Bruce Schneier has written an interesting piece on how form follows function in any architecture, be it physical or electronic. My thanks to Kevin for pointing it out to me, and to Cory for making sure I didn’t forget about it …. I’ve been rushed off my feet lately….
Schneier’s arguments are simple, brought to life with eloquent examples and anecdotes:
- [Security-driven] changes were expensive. The problem is that architecture tends toward permanence, while security threats change much faster. Something that seemed a good idea when a building was designed might make little sense a century — or even a decade — later. But by then it’s hard to undo those architectural decisions.
- The same thing can be seen in cyberspace as well. In his book, Code and Other Laws of Cyberspace, Lawrence Lessig describes how decisions about technological infrastructure — the architecture of the internet — become embedded and then impracticable to change. Whether it’s technologies to prevent file copying, limit anonymity, record our digital habits for later investigation or reduce interoperability and strengthen monopoly positions, once technologies based on these security concerns become standard it will take decades to undo them.
- It’s dangerously shortsighted to make architectural decisions based on the threat of the moment without regard to the long-term consequences of those decisions.
All this made me think of the QWERTY keyboard. I grew up in a journalist family, with typewriters (the old Remington heavy-enought-to-give-you-a-hernia kind) outnumbering flowerpots at home. And when I first visited our printing press (I must have been nine at the time) I was quite surprised to see an ETAOIN SHRDLU keyboard. And my father explained to me that the QWERTY layout was designed to ensure that adjacent typebars didn’t jam, by separating high-frequency letters; that the layout had the additional “benefit” of slowing typing speeds down as a result. The linotype keyboard, on the other hand, was designed for speed, and therefore followed letter frequency distributions.
Form follows function. Just look how long QWERTY’s lasted. [An aside: It’s always amused me that the longest word you can form using the letters of the first line of the QWERTY keyboard is …. TYPEWRITER. What an unintended consequence. or was it? Maybe Grassy Knoll designed it]
We live in a world of many many cyber threats, some real, many perceived. I like the points that Schneier and Lessig make, particularly the pace-of-change one. There is always a temptation to take corrective action against security threats, both real and perceived; it is best to avoid that temptation altogether; but if we do give in, what we must ensure is that the corrective actions we take are designed to be as temporary as the threats; that we take care to make the response easily reversible, dismantlable, removable.
Imagine what would have happened if the recent ban on liquids on airplanes was enacted as law. Stupider things have been known to happen. In fact some part of me is actually surprised that the No Liquids rule didn’t become law.
Imagine what we’ve been doing to ourselves in building walls around our own information, within our own information. Actually paying people to build the walls, then paying people to drill through them, then paying people to fill the holes in…..
Now they know how many holes it takes to fill the Albert Hall.
Let’s keep those paths unpolluted.