Collaboration optimize

Brave new world: Asking hard questions about security, user rights, and trust

Answers to technical questions should be cut and dried. Right? Michael Kassner throws out some challenging questions to gauge the opinions of TechRepublic members about security in an increasingly complex Internet age.

The other night I had a long talk with a good friend of mine, who happens to be well-versed in the humanities. I suspect that's why he's prone to introspection, especially after a few drinks. It was my turn, though.

"I have this idea for an article. It's different from anything I've done and I'm a bit spooked by it."

"Those are the good kind, they build character. Tell me more," he said.

I avoided the issue for a bit. Finally, I fessed up. "Being a techy, I tend to view life in binary, no middle ground. Just ask my ex-wife. But, the older I get, the more I realize answers aren't always one or zero."

Feigning surprise, my friend asked, "You just figuring this out?"

I said, "Let me explain. I'm referring to--for lack of a better term--messy technical questions, the ones with vague parameters."

"Ah", he interrupted, "I'll bet your questions involve the great unknown, humans. Fantastic!"

On a roll, he mentioned that my inability to find a single solution should be expected: I have two viewpoints, "me" as an individual and then "me" as part of society or the "greater good." That's two possible answers and both could be considered correct.

"Well, I can live with that," I said.

"Not so fast. Don't you care about my opinion?" he asked. "Furthermore, you mentioned something about an article. You better care about the reader's opinion as well."

I didn't tell him that he had a good idea. But, he did. Who better to ask than you, members of TechRepublic? So, here is my plea. The following questions have been bouncing around my head long enough. What do you say?

Question: Should access to the Internet be a privilege, a right, or...

I fear we're at a watershed moment. Few argue the importance of the Internet, even in countries with less than adequate access. One only need look at current world events. They would not be possible without the Internet. Yet, terms like "Net Neutrality" and "Internet Kill Switch" are being batted about.

What is our relationship with the Internet? Is it like cable; maybe telephone? Or is it a democratic liberty and equalizer?

Second question: Should qualified organizations be allowed to remove malware from Internet-facing computers without the owner's permission or knowledge?

Millions of computers are:

  • Connected to the Internet.
  • Infected with malware unbeknownst to the owner.
  • Manipulated by bad guys to cause pain and suffering.

As you know, malware is flourishing. From that, we can assume existing solutions are a bust. If the solution suggested in the question works, it helps everyone. But, are individual rights being abused?

Third question: What guarantee do I have that a piece of open-source software has been adequately vetted by qualified and honest reviewers?

I follow with interest the discussions about open-source software and the logic of why it is more secure. My concern is for people like myself, who are, for instance, more comfortable reading Latin than source code. Do we just trust that the software has been reviewed satisfactorily?

Fourth question: Should a digital/electronic signature carry the same weight as a written signature?

I better take a stab at definitions here. Let's consider a written signature to be stylized script associated with a person. A digital/electronic signature is an electronic process that can be associated directly to one and only to one individual.

In most commerce and the legal parlors, a signature on a document is an indication that the associated person adopts the intentions recorded in the document. Is it safe to assume digital signatures are as fool-proof as written signatures?

Fifth question: How are we to be assured that electronic voting is trustworthy?

Experts, such as Dr. Roger Johnston are speaking out. There are security problems with current electronic-voting technology. That should be disconcerting to all of us. What proof, bona fide proof, do we have that our ballot selections are not tampered with?

Heavy stuff

The first draft has been done for a few days. I finally got up enough courage to meet my friend for coffee.

When he arrived, I handed him the draft and ever so quietly left to get his usual hot drink. I've learned it's better for my health not to disturb him when he is reading.

"Seen better," he snarled when I summoned up enough courage to return. "But, you stumbled onto something. I wrote a paper about it once. I consider all crime to be betrayal of trust."

Struggling to find something profound, I ended up with, "Huh?"

With a look of "why do I even try," he continued, "Read your questions again. In each one, trust is part of the solution. See it now?"

"Whoa, heavy stuff," I thought. Then, back in the real world.

"Why on earth did you get me a cappuccino?"

Final thoughts

My friend is right. Readers are important. This forum is blessed with the presence of a lot of savvy people. Are my concerns yours? If so, what can be done? How can we rely on such things as "trust" when facing these new technical challenges?

