Re: impossibility of computer security?

From: Lee Daniel Crocker (lee@piclab.com)
Date: Wed Sep 18 2002 - 11:34:01 MDT

• Next message: Eugen Leitl: "Re