The broomstick at the door: security and privacy in different times
In old, more secure(?) times, Estonians had the custom of placing a broomstick against the door to denote that nobody is home - the practice still lives in some remote places . Today's situation, however, is different. For most of the second half of the XX century, the Soviet occupation in Estonia kept non-native people off the islands (as they were considered the border zone - and in the USSR, border guard was more busy keeping people in than foreigners out) - one of the few positive aspects of it being the native way of life kept relatively unchanged. But as the freedom finally came, the islands were opened up to outsiders, gradually changing also the security situation.
Something similar can be seen in the world of computing. Steven Levy in his "Hackers" (also seen at the documentary 'Revolution OS') recalls the days of the first hackers in MIT. In this primal hacker paradise, the hacker ethic promoted the culture of sharing, and when the first passwords were introduced to computers, hackers fought them as a means of intrusion and imposing some outside will on them. According to Levy, Richard M. Stallman (today known as "the Father of Free Software", but back then a young promising hacker at MIT) got access to the password file of the MIT system, and sent all users a message like this:
I see you chose the password [such and such]. I suggest that you switch to the password "carriage return". It's much easier to type, and also it stands up to the principle that there should be no passwords.
(Eventually he managed to convince 1/5 of users to use empty passwords. See Levy, p. 417)
The empty password example is probably the best evidence of the shift of paradigm over the times. Stallman felt that the unobstructed flow of information is key issue, and no one should be artificially kept from using the computer. But these were different times:
- computers were rare and expensive, and although the multitude of administrative and bureaucratic barriers surely kept many interested people from using them, it also kept off most of the malicious people (just like it was in Estonian islands)
- the selected few who had access to computers, had much better knowledge on them than today.
Today, a computer is an everyday tool. At least in Western world, nearly everybody can have one (see the blog of a homeless American man), yet the general knowledge on them has drastically decreased. Just as the freedom brought the Estonian islands lots of good-willed tourists as well as quite a number of new criminals, the computer freedom (especially with the ubiquity of fast Internet) has changed the situation remarkably.
Coming back to the empty password - when Microsoft introduced passwords in their ordinary-user systems with Windows 95, most people reacted exactly like Stallman had suggested years ago. The empty password (or in some other cases, one-character or otherwise trivial passwords) became a prevalent way of doing things. The downplay of passwords were further fueled by the fact that in MS Windows 9x series (95, 98, ME) they did not protect anything - the only thing the user could gain by logging in was to keep certain settings (screen background image, desktop icons etc), otherwise it was easier to bypass the login screen just by pressing ESC.
At the same time, the number of malware (malicious software) targetting Microsoft systems was growing very rapidly.
- History of Computer Security - a collection of historical papers on computer security
- Wikipedia: Computer Security - lacks social aspects somewhat
- Computers:Security @dmoz.org - a big pile of links
- Early Computer Security Papers - some more papers (mostly technical)
- A Short History of Computer Viruses and Attacks @Washington Post - a popular-style story
- A Brief History of Information Security - from the Information Security M.Sc programme at Lewis University
- Firewalls and Internet Security - some history too
- Island - an essay by Kaia Lehari, contains the broomstick example.