Update (02 Mar 2011): I suspected I might get some input. To say I'm pleasantly surprised is putting it mildly. I feel a real need to thank each of you for the time and the effort required to craft such thoughtful answers.

I mentioned this to a new-found poet friend of mine. She reaffirmed, "Yes, readers do matter."

About

Information is my field...Writing is my passion...Coupling the two is my mission.

253 comments
M_Teixeira
M_Teixeira

Hi, great questions! Some of my opinions... Question: Should access to the Internet be a privilege, a right, or (I don't see a trust issue here...) Objective answer: a RIGHT! Access to the Internet should be a right as much as the right to go the library and read a book. Of course I have to pay to have an Internet Access at home. But I can go to a public library and access the internet for free, in the same way I can read a book or a newspaper. This right however can be denied if I misbehave. Internet is just another medium to access information, in most countries we already have the "right" to be informed. Second question: Should qualified organizations be allowed to remove malware from Internet-facing computers without the owners permission or knowledge? Objective answer: NO! (ABSOLUTELY NOT) This is not a matter of trust is a matter of principle. Would any that said yes allow a pest control guy go into your home when your not there and kill the roaches? That said, If millions of roaches start invading the neighborhood some authority should inform me and if I don't voluntarily give access then legal action must be considered. Third question: What guarantee do I have that a piece of open-source software has been adequately vetted by qualified and honest reviewers? (trust but verify indeed) Objective answer: NONE! Think of this as if you're buying a new TV. You check the specs, you ask friends for opinions, you read reviews. After a few iterations you start trusting this or that magazine or forum. If you want to be sure you must learn the craft and verify it yourself. Not wanting to inflame but in a closed source there's no (direct) way to verify. At least with an open sourced product you can check if you know how. Fourth question: Should a digital/electronic signature carry the same weight as a written signature? (i don't see this a trust issue either) Objective answer: YES! Technically it's a trustworthy thing (if you can trust the math guys...) A traditional signature can be forged. a digital one can be copied (if you can access someones harddrive). They're both faulty... so we must take care with Digital signatures much the same way as we allways did with ink ones. If someone says "i didn't sign this" this must be taken to court and investigated. Fifth question: How are we to be assured that electronic voting is trustworthy? We don't have electronic voting here (Portugal, btw I don't know any other country other than the US who does) Objective Answer: By using redundant systems, by random auditing. In this (as in a lot of other things), no single person should be responsible. Several people must audit the software, the hardare, the links, etc etc The entire system must be designed to allow auditing. Redundant systems could be a way. I believe you press some button to select your vote right?. That button can (very simply and with just simple visible wires) take the signal to two distinct devices made by two different companies. "Unanimous report", is a must, both systems must return the same results in the end!

nicpearcenrs
nicpearcenrs

This is a great one. By this blog so many people will know lot of answers which they had never read. Thank you for sharing this type of article. .................... Nic Security Tool

T Mike
T Mike

2, face it-the web is still a growing place & policy gets hammered out as an ongoing thing..... so here we are in todays' web 'climate' with billions of users & probably hundreds of thousands of infected PCs' acting as silent running agents of the scammer/spammer,(call them what you want), organizations~period~deal with it huh..?..?...! ok, so mfgs package software in PCs'" out the door' with protection, the end users choose to dismantle/shut off/let fall into disrepair.....shame..... ~AND, I won't forget the 'build-it-at-home' group that may also choose not to protect....double shame..LOL So, we do have established global companies who live and breathe to catch this stuff as it happens-uhhh, how do you think your "virus database has been updated" ever gets started ? sooooooo..... YES, Heck Yes- if auntie marthas' PC can become infected when 'jack n jill grandkids' come over to play games/social/porn over the weekend- many folks know this PC can start serving maliciousness right back out the 'ole online all the time cable/web/tv setup the sweet ole aunties' got & it won't take days to get going, just needs to get to you. Yep, if we know the PC is infected-thru negligence or malicious intent, the data stream NEEDS to be Immediately capped/corked to at least NOT allow outgoing traffic until the problem is addressed- be it from the internet provider side or a different security guru setup- Cap Em, we owe that much to the rest of the existing & growing community . #3- another brave new 1 eh- don't jump in blindly...hey-you did quit picking up hitch-hikers by the side of the real road....right ? I was picking up on the fact that many reputable folks just keep their skills honed by adding to the growing Open Source database, is this a time for someone to come up with a BBB style ratings system..?...is it possible..?...we do have a ton of reputable& know talent out there-some retired, some unemployed -

l_e_cox
l_e_cox

The ultimate solution to security is a human solution. It would be the solution to criminal thought and action. The least that software engineers could do would be to understand this better. It is possible. Unfortunately, the better answers seem to lie off the mainstream. But - you don't want to get me started on that line. "Trust" me: a better understanding of the criminal mind is possible. And it would probably help IT pros to have that understanding. For better or for worse, the need for vigilance will probably never disappear.

