|
Aswad -> RE: An example of why modern 'national security' databases are a bad idea. (6/21/2013 2:54:37 PM)
|
quote:
ORIGINAL: fucktoyprincess
It is my honest belief that it is impossible for any institution/government/person to keep such volume of data completely secure, period.
Nobody can keep data completely safe.
But we can keep data arbitrarily safe, within well defined parameters, if we're willing to do it.
For instance, one reasonable security constraint on such a database is that aggregate data access is- under all reasonable circumstances- restricted to qualified and authorized personell working on site in a dedicated facility that has adequate security measures in place, with the additional requirement that any and all aggregate accesses have an unambiguous and identifying chain in all respects, leading to well identified individuals that are accountable and subject to both random and purposeful auditing, along with the process itself and the auditing process.
For these purposes, 'reasonable' is defined by the principle of least concern. The principle of least concern is the one that says that if your wallet can be obtained only when you're dead, then your wallet is 'reasonably' safe, because the safety of your wallet is a least concern when you're dead. Transposed to a secure facility, if the data can only be accessed in a way that circumvents the defined safety parameters by securing and maintaining physical control over the facility for an hour or more, then the facility is reasonably safe, because the safety of the facility and its data are a least concern when there are organized criminals or foreign militaries holding a national security facility by force for an hour or more.
There are no legitimate tasks that require aggregate data access to such a database that can be correctly performed by an individual lacking the necessary training, qualifications or authorizations to do those tasks. A police officer at the local PD does not require aggregate data access. When such access is required, you want to know who requested it and why, and you want to know who carried it out and how, and you want to know who got the results and why, as well as who authorized each of these steps. And you want it done by someone that knows how to work with aggregate datasets anyway. Hence, formal channels with clear procedures are put into place to ensure the defined constraints are upheld.
And here's an interesting point about this: if you document the whole system transparently, the whole nation can then inspect the procedures in place, along with the laws that govern what you can do with this data, and be ensured (not assured) that the system in place adequately prevents both unauthorized and/or illegal uses of the database as a whole.
Similarly, you can have procedures in place for normal accesses, the ones where police pull a file or whatever, and have a proper audit trail in place, ensuring that there is a high probability of detecting unauthorized and/or illegal access/use of the data. Do that transparently, and universities and security professionals worldwide will alert you to possible loopholes and potential improvements. It takes away much of the problem with crooked police on this point, too, as few crooked police are willing to accept a very high, well known, well documented risk of getting caught and having severe penalties alongside the loss of their profession and condemnation of their peers and communities; out of the few that are willing, you will catch most of them and weed them out.
This sort of thing, however, clearly isn't a priority, and it doesn't fit how "we" want to work, apparently.
Else, the Schengen database wouldn't have been compromised.
As a sidebar...
It constantly amazes me that we apply advanced analysis techniques to things that are of marginal concern (terrorism, while dramatic when it happens, is far down the list of things that adversely affect people's lives, except through the secondary effects on politicians' actions), but don't apply them to quality assurance in fields that impact the entire population. Police departments aren't monitored this way to catch crooked cops, but the general population is to supposedly catch terrorists. Politicians voting patterns aren't crossreferenced with their financial status to safeguard against bribes. Many places don't even have formal checklists for surgical teams in hospitals.
We have some amazing technology and techniques available, but we're still using it for the same nonsense we always do.
And, in the process, we create new vulnerabilities that didn't exist before we created them.
Imagine if the resources and competency involved in e.g. the PRISM collaboration had been used to analyze teachers and schools to find and disseminate the best approaches for improving life outcome expectancies in the general population; or to analyze the medical personell and hospitals to improve the standards of healthcare provided to the population; or to (gasp!) monitor corporations, politicians and interest groups to keep them honest and the public informed as to their actions and their ties to each other.
Or, for a more apples to oranges thing, the same funds allocated to that one project could be used to provide healthcare to about ten million people to a higher standard than what most in the US can afford, saving more lives in a year than terrorism has claimed this century in the same geographical area.
Those priorities are pretty messed up, if you ask me.
End rant.
IWYW,
— Aswad.
|
|
|
|
