Secrets are hard. Especially in the digital domain, but we can see examples in other environments too. Let’s take a look at a couple of historical examples.
It used to be the case that all of Britain’s diplomatic traffic was safe from snooping. Why? The information was all conveyed over the telegraph system, and Britain controlled the telegraph system. Customer states could buy access to send and receive their own signals over the network. This of course meant that Britain could snoop on their signals. Where the cables went through neutral (or supposedly neutral) countries, said countries and their allies (who were not necessarily Britain’s allies) could also snoop on the traffic. Wait, didn’t I say this was a safe channel?
Even were the telegraph system snoop-proof, the telegraph operators might not be. The recipients of any message might not be. Come to that, neither might the senders. Because the British foreign office knew the communications to be secret, everyone else knew that this was where to look for their secrets.
Conversely, it has never been assumed that knowing how to make a nuclear weapon is an unknown secret. It’s trivial for anyone to get the plans to a nuke, and if you need parts, just look at the United States export restrictions documents and order those parts from Germany. So how come no-one has been nuked in 65 years? How come Al Qaeda aren’t busy nuking the western world, if they know how to do it? Because while nuking is easy to know, it’s hard to do. Acquiring the fuel is hard enough for most states, never mind small terrorist cells. And then getting the fuel into a bomb and the bomb into a target without incident is so hard that it’s not worth doing.
Conclusion? Often, making things secret isn’t sufficient. Secrecy is fleeting. Making it hard to use a preferably-secret fact can be more effective than ramping up the secrecy.