tmcclure
tmcclure

1. The internet is not just for recreation it is a source of valuable information. Not that you can trust everything you read. We have also pushed too much information into the internet cloud; email, calendars, social networking not to be dependent on it. 2. I have no problem with policing someone else's computer IF it is going to access my network. 3. Open source software? TANSTAAFL, Do your homework. 4. Have you seen some of the signatures of my users? I usually have to go to HR to have them decipher it for me. Even when I ask them to print their name along side it. 5. I'm more concerned with identifying who is voting. Are they who they say they are? Are they legally allowed to vote?

yogi_john
yogi_john

To take the matter of trust one step further, even if I review the source code of an application and deem it safe, the compiler or interpreter could introduce malware. I've never looked at the source code for a compiler.

aeiyor
aeiyor

Good Day All. Michael Kassner, Again, great article and wonderful thoughts brewing and stewing within it. I appreciate your writings and thoughts you've shared. Thank you. For this particular article of yours I decided not to read the other entries and responses. I am surprised that I got to it at the time I did because it was almost off my radar until other articles showed up. This was due to just my addressing the questions you stated regardless of what entries were noted. Also my background is very diversified with not just the interest and direction of computer technology. Additionally, interests range the gamit - Humanities, Psychology, Philosophy, Spirituality, Education, Archaeology, Anthropology, Physics, Quantum Mechanics, Genetics, Biology, Anatomy, Physiology, Martial Arts, Massage, Holistic Health, Electronics, Art, Music, Language, Mathematics, Alternate/Renewable Energy Systems, Earthship, Green and Bio Technology, Off-Grid Living, Ecology and Ecological systems, Light and Sound Technology, Cosmology, Astronomy, and many others. (You get the idea of how diverse it is).. I relate these only to provide some understanding to all angles I may approach issues on. Now to address your article.. ===================== 1.Should access to the Internet be a privilege, a right, or??? What is our relationship with the Internet? Is it like cable; maybe telephone? Or is it a democratic liberty and equalizer? This is a two-parter. Should internet access be...? and what is our relationship to the internet? IMHO.. Access on the internet should be based on a combination of maturity and capability. If you will consider the internet a vehicle or access roadways from one place to another. It requires some understanding of what you're accessing and what is involved. It has backgrounds of being a utility in that it serves as a means for accessing information and performing functions and doing research. Similar in nature to utilities of: Water, Electricity, Phone. It's no longer a luxury item for those privileged be it with money or education. However to mitigate the potential hazards involving: virus, trojan, spyware, malware, identity theft, cyberbullying, cyberstalking, Botnet, service denial, etc.. etc... a certain level of maturity needs to be introduced. The problem is that the internet access and evolution happened without proper checks and balances. Granted if there were too many checks and balances certain things also would not have evolved from the internet. The relationship to the internet - It is like a dynamic library and bookstore with the robust principle of not only accessing static information (articles, blogs, ebooks, research papers, news reports, etc..) but also people which is by nature very mutable with knowledge, experience and information. In some ways the terrain of the internet is like a mandelbrot set - infinite expansiveness in both microscopic and macroscopic levels. ===================== 2.Should qualified organizations be allowed to remove malware from Internet-facing computers without the owner???s permission or knowledge? I believe that doing anything to a persons system without their knowledge/consent is a violation of rights and liberties. Of course there are cases and situations whereby interfering in the manner described not only benefited the person but others as well. And likewise the perfect example of this being detrimental is a hacker introducing a virus or trojan into a computer system. Additionally, whenever we bind more than one computer to each other, the question then comes to who owns that network connection? In theory when you connect your system to the internet you loose some autonomy to that PC because it becomes part of the network. Varying levels of information is accessible from the outside and inside. So this is a complex question because the PC is owned by someone or some group YET when it connects to the internet... its a part of the net that is outside of the domains of ownership. The precautions a person can take to mitigate the potential hazards involve: Firewall, Antivirus Software, Encryption, Internet Security Applications, Port Blocking, IP and Domain Blocking, Passwords, Bio-access mechanisms, Security logs, Sniffers, Access Security Levels, Profile Administration, etc.. etc.. Yet, again when you connect to the network... you loose certain autonomy. ISP's have rights to mitigate damages of virus's and trojans on