Public Law and Legal Theory
Working Paper Series
Center for Law, Policy and Social Science
Working Paper Series
the Ohio State University. Many people from diverse disciplines have contributed to my thinking on the
topic of this paper. An earlier version of the project, entitled \u201cWhat Should Be Hidden and Open in
Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory,\u201d was presented
in 2001 at the Telecommunications Policy Research Conference, the Brookings Institution, and the George
Washington University Law School, available at www.peterswire.net. I am also grateful for comments
from participants more recently when this topic was presented at the Stanford Law School, the University
of North Carolina Law School, and the Silicon Flatirons Conference at the University of Colorado School
of Law. Earlier phases of the research were supported by the Moritz College of Law and the George
Washington University Law School. Current research is funded by an award from the John Glenn Institute
for Public Service & Public Policy.
This Article asks the question: \u201cWhen does disclosure actually help security?\u201d
The question of optimal openness has become newly important as the Internet and related
technologies have made it seem inevitable that information will leak out. Sun
Microsystems CEO Scott McNealy received considerable press attention a few years ago
when he said: \u201cYou have zero privacy. Get over it.\u201d1An equivalent statement for
security would be to say: \u201cYou have zero secrecy. Get over it.\u201d Although there is a germ
of truth in both statements, neither privacy nor secrecy is or should be dead. Instead, this
Article seeks to provide a more thorough theoretical basis for assessing how disclosure of
information will affect security. In particular, this Article seeks to understand what is
different between traditional security practices in the physical world, on the one hand,
and best practices for computer and network security, on the other.
Now bringing you back...
Does that email address look wrong? Try again with a different email.