REVIEW: "The History of Information Security", Karl de Leeuw/Jan Bergstra
- BKHISCCH.RVW 20081020
"The History of Information Security", Karl de Leeuw/Jan Bergstra,
%E Karl de Leeuw karl.de.leeuw@...
%E Jan Bergstra
%C 256 Banbury Road, Oxford, OX2 7DH
%I Elsevier Advanced Technology
%O +44 865 512242 Fax: +44 865 310981 books.elsevier.com
%O Audience i Tech 1 Writing 2 (see revfaq.htm for explanation)
%P 887 p.
%T "The History of Information Security: A Comprehensive Handbook"
Chapter one, which stands in for an introduction to the papers in this
volume, already notes that the title is inaccurate. The editor admits
that this work is not a history, as such, but an overview from the
perspective of different disciplines related to information security,
taking a historical approach in examining the socio-political shaping
of infosec. The authors ask whether technology influenced public
policy and politics, and look for information security strategies (or
the lack thereof) in politics. I found the selection of references
disquieting, noting that the editor responsible for the choice of
papers complained that there was no historical material addressing
industrial espionage, administrative practices, disruption of
communications with criminal intent, or other areas. No mention is
made, in the references, to the works of Stamp (cf. BKINSCPP.RVW),
Winkler (cf. BKCRPESP.RVW, BKSPAMUS.RVW), or Denning (cf.
BKDENING.RVW) to name just a few.
I can agree with the emphasis on social aspects of security: security
is, and always has been, a people problem. Information security,
however, necessarily involves technology, and the authors of most of
the papers included in this collection have concentrated so much on
history (mostly in the form of dates and political rivalries) that the
questions of influence of technology on politics, or politics on
technology, can't really be analyzed. Additionally, enormous topical
areas relevant to information security (such as risk management,
intrusion detection, cryptographic infrastructure (PKI), physical
security, computer architecture, application development, and malware)
are notable by their absence.
Part one addresses intellectual property. Essay subjects include
various forms of censorship and self-censorship (with no mention of
the "full disclosure" debate), the German patent system, copyright,
and the application of copyright and patent to software.
Part two looks at items related to identity management, with a highly
abstract and impractical philosophy of identity, notes on document
security, a review of identity cards, and a recent history of
Although entitled "Communications Security," part three is about
cryptography. The papers on Renaissance (1400-1650) and Dutch (up to
1800) cryptography, British postal interception up until the 1700s,
the KGB crypto office, and the NSA (US National Security Agency) are
of primarily political interest. The articles on rotor cryptography,
Colossus, and the Hagelin machines have points of curiosity, but are
still very thin on technical details. A final essay attempts a very
terse overview of modern cryptographic concepts.
Computer security is in part four. Early US military evaluation
standards, some of the basic formal information security models, an
academic look at application security and auditing, a rough division
of recent information technology into decade "periods," an equally
unpolished history of Internet security, and a scattered review of
computer crime make up this section.
For some reason questions of privacy and regulations governing the
export of cryptography are seen to fit together in part five. Three
papers present US cryptographic export restrictions, a random and not
completely successful attempt to define privacy, and various US
undertakings at regulating the use of encryption.
Part five can't have been lumped together simply due to a lack of
articles, since part six is a single piece providing a limited and
incomplete overview of information warfare.
As a book this volume is disappointing. It is not "a history," merely
a collection of papers, with little structure or linkage. The topics
relate to security, but a work on infosec should have more technical
content and understanding. It is certainly not comprehensive. And,
at several kilograms in weight, it bears little resemblance to a
That said, a number of the essays do provide interesting historical
points, anecdotes, and references. Therefore, those with the stamina
to work through the material may be rewarded with historical nuggets,
and pointers to further sources of information.
copyright Robert M. Slade, 2008 BKHISCCH.RVW 20081020
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Computing Science: the study of the use and sometimes
construction of digital computers. It is a fashionable,
interesting, difficult, and perhaps useful activity.
- Christopher Strachey