their network system because they provide the access to the internet. Obviously you connecting to them makes you a part of THEIR network and you are then subject to their rules and allowances. Thus, in much regard to your involvement into the internet, -- you then are provisioned with what that connection entails. You can mitigate it by the aforementioned precautions - but that is on your end and responsibility. ===================== 3. What guarantee do I have that a piece of open-source software has been adequately vetted by qualified and honest reviewers? You're "guarantee" is as good as your understanding of the people involved and the community that is engaged with that software. The great thing about Open-Source, yes the source code is accessible to ANYONE; AND, it also furnishes access for all involved to provide updates, bug fixes and checks. This means that issues or complications with the software can be addressed much more timely and also the robust growth and development of the application is held in check with the relationship of the programmer to the users. As noted in many application of open-source; if you use the app, you can participate in its development by suggestions or taking an active part with the coding. As for qualification and honest reviewers -- this again is based on the people involved - some aren't and some are - the key is that there's a LOT of them. The method and means by which an application can be used and truly be stretched beyond its original boundaries relies completely with all users. In likewise comparison, the depth and nature of blogs and information relies a lot on the people who access the information. And those willing to contribute and share and relate -- reach out further and others benefit in some manner or some way. I do my best to take active participation in groups, articles and connections I have by the time, effort, energy and sharing I do. ===================== 4. Should a digital/electronic signature carry the same weight as a written signature? This relies specifically on those who are administering the legal binding rights to adherence on a document or paperwork. All parties must be in agreement for the digital/electronic signature to carry weight just as much as the written signature. I foresee in the not so distant future a technology that would provision a unique stamping mechanism that only a given individual can perform which by them engaging would state their agreement or disagreement to contracts, paperwork (media-work), agreements, etc. This mechanism would not only rely on something typed/written but also a combination of other factors involving biometrics, vocalization, heart and brainwave signatures. Forgery is almost completely eliminated in that it would be nearly impossible to imitate all of these along with the synchronicity in which all of them are recorded to achieve the agreement or disagreement. ===================== 5.How are we to be assured that electronic voting is trustworthy? Again assurance is only as good as the means by which the voting is carried out. This entails the technology used to discern that all qualified participants are indeed providing their votes. And that all qualified participants are doing their due diligence in exercising their responsibility with that vote. ===================== ===================== Final Thoughts... Yes I am in full agreement with you that readers are important. Any broadcast requires its audience and that is the value of the information exchange. Regarding Trust... I tend to approach most if any situation as informed or as able as I can. Oftentimes entry is done as a neophyte with the experiences and learnings evolving to Mastery. That being said, I believe there's reasonable trust that is given and in time if that was unwise it then is adjusted in direct correspondence to the situations and circumstances. I have a turn-around question for you... Is it possible to acquire knowledge and information such as to gain wisdom without the experience? This directly applies to trust and perhaps even in full consideration.. life in general. My example that answers this for myself.. I will relate in a follow up response if it interests you. Sincerely, Satori.

sysop-dr
sysop-dr

1: It's a new right. It allows people to get at information and if I can get to it then so should you. Some info is not to be accessible, like how to make nuclear bombs or a secret recipe but everything else like books, art, chat, social media, these are the great equalizers, people who had nothing before now have access to learning and knowledge. It also allows people access to news and opinion, and allows them a stage for their opinions. It needs to be for all. 2: Yes, but only after the user has been informed and not done anything. 3: No more than closed source and also no less. There is no distinction at this level. Less people look at closed source but each person contributing to it has the same chance of putting in malicious code. And with so many examples of closed source code with things like tracking peoples web surfing (Microsoft and netscape) or putting stuff on your computer you don't want (sony) or being infected with a virus (HP, others) that closed source is not perfect either and so the risk is no better or worse for one type or the other. 4: No unless that digital signature comes with a pedigree. 5: We can't, use paper.

