Copy-Pasta: Integrity


I am copy-pasting this cause i must.

Source

In the film Locke (2013), construction manager Ivan Locke learns that a colleague with whom he had a one-night stand a few months before, and which resulted in her becoming pregnant, has gone into premature labour the evening before he must supervise a massive concrete pour in Birmingham. Despite his job responsibilities and although his wife and sons are eagerly awaiting his arrival home, Locke decides to drive to London to be present during childbirth. Over the course of the one and a half-hour drive from Birmingham to London, Locke calls many different people; during these calls, he is fired from his job, he coaches his assistant through preparing the pour despite some major setbacks, and is banned from his house by his wife. He also has several imaginary conversations with his dead father, whom he reprimands for abandoning them, while vowing that he will not repeat that mistake.

Locke’s story, on the surface, seems to revolve around a bizarre, catastrophic decision relating to an insignificant affair; but when examined more in detail, it reveals a strong, captivating element of character integrity. Integrity is one of the most important, yet puzzling human virtues. There are several things that people tend to relate with integrity: it can often be used synonymously with morality, although it is perfectly possible to act with integrity while acting immorally. Integrity is sometimes used as completeness (of character, work, or vision) and sometimes used as standing for something important. In Ivan Locke’s context, it means commitment to one’s decision, or, unchangeability no matter the cost.

A more thorough examination of this unchangeability attribute reveals several different components, including, amongst others, honesty, reliability and accountability. Honesty is mostly self explanatory, and includes straightforwardness of conduct, along with the absence of lying. Reliability and accountability refer, essentially, to the same quality, the difference being that reliability is needed in neutral or positive scenarios, whereas accountability is needed when dealing with negative outcomes and crises.

***

In the domain of information security, integrity equals unchangeability. Integrity is one of the three core elements in the CIA -Confidentiality, Integrity, Availability- triad, and, as such, it is an extremely important concept in the field. There are many data integrity mechanisms and technologies available, all of them striving to achieve the same goal: ensure that our data is consistent, accurate and reliable throughout its entire lifecycle.

Data integrity can be damaged accidentally or deliberately. As a general rule, accidental damage tends to be related to technical failures (electromechanical faults, power outages, material fatigue, corrosion) or environmental hazards (natural disasters, ionizing radiation, extreme temperatures, pressures) while deliberate damage tends to be related to misbehaving humans. Humans are sometimes responsible for accidental damage too; but thankfully, as we haven’t reached Skynet levels of artificial general intelligence yet, machines cannot cause deliberate damage to our data. And while there are various methods to defend data from being accidentally damaged (Uninterrupted Power Supply mechanisms, redundancy, backups, error-checking features in modern filesystems), it is much, much harder to protect data from a determined and skilled malicious actor.In many senses, the entire edifice of Information Security is an attempt to defend against misbehaving users.

For the purposes of this essay, let us consider a single defence mechanism that can comprise a very solid baseline in protecting data integrity from human threat actors: ensuring that the human users who process data are, like Ivan Locke, characterised by integrity. We tend to rely on two sources of temporal information to verify character integrity: the past and the present. The past, in this context, means inspecting the individual’s track record. We do this via background checks, referral letters, and due diligence investigations. If an individual has been honest, reliable and accountable in the past, chances are that they will tend to behave in a similar manner in the future. Of course, track records themselves need to be reliable for this method to work. The present as a source of information means that we try to infer whether people are characterised by integrity, based on their words and body language. Body language interpretation, in particular, is an extremely interesting field, and many intelligent people have put significant effort in decoding these signals. Understandably, this method, tοο, is far from infallible, as it is subject to emotional, cultural and situational distortion, both on the side of the observer and the observed.

Once our defences are in place, verification of data integrity is a straightforward business: produce a message digest of the data at an early stage, (when one is certain that the data is intact), and another message digest at a later time. If the digests are identical, we can be reasonably certain that the data has not been altered. The simpler form of this digest, typically used to protect data against accidental alteration, is a checksum, while the more advanced form, designed to protect against malicious tampering, is a Cryptographic Hash Function, such as SHA-512.

Let us explain the phrase “reasonably certain”. The underlying algorithms used by cryptographic hash functions are open standards, which is to say they are subject to public scrutiny. More importantly, cryptographic hash functions are, essentially, mathematical algorithms. They do one job -map data of an arbitrary size to a bit array of a fixed size- and they are very good at doing it. Unless there are three-letter agencies out there which have planted backdoors into these algorithms, perfected quantum cryptanalysis or have otherwise subverted our reality beyond our wildest imagination, we can trust these algorithms when they tell us that our data has not been altered.

***

Once we have completed, to the best of our ability, our work in ensuring its integrity, we can use our data confidently as part of our engagement with more important tasks. Increasingly, human activities use digital information as input to produce results. If the data these activities use is reliable and intact, so will be their output. This is extremely important for institutions whose foundation is based on the pursuit of truth, both as their compass and criterion of success. Journalism, Law, Science, are all doomed to failure if the data they use is incomplete, tampered or otherwise unreliable.

To state the obvious: data integrity does not guarantee the discovery of truth. Our best efforts in many human enterprises throughout millenia have taught us that the truth -whatever we mean by this word- is a moving target; we can only get glimpses of it, and need to stay on our toes and alert to keep it within reach. But we can be fairly sure that, when our data -and our people- are reliable and intact, they can be worthy allies in the pursuit of truth. When amidst complex scenarios with many parameters, unknown elements and overall uncertainty and unpredictability, integrity -of humans and data- can be seen as a constant which is on our side when trying to decide how to make sense of what we are working with. And even when it does not help, we can at least be certain that the integrity attribute will be a neutral factor, one that will not be generating additional distortions to worry about.

The philosophically minded may be tempted to ask at this point: why the fixation on Truth? How did it end up enjoying such undisputed reverence in our value systems? And what would happen if we were to use a different compass? Let us refrain from entering this hazardous territory and leave this question open for a different essay.