RE: [iwar] Computer and Network Security vs. Information Privacy and Confidentiality

• Next message: Tony Bartoletti: "RE: [iwar] Computer and Network Security vs. Information Privacy and Confidentiality"
• Previous message: ellisd@cs.ucsb.edu: "[iwar] Re: Why do you track Code Red attempts?"
• In reply to: Tony Bartoletti: "Re: [iwar] Computer and Network Security vs. Information Privacy and Confidentiality (fwd)"
• Next in thread: Tony Bartoletti: "RE: [iwar] Computer and Network Security vs. Information Privacy and Confidentiality"
• Reply: Tony Bartoletti: "RE: [iwar] Computer and Network Security vs. Information Privacy and Confidentiality"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Return-Path: <sentto-279987-1577-997384112-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 09 Aug 2001 12:09:13 -0700 (PDT)
Received: (qmail 830 invoked by uid 510); 9 Aug 2001 18:10:40 -0000
Received: from n3.groups.yahoo.com (216.115.96.53) by 204.181.12.215 with SMTP; 9 Aug 2001 18:10:40 -0000
X-eGroups-Return: sentto-279987-1577-997384112-fc=all.net@returns.onelist.com
Received: from [10.1.4.52] by hj.egroups.com with NNFMP; 09 Aug 2001 19:08:32 -0000
X-Sender: jsforza@isrisk.net
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_3_1); 9 Aug 2001 19:08:32 -0000
Received: (qmail 76231 invoked from network); 9 Aug 2001 19:08:27 -0000
Received: from unknown (10.1.10.142) by m8.onelist.org with QMQP; 9 Aug 2001 19:08:27 -0000
Received: from unknown (HELO mailout1-1) (24.92.226.146) by mta3 with SMTP; 9 Aug 2001 19:08:27 -0000
Received: from xcurrent (roc-24-169-96-20.rochester.rr.com [24.169.96.20]) by mailout1-1 (8.11.2/RoadRunner 1.03) with SMTP id f79J7EA06527 for <iwar@yahoogroups.com>; Thu, 9 Aug 2001 15:07:15 -0400 (EDT)
To: <iwar@yahoogroups.com>
Message-ID: <FMEBKCCNDNLCDGCDNJAOCEMKCAAA.jsforza@isrisk.net>
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
In-Reply-To: <4.3.2.7.2.20010809103958.00b515a0@poptop.llnl.gov>
Importance: Normal
X-eGroups-From: "John Sforza" <jsforza@isrisk.net>
From: "John Sforza" <jsforza@rochester.rr.com>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 9 Aug 2001 15:06:58 -0400
Reply-To: iwar@yahoogroups.com
Subject: RE: [iwar] Computer and Network Security vs. Information  Privacy and Confidentiality
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Tony wrote..

>"Anonymized" also offered the general observation that, due to the
>complexity of the technology, infrastructure management is gaining De Facto
>peer rights to information content.  Since there is (IMHO) no practical way
>to avoid this situation, the only remedy would appear to be laws that
>prohibit infrastructure management from taking any actions, based upon
>revealed content, that are not aimed directly at infrastructure integrity.

>In this digital age, the fact that "data" to one process can be "process"
>to another process makes the "content vs infrastructure" distinction
>increasingly problematic.

Tony, I love it when somebody says "no practical way". Those should be
fighting words to a competent group of OS architects. I am willing to accept
even a partial solution in this space so how about the following:

An OS that grants inital admin rights only to the data creator. The inital
rights are restricted to creator eyes only and no transport. The creator
determines the data classification and establishes rules of modification and
channels of exchange. Ok, so I admit that an individual will have to add
some process to data creation, but hey I remember PAPER and the issues of
control and distribution before Xerox appeared on the scene. Speaking of the
big X, remember GlobalView.. they were on the right path for a while there.

On an aside - we often use the example of the bin diving janitor when
talking of covert information gathering but in my experience I know the
janitor's face better than I know some SA or network geek (pardon to the IT
community) in the bowls of the building. A least the janitor says hello and
knocks on the door.

>The debate parallels that involving encryption.  There is no doubt that
>ubiquitous strong crypto will hamper many law enforcement efforts, and yet
>pervasive cryptography could also serve to harden the entire infrastructure
>to broader strategic threats.  Someone (on this list, I believe) asked,
>"What is more important, law enforcement or national security?"





------------------------ Yahoo! Groups Sponsor ---------------------~-->
Small business owners...
Tell us what you think!
http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

• Next message: Tony Bartoletti: "RE: [iwar] Computer and Network Security vs. Information Privacy and Confidentiality"
• Previous message: ellisd@cs.ucsb.edu: "[iwar] Re: Why do you track Code Red attempts?"
• In reply to: Tony Bartoletti: "Re: [iwar] Computer and Network Security vs. Information Privacy and Confidentiality (fwd)"
• Next in thread: Tony Bartoletti: "RE: [iwar] Computer and Network Security vs. Information Privacy and Confidentiality"
• Reply: Tony Bartoletti: "RE: [iwar] Computer and Network Security vs. Information Privacy and Confidentiality"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:39 PDT