From: Bill Stewart <stewarts@ix.netcom.com>
To: “William H. Geiger III” <eli@gs160.sp.cs.cmu.edu>
Message Hash: b3eddc38d02188ed7caed49a36d6c764bc69d2ed92770148baabc4418908c28a
Message ID: <3.0.3.32.19971015195247.006f448c@popd.ix.netcom.com>
Reply To: <199710151811.LAA23906@toad.com>
UTC Datetime: 1997-10-16 05:35:44 UTC
Raw Date: Thu, 16 Oct 1997 13:35:44 +0800
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 16 Oct 1997 13:35:44 +0800
To: "William H. Geiger III" <eli@gs160.sp.cs.cmu.edu>
Subject: Re: FCPUNX:PGP Key Escrow and Congress
In-Reply-To: <199710151811.LAA23906@toad.com>
Message-ID: <3.0.3.32.19971015195247.006f448c@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
At 01:27 PM 10/15/1997 -0500, William H. Geiger III wrote:
>>Do the privacy of the nation's data and the security of its
>>information infrastructure deserve the same consideration as the
>>Pentagon's "Confidential" memos? When you're planning to build in a
>>single point of failure, this is a question you have to ask.
>
>There are those of us who see a single point of failure in such
>infrastructures as a GoodThing(TM).
However, they are incorrect :-) The primary failure mode is
"someone official decides to rip off somebody's information".
A single point of failure means there's one big temptation target
where every official can rip off everybody's information -
but in this case that failure will not be repaired:
- it won't be reported most of the time, and
undetected failures are the worst.
- the cost of redesigning the system will be so large
that even a glaring massive public failure
won't lead to shutting it down.
- the least-bad "fix" for the problem will be to add
official bureaucracy to the process of ripping off info,
and maybe the individual miscreant will get wrist-slapped harshly.
- the failure will be blamed on the Four Horseman, not the system
- the probable "cure" will be to appoint a Data Privacy Ombudsczar,
who will have authority to interfere with all sorts of
private data but won't mess with the big Federal infrastructure.
Multiple small points of failure mean that it's less likely
that the official who wants to rip off information has access
to the set of information he wants to rip off. You could argue
that there would be more officials with access, but probably not,
since a big pile of information is something that attracts officials
far faster than little boring piles.
Thanks!
Bill
Bill Stewart, stewarts@ix.netcom.com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Return to October 1997
Return to ““William H. Geiger III” <whgiii@invweb.net>”