MarkGyver
MarkGyver

The core problem with voting systems, electronic or paper, seems to be not so much a lack of reliability, but a lack of verifiability. My solution would work with paper systems, but would be better with electronic. Here's how to fix the problem. 1. Put a unique code on each ballot. 2. Give every voter a receipt that has the same code as their ballot. 2a. If the ballot is paper, the receipt is a carbon copy. 2b. If the ballot is electronic, the receipt is a digital copy of the ballot that's been digitally signed by whichever government authority is running that election. 3. Publish an online list of every ballot and make it searchable by code. With such a system, every voter can easily verify that their vote has been counted the way they wanted, regardless of what form the ballot is in. It doesn't address other issues like anonymity or restricting voting only to authorized individuals, but there are fairly straightforward ways of dealing with them also. * Allowing only authorized people to vote: Check their ID and record when and where they voted. * Anonymity for paper: Encourage people waiting in line between receiving their ballots and reaching the voting booth to swap ballots just in case. * Anonymity for electronic voting: Set up refreshments and encourage people to wait a couple minutes between getting past the ID check and entering the voting booth. * Anonymity in general: Add entropy that shuffles the order between people's ID being checked and their vote being recorded.

clayramsey
clayramsey

Question: Should access to the Internet be a privilege, a right, or??? If web access is not treated as a right, then it will be constantly eroded, sorry, controlled away. Look no further than the slew of regulations we free Americans have on us. It's a cinch that the web won't go away, but it could easily be eroded to uselesness rather quickly. Second question: Should qualified organizations be allowed to remove malware from Internet-facing computers without the owner???s permission or knowledge? If you can't absolutely qualify and authenticate such organizations, then no. Third question: What guarantee do I have that a piece of open-source software has been adequately vetted by qualified and honest reviewers? You don't. It's open source. Fourth question: Should a digital/electronic signature carry the same weight as a written signature? No Fifth question: How are we to be assured that electronic voting is trustworthy? What assurance do you have that your paper ballots don't get burned and replaced? You have no real assurance that your vote is counted accurately. The theme through these is not so much trust as it is faith, which I think goes beyond trust.

stevew
stevew

Thank you for writing it. Everything boils down to whom do you trust? There have been a myriad of science fiction stories written about the various questions you have considered. One of my favorite is "Minority Report" - not the movie (although I do like it), the original Philip K. Dick short. How do we differentiate between "reality" and the reality in which we live? If I'm in charge and I make a "mistake", who cares? I blow it off; but if you're in charge and make a mistake, it still affects me and then I do care. Any rule can be manipulated. I suspect your article will be discussed for a loooooong time.

codepoke
codepoke

China and Egypt showed what it takes to keep people off the Net for long. Guns. Assuming you're not talking about employing the military here, your questions are all wrong. In a free market, there should arise a variety of providers meeting different public needs. If there's a need for security, there should arise providers who guarantee they'll keep your computer clear of malware and not allow zombies on their network. If there's a need for freedom, there should arise providers who guarantee autonomy and trust you to change your diapers. Given that there's a need, the providers should be able to valuate that need and either become economically viable or fail. In turn, each provider should feel a need for security, verifiability and connectivity. They should, therefore, become expert at configuring Intrusion Prevention and Content Filtering in such a way as to protect their business model. Lo and behold, this is exactly what we see happening. I'm connected through two providers. One guarantees to fix any problem on my computer, and I pay a little more. The other guarantees speed and I pay a little less. Both are profitable. If Government has a need for a certain degree of reliability, they need to do the same thing they did with the highway system and the postal system. They need to build it. The thing is, they don't need to and simply cannot rebuild the whole Internet. They only need to build their own island out there with their own standards. Trying to ask and answer questions for the entire Internet doesn't work. Asking the Government to build an island of non-repudiability, though, is achievable.

