Sunday, August 17, 2008

Good Security is Hard

Good security is hard is a common mantra, especially from Bruce Schneier, and he has a very good article in the current Crypto-Gram as well as published in Wired entitled Memo to the Next President. I especially liked his 3rd point:

Three, broadly invest in research. Basic research is risky; it doesn't
always pay off. That's why companies have stopped funding it. Bell Labs
is gone because nobody could afford it after the AT&T breakup, but the
root cause was a desire for higher efficiency and short-term
profitability -- not unreasonable in an unregulated business. Government
research can be used to balance that by funding long-term research.

Spread those research dollars wide. Lately, most research money has been
redirected through DARPA to near-term military-related projects; that's
not good. Keep the earmark-happy Congress from dictating how the money
is spent. Let the NSF, NIH and other funding agencies decide how to
spend the money and don't try to micromanage. Give the national
laboratories lots of freedom, too. Yes, some research will sound silly
to a layman. But you can't predict what will be useful for what, and if
funding is really peer-reviewed, the average results will be much
better. Compared to corporate tax breaks and other subsidies, this is
chump change.
It makes so much sense, but seems so anathema to the political process. In the next President, will we perhaps see a change in policy, a change for the true appreciation of science? Will the next President (and Congress) be strong enough and intelligent enough to realize that security by consensus is mediocre security? That for truly good security (and this does not mean anything resembling a police state), you will undoubtedly upset some special interest or group.

Will the next President be business as usual or will we see something different?

No comments: