What price security?

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Peter Bachman <peterb () cequs com>
Organization: Cequs Inc.
Date: Wed, 07 May 2003 08:51:27 -0400
To: dave () farber net
Subject: What price security?

Dave,

As part of the Clinger-Cohen act the public has not only a right, but a
definite function in helping design and validate the Federal computer
architecture. 

Citizen involvement is key to helping balance vendor bias, and there are
multiple fora to do so. I would suggest starting at the OMB web site or
http://www.feapmo.gov to begin to understand the entire Federal
enterprise business architecture and the migration to e-government.

There has been a traditional concern over the duplication and waste in
maintaining
multiple versions of systems within agencies that contain the same
information. These are called "silos" of information because they only
communicate within
that silo and not to other systems.

Without a consistent and common interface, agencies and companies create
their own version of "you", each time you need to interact with a specific
data system.
This makes about as much sense as using different network protocols, since
in essence
you are networking your self into various systems.

With an enterprise approach, there is simply one "you" that exists in all
the
different systems. The form that "you" take can exist in multiple formats as
long as they remain unique. Since names are primarily local inventions,
there has
to be a way to sort out naming conflicts, and false identity. Does every
system
need your identity? Of course not...in those instances we can authenticate
with
sophisticated encrypted tokens or assertions that assert that we are
entitled
to access a specific service or resource. So in many systems, we want to
remove
the mindless gathering of personal information for common services and use
something
more secure. Thus you should insist on restricting the use of your social
security number.

Mark Forman, (who heads up the White House efforts on reforming overall
Federal computer architecture and accountability with OMB) recently
noted at the Secure E-Biz conference, the "government needs people who
can not only understand the related effects of networks, and security,
but also have the background of political and organizational theory".

The problems are indeed complex, and do not admit to simplistic solutions,
but
here in the U.S. there is a significant, and deep dialogue as to how to
move forward. The stereotype of software vendors toadying up to clueless
federal bureaucrats
may be appealing, but it's false. Both government and business, and end
users want a consistent
approach to this problem of authentication. It has to be secure, and risks
need to be mitigated.

Federal CIOs
are applying the same methods which work within large scale multi-national
enterprises,
and participating in the same standards processes which everyone else
is doing. The costs of duplication within multiple systems is simply
too great to bear at this point, both within government, and within
business. Also the
success of TCP/IP indicates that efforts that are "farther up the protocol
stack" may
also be subject to increased optimization and standardization, as evidenced
by the
continued success of directory technologies in enterprise integration.

The same approach that made TCP/IP a commodity, will also be applied to
networked identity with equal success. There's little to encourage each
agency to maintain a slightly different database format for people, but many
reasons
to construct logical firewalls so that types of information remain
restricted to protect
people's privacy.

At the same time there are many different
innovative approaches to publishing your digital persona into various
computer systems, and thus authenticating yourself to use various
services, such as crossing borders, paying taxes, etc. It's fairly
important that we improve and reform current systems since the costs
associated with identity theft are significant, and increasing.

Whether the integration of this personal data is itself a greater risk,
or the lack of integration of this data is a risk, will be significantly
impacted
on the ability to enforce the application of security to the data being
shared, and constraints on how it it used, and by whom. For an intro
into the difficulties in the problem, one can also look at Michael
Froomkin's introductory look at the problem of national id. In many ways
the spectre of national id, has obscured the equal, but
less visible danger from virtual or default id.

http://www.law.miami.edu/~froomkin/welcome.html

Within the U.S. our national identity is an experiment that dates back to
Franklin's time. How we choose to move forward with that experiment is
within the hands of each subsequent generation, to re-invent it in each
new context.

Even in the context of national security, the most powerful element is that
of
citizens themselves who can spontaneously organize themselves to meet the
situation
at hand. Institutional responses are not always as flexible against threats
that are dynamic, but with large scale systems, (such as millions of people
travelling), one has to fairly question how one would deal with the problem
space without resorting to common standards.

Peter Bachman

peterb () cequs com





------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/