen. Now you may be in a country where that's different, but I think that's pretty universally the case. That if you're in a public square, then you can listen, you're there. You don't want anybody to listen, go somewhere else, right? If I want to go hide somewhere in the corner, and have a private whispered conversation. Then again, here in the United States, we have laws that say you and I, as friends, if we want to have a private conversation, the government's not going to come put a big boom microphone over our head and listen. Again, you may be in a country where that would be different, but you get the idea. The confidentiality and disclosure are about this idea of communication. Now back to sort of the Democratic story. They were concerned about the communications between their two buildings and putting some sort of encryption between the two, which I think makes perfect sense. Now putting that encryption, as you'll see, is not so easy. You have to figure out where you want to do it. Do you do it on everybody's handset? Do you do it on all their computers? Or you go into the basement of the two buildings and do it on the wire that goes out of the building. Now in the first case where you do it all over the place that's called end-to-end encryption or end-to-end secrecy. That's a way of enforcing confidentiality properties between individuals, regardless of the systems that they're using. That's one approach and the advantage is it works better the disadvantage is way more work. If I did it at the basement, where the wire's coming out of these two buildings to connect to each other, that's called link encryption or link secrecy. Where, between the buildings, I garble stuff so if within the building or within some network or some enclave, I hope there's all good people there. We can say that that's very closely related to something we call a perimeter model. But as long as it leaves the building, nah, I make sure I have secrecy. So as you can see, this disclosure property is certainly more involved than just things leaking. Where do we solve this is going to be a combination of different architectural concerns. And certainly of using functionality such as encryption. Now, what I would like you to think about is maybe from an organizational perspective. If somebody is giving you advice, as I did 20 years ago on this encryption, what would be the circumstances under which you may either do it or not do it? Like for example, if you're running a business and I came along and I said, hey, why don't you put encryption on all your stuff. You should be worried about disclosure. But what would you do? Would you just immediately take the advice that I provide? Put the encryption in place? Put link and end-to-end the encryption, do all the stuff? Or would there be other considerations that would come to mind? For example cost. Does it cost a lot of money to do this? Lot of time? Does it affect our communication? When we're talking over the phone, if I put encryption, does it suddenly sound like we're both talking to each other through a tunnel? These are basic ideas, and as we go through the threat types, you're going to see that if I want to counter the disclosure threat, it doesn't come for free. There's going to be things I have to do to counter that and that's what I'd like you to ponder as you think through this session. Think about the conditions under which you might actually take the time to dramatically reduce the risk, in this case, of disclosure, thanks.
