Interesting People mailing list archives
How Much Why Would a Wye Woods Y if a Wye Woods Would Why Woulds [ I will be
From: David Farber <farber () central cis upenn edu>
Date: Mon, 26 Sep 1994 12:08:50 -0400
From: "Peter G. Neumann" <neumann () CSL SRI COM> [Partially UnLaTeXiZeD version, for net scanning.] Problems in Networked Communications: Accountability and Liability Peter G. Neumann Principal Scientist, Computer Science Laboratory SRI International EL-243, Menlo Park, California 94025-3493 Telephone 415-859-2375, FAX 1-415-859-2844, Internet neumann () csl sri com \copyright Peter G. Neumann, 1994 Invitational Workshop on Legal, Ethical, and Technological Aspects of Computer and Network Use and Abuse AAAS-ABA National Conference of Lawyers and Scientists Aspen Institute's Wye Woods Center, Queenstown MD October 7-9, 1994 Abstract. Computer-communication systems are increasingly experiencing misuse, both accidental and intentional. Detecting, preventing, and monitoring misuse are fundamental to the future of these systems. This brief position paper considers the technological underpinnings relating to personal identity, user authentication and authorization, usage accountability, and various consequent privacy and liability implications. Identity, Authentication, and Authorization. Ideally, a computer system should be able to determine uniquely who is doing what to whom, when, and where. That is, the system should be able to determine on whose behalf it is operating, and what resources are being affected. A fundamental problem involves identifying each individual user or computer agent, with a sufficiently high degree of assurance. Without that knowledge, the security and integrity of systems and their data are often inherently incomplete and provide little help in ascertaining the extent of damage subsequent to a system being compromised. Unfortunately, the most popular operating systems are seriously flawed and their techniques for user authentication are fraught with danger. Passwords are generally a very weak means of user authentication, while smart-cards and cryptographically based tokens offer some hope for improvement in the future. (In certain cases, operating systems have vulnerabilities that can actually permit system access without requiring users to be authenticated.) Accountability, Monitoring, and Misuse Detection. Ideally, a system should be able to monitor its activities so that flagrant misuses can be detected in real time and suitable action taken --- such as identifying, locating, and apprehending the culprit~\cite{Lunt93CS}. Even if real-time analysis is not possible, enough audit-trail information should be maintained to later enable the identification of the individuals in question. Of course, masqueraders complicate the problem, which is another reason why authentication of users and systems is essential. Privacy and Other Social Implications. Privacy is almost never a black-and-white issue; there are usually many shades of gray. However, computer security that enhances authentication and accountability also has a down side from the viewpoint of maintaining privacy. Monitoring may be invasive; even the threat of monitoring may be psychologically debilitating. (For example, see~\cite{DenningSocial87}.) Liability Implications. Ideally, programs and services should be easily accessible and any required usage fees should be collected automatically, assuming adequate authentication of identities. In practice, it is often easy for a misuser to freeload or to masquerade as someone else. The notion of free software is very appealing (I live by it with Emacs and \LaTeX), but in a completely open environment it also entails a risk of surreptitious Trojan horses or unsupported ripoffs. There are also serious questions of responsibility and liability in cases of life-critical systems failing, irrespective of legal disclaimers. Conclusions. Worldwide access is now possible via the Internet, dial-up telephone lines, cable hookups, and other related computer-communication technologies. Many of the host sytems participating in such interconnctivity are deficient with respect to user accountability, and often cannot detect unsavory activity until long after it has occurred --- if at all. The bottom line for computer security is that we will be increasingly hindered in our ability to take advantage of the new technologies unless there is adequate accountability for our actions. This will certainly be a problem in the emerging worldwide information infrastructure. The technology is progressing rapidly. However, there are social implications either way. Stringent authentication and accountability may greatly restrict our privacy. On the other hand, the lack of stringent authentication and accountability may greatly reduce the integrity of our computer systems; it may also reduce the consistency and correctness of the systems on which our lives depend, and may be accompanied by increased fraud and other forms of misuse. Thus, there is a very delicate balance between security and privacy rights, as illustrated by the current controversy surrounding U.S. cryptographic policy and the Clipper Chip~\cite{Landau94x}. See~\cite{NeumannRisksBook} for some of the risks involved, and see my earlier position paper~\cite{NeumannAAAS93} for additional background. \begin{thebibliography}{1} \bibitem{DenningSocial87} D.E. Denning, P.G. Neumann, and D.B. Parker. Social aspects of computer security. Proceedings of the 10th National Computer Security Conference, September 1987. \bibitem{Landau94x} S. Landau, S. Kent, C. Brooks, S. Charney, D. Denning, W. Diffie, A. Lauck, D. Miller, P. Neumann, and D. Sobel. Codes, keys, and conflicts: Issues in U.S. crypto policy. Technical report, ACM, June 1994. A summary of this report by the same authors is available as ``Crypto Policy Perspectives'' in the Communications of the ACM, 37, 8, 115-121, August 1994. \bibitem{Lunt93CS} T.F. Lunt. A survey of intrusion detection techniques. Computers and Security, 12(4):405--418, 1993. \bibitem{NeumannAAAS93} P.G. Neumann. Limitations of computer-communication technology. In Proceedings of an Invitational Conference on Legal, Ethical, and Technological Aspects of Computer and Network Use and Abuse. AAAS, December 1993. \bibitem{NeumannRisksBook} P.G. Neumann. Computer-Related Risks. ACM Press, New York, and Addison-Wesley, Reading, Massachusetts, 1994. \end{thebibliography}
Current thread:
- How Much Why Would a Wye Woods Y if a Wye Woods Would Why Woulds [ I will be David Farber (Sep 26)