Algorithms & Security – Part 1

I was listening to a repeat of Controlling the Unaccountable Algorithm on BBC Radio 4.  You can find it here.   To understand the programme content, well, the clue is in the title.  At around the 20 minute mark, there is a piece on the use of algorithms in the policing context, specifically predictive policing.  Which is interesting – given my background.

Much of the programme is about the transparency of the algorithm.  It reminded me of two things, I thought they were worth writing about. 

Recollection 1 – in 2001 I read the book Database Nation by Simon Garfinkel.  At the time, it was described by a technology journalist: Davey Winder as a cult book; I would prefer to call it as a seminal work.  For me: it foretold my career path.  Relevant to this post – it described a future where data was used in ways that were difficult to predict.  

Recollection 2 – as anyone who has studied the CISSP (or Information Security more generally, will know) one thing you need to know is: Kerckhoff’s Principle.  A more detailed explanation can be found here, but in essence, when applied to cryptography – the algorithm is open but the key is secret.

Bringing this back to the radio programme, there was a strong requirement to look inside the algorithm.  This was rebuffed by algorithm developers who were supposedly concerned about the exposure intellectual property of their code. 

Additionally – other algorithm developers were saying they simply cannot explain the algorithm – because its black magic.  This appears to be an occurrence of hand-waving.  As an aside – there is a good TED talk on the subject by Cathy O’Neil – who takes part in Controlling the Unaccountable Algorithm.

To conclude, a new Kerckhoff’s Principle for algorithms would help enormously here.  There will be a Part 2 to this post.

Leave a Reply

Your email address will not be published. Required fields are marked *