apotheon
apotheon

> Should access to the Internet be a privilege, a right, or . . . ? Access to the Internet should only be regarded as what it is; a capability. We have the right of free speech; we do not have "a right" to pen and paper, a megaphone, or an audience. On the other hand, government is not ethically empowered to ban pens and paper, megaphones, audiences -- or the Internet. Just as government should keep its hands off our access to such things, so should it keep its hands off our access to the Internet; just as it should not be allowed to dictate what we say or how we say it in print, in person, and so on, it should not be allowed to dictate such things on the Internet. The Internet is special for a number of reasons. One is that it improves the ability of humans to communicate. Another is that it allows people to conduct commerce across vast distances with greater ease than in their own neighborhoods. Possibly the most important, though -- at least for now -- is that it also provides a safe harbor of sorts against governmental violation of our rights. Government is definitely encroaching on that safety, however. We must remain vigilant to keep this environment free enough to be of such use to us, just as it was of such use to legions of Egyptian protestors in recent news, right up to the point where the Egyptian government did the unthinkable and shut down public access to the Internet for the nation's people. Access to the Internet wasn't a "right" for the Egyptian people, but the Egyptian government certainly had no right to deny that access, either. > Should qualified organizations be allowed to remove malware from Internet-facing computers without the owner's permission or knowledge? No. The owner gets to control what's on the owner's computer. That's what makes the owner the "owner". If an ISP wants to make the ability to prohibit connection to the Internet based on an infection, though, that's another story. > What guarantee do I have that a piece of open-source software has been adequately vetted by qualified and honest reviewers? None. This maniacal focus on the idea of "guarantees" always annoys me. There are no guarantees of painstaking security analysis by objective third parties. You do, however, have an absolute guarantee that people do not get to perform any in-depth security analysis of closed source software. The only people performing such analyses of closed source software are the people the closed source software vendors choose to allow to do so -- people who are, in general, on the vendor's side. > How are we to be assured that electronic voting is trustworthy? Make it open source, from one end to the other. That's as close to assurance of trustworthiness you're going to get from the actual voting devices themselves. I have in mind a plan for how post-vote verifications can be performed, involving cryptographic digital signatures and public release of voting records (such that there are no actual names associated with the votes in the records). That can increase the after-action assurances, but before the vote takes place the only way to provide any assurances at all other than bland statements by marketing drones is to open the designs of the hardware and source of the software to the world.

Michael Kassner
Michael Kassner

I appreciate you taking the time to answer the questions.

Michael Kassner
Michael Kassner

I would like for you to continue if you could be persuaded. I had to read your comment a few times before it sunk in. Seems like you have experience and insights that need to be voiced.

Michael Kassner
Michael Kassner

Your two cents is worth a lot. Taking the time to respond is much is appreciated.

Michael Kassner
Michael Kassner

It seems to get to the Apple versus Google method of vetting.

CharlieSpencer
CharlieSpencer

Just think, you could have gotten five separate articles out of this; maybe even a couple of polls. Now you've got only one sure hit at the top of Sonja's weekly list instead of over a month's worth. Ah, hindsight; mine's 20/10!

CharlieSpencer
CharlieSpencer

Granting that access to information is a right, does that right include specific methods of access? Is access to the Internet any more of a right than access to television broadcasts, movie newsreels, museum art exhibits, or sporting events? Is charging money to access any of these depriving those who cannot afford them? If you are cannot afford a computer and connection fees to view web content directly, is your right protected if I provide hard copies of the information you want?

apotheon
apotheon

re: point 1 How do you define "right"? re: point 3 You describe a lot of downsides for closed source, and declare that open source is no better or worse -- without any mention of any downsides for open source, or any explanation for why the upsides do not apply or change the equation. What are the characteristics of open source software that lead you to equate it with closed source software on the scale of "trust"? re: point 4 What do you mean by "pedigree", in this case? re: point 5 Why can't we?

Michael Kassner
Michael Kassner

Your method is a new one for me. I see it has several interesting features. The one problem I see is the change of custody from the voter to where it is officially counted. How is that chain maintained?

Michael Kassner
Michael Kassner

Trust or faith. That could be a whole debate in of itself. Thanks for sharing your comments.

CharlieSpencer
CharlieSpencer

Theory: because the provider who allows more freedom has to do less work than the one who will hold my hand and blow my nose, he can charge less. The goobers to whom price is the only deciding factor will sign up with him over the more security-conscious one they should be using.

Michael Kassner
Michael Kassner

If I understand you correctly, we should not have any problems currently. Providers are taking care of all the needs?

