From: Martin Minow <minow@apple.com>
Date: Thu, 1 Aug 1996 08:48:29 +0800
To: risks@csl.sri.com
Subject: Re: "And who shall guard the guardians?"
In-Reply-To: <ae24db790002100463bd@[205.199.118.202]>
Message-ID: <v03007802ae25847d465c@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


On Cyperpunks recently, Tim May wrote:

>The Latin maxim "And who shall guard the guardians?" has some relevance to
>the headlong rush into converting the U.S. into even more of a security
>state than it is now.

About 30 (thirty) years ago, I asked the same question at a large
computer conference. Then, a representative of the FBI was presenting
the NCIC computer system that was under development at the time. This
system gives local officials access to a national database of arrest
and conviction information.

I asked the speaker how they would prevent misuse of the system by
people who had legitimate access to it. The example I used was
a deputy sheriff who ran a insurance agency on the side. The FBI
official had no answer. My question was subsequently published
a few months later in a letter to the editor in (as I recall)
Modern Data, February 1966, again without answer.

This question is also relevant to escrowed encryption: how to
prevent misuse of escrowed keys by file clerks and other people
who need access to the keys as part of their legitimate duties.
Since these keys will protect a very large amount of money (consider
the encryption keys used for interbank clearing) and since we
know from the Aldrich Ames case that $3,000,000 can buy a
high-ranking CIA employee, there are significant problems that
need to be addressed. I would suspect that a Baysian analysis
would indicate that the risk of holding (and losing) a key is
greater than the risk of not holding (and needing) a key.

Martin Minow
minow@apple.com