CharlieSpencer
CharlieSpencer

See, this is why you get paid to write and I don't. Nice.

apotheon
apotheon

What's needed is an earned-trust model akin to the package mainainer model for Debian or the port maintainer model for FreeBSD.

aeiyor
aeiyor

Good Day All. Michael Kassner, You're very welcome, as mentioned I enjoy pretty much everything you've written and addressed. I am not sure if I brought this up in another article you wrote and I responded to.. but a lot of the internet and security and access issues remind me of an episode - not sure if it is the New Twilight Zone or the New Outer Limits. The episode centers on a new network interface whereby most if not all humans interface into the system through ear-pieces and the system pretty much resembles a combination of the Internet and super computer storehouse of knowledge and information and experiences. People wanting to access knowledge just think and they can get into any depth of knowledge. One or a few people are unable to access this system based on their neural makeup. So they are left to fend for themselves the same way we commonly do now which is reading, experience and comprehension / understanding. During this time the computer is creating complications as there's a glitch in the system a kind of access/evolutionary limit. The computer begins causing seizures and health issues as it designates quirky inquiries to people to begin carrying out. People seem to have become enslaved by the system they so heavily rely on. The people tied into it, cannot do anything aside from what is being fed back to them from the computer. The computer is capable of making them sense, feel, see, hear things that aren't really there. Some of the quirky things it designates to people is such things as finding out (for one person) how much nail biting they can do before they bleed -- but the system doesn't stop there it just gives them the directive and the system observe but doesn't put an end to it -- so the person just keeps at it. There are many other quirks but the only person who can see whats going on is the one person (main character) who cannot connect into the neural network. The "Crux of the matter" in this illustration is that if we rely too heavily on any given thing, we are enslaved into that situation/circumstance. Consider all the children born after the 90's -- the internet is the norm. A lot of other things we remember are gone. A friend sent me an email on nostalgic pieces of history. It's amazing how precious some of those things are that we've taken for granted because we were a part of it... but the children after certain era's know little to nothing about. Sometimes as we proceed in our advancement in technology and development -- we lose something. Maybe its inane or something considered insignificant -- but sometimes it may be aspects of our humanity. Sincerely, Satori.

apotheon
apotheon

Series articles are the exception, and not the rule, at TR. Focus too much on one subject for too long, and you build an attention black hole into a solid block of time for anyone who doesn't like that specific topic area. If you mix it up, you get people watching in case they miss something; if you keep it all the same for a while, you lose people who decide it's all the same and not of interest. I'm speculating, of course. I'm not privy to the discussions behind closed doors about why they want specific trends in contribution topics. All I see is the mass emails they send to the contributors; the rest is guesswork.

apotheon
apotheon

Instead of trying to maintain a clear, verifiable chain of custody, you just give people the means to verify the results -- thus the "code". A better approach to the same general idea is the use of public key cryptography to digitally "sign" the votes. Publish the results, complete with signatures. Only the person who holds the private key can produce the same digital signature, but anyone with the public key can verify that a given vote was signed with that key. The key pair used to sign and verify are generated only for a single use in a single voting season, and never used again, thus preserving anonymity of votes by ensuring that the key pair cannot be linked to a particular person's identity through correlation between uses of the key pair. I've been thinking about writing an article about this approach to vote verification for a while. Maybe I'll do so this week.

apotheon
apotheon

On the other hand, maybe an ISP will discover that operations overall are cheaper without bandwidth being heavily consumed by spam and other activity related to security failures. That ISP may then drop prices to attract more of those "goober" users.

apotheon
apotheon

It looks like providers are not taking care of all needs. What holds them back, however, is mostly the set of laws that enables them to build gigantic, bureaucratic power aggregation structures that take some of the "free" out of the free market. That's a matter for economics, though, and is not part of the core job description of software developers or network admins. It might be regarded as "off topic" here.

AnsuGisalas
AnsuGisalas

of this quibble of mine with a similar argument.

apotheon
apotheon

I think it was mentioned exactly once in an email. I forgot about it. I should ask you off-site for more details, to refresh my memory.

JCitizen
JCitizen

may actually make it easier for designated voting observers to supervise the accuracy of the process, and detect voter fraud. Although they would definitely have to be IT technology proficient inspectors, or have taken a crash course in such(or maybe simply slept at a Holiday Inn Express!) [sorry - couldn't resist].

JCitizen
JCitizen

That would be a motivating factor to vote for me, although I do anyway. It would be way cool and give the individual the re-assurance that his/her vote counted. A Democratic Republic with power to the people and to the individual!

apotheon
apotheon

Thanks for the link. It's an interesting video, but I'm frankly stunned that I'm not famous (and rich) yet, if this is all it takes to get that kind of recognition (and funding). Everything covered in Bismark's TED Talk is covered by the system I started to describe above, except the use of paper ballots. His system fails to deal with a number of factors that my system does cover, including a paperless system -- which is really where the system needs to go in the next few years. That's not to say his system wouldn't work. It's just not as ideal. The system I started to describe above would actually allow us to vote from the comfort of our own homes using a Web browser, if we want to. I'm going to pitch the article topic to a TR editor and tackle it soon.

apotheon
apotheon

1. Writing about why we should maintain representative democracy (or not) would not be an appropriate topic for TR. I was talking about writing a TR article. I do my philosophizing about governmental forms per se in other venues. 2. I don't know that we should maintain representative democracy (almost typed bureaucracy there). I certainly do not think the current form of it is ideal, at least. On the other hand, some form of democratic process seems better than any governmental alternatives that come to mind -- though it should be much more severely limited than what we have now. 3. Even if representative democracy is inferior to some alternative, we have representative democracy right now -- and I believe that, as long as we have it, we should at least try to keep it honest to the extent feasible. That means verifiable vote counts, among other things. 4. Talking about verifiable vote counts may serve another purpose besides actually trying to get them adopted -- such as showing how easy it is to provide such a system overall, to make the democratic process both much more transparent and appropriately protective of personal anonymity, coupled with the obvious fact that nobody in power has any interest in adopting such a system that would actually provide what they claim they want to provide. The very fact it will probably never happen before the technological singularity or the realization of some existential threat makes it all a moot point anyway is something worth demonstrating through the simple expedient of showing how incredibly simple it is to improve dramatically on the broken-ass system we currently have. . . . plus, it's on-topic for the IT Security column, which is what they pay me to write. (edit: Have an upboat. I think your response was actually somewhat on point, even if you attached some kind of snarky jab to the end of it.)

santeewelding
santeewelding

Write instead of why we should maintain representative democracy in the first place. We arrive at our present fix by the very particulars you technocratically enable and extend, they being more of the cure for what ails us. Yeah. I know. I don't address your sum and substance. Neither do you.

Sterling chip Camden
Sterling chip Camden

I don't think you can leave economics out of this discussion, without leaving a great big gaping hole in it.

Sterling chip Camden
Sterling chip Camden

.... the law can strip you of your personal liberties. Computers can't... yet.

CharlieSpencer
CharlieSpencer

I can't know EVERYTHING; neither can you. I have enough trouble keeping up with this field, much less an area where I have no background or interest. That's what lawyers get paid for, the same way lawyers pay geeks when they have a computer problem.

AnsuGisalas
AnsuGisalas

but an illusion is dangerous if one doesn't make oneself aware of how it works. Plain disinterest or tacit disbelief will not dispel it, nor will it dispel the hold it has on others. The others - being us all - have us where the hair is crisp!

CharlieSpencer
CharlieSpencer

I'm still not commenting on Ansu's position! As soon as the 'legal' ferret pops its head out of the hole, this ignorant prairie dog pulls his back in. Cancel my ten-foot (3.3 meter) pole; I won't be needing it to not touch this one.

Michael Kassner
Michael Kassner

You offer a lot more than just technical support. Your vocabulary is doing just fine as well. I appreciate every one of your comments and take them to heart.

CharlieSpencer
CharlieSpencer

I see things from a technical point of view. I have no legal training or vocabulary, and I suspect neither Michael nor the majority of the TR membership do either. While I don't doubt your interpretation, it's sufficiently removed from my experience to comment on.

AnsuGisalas
AnsuGisalas

Michael was being very secrective: [i]Question: Should access to the Internet be a privilege, a right, or??? I fear we???re at a watershed moment. Few argue the importance of the Internet, even in countries with less than adequate access. One only need look at current world events. They would not be possible without the Internet. Yet, terms like ???Net Neutrality??? and ???Internet Kill Switch??? are being batted about. What is our relationship with the Internet? Is it like cable; maybe telephone? Or is it a democratic liberty and equalizer?[/i] Access is mentioned once in the body of that snippet, and even that could be either kind. Thought provoking, even if at first the questions seem unaligned... there is a pattern, but removed by a couple of degrees.

apotheon
apotheon

This is in response to Michael's article, which appears to refer to the technical usage of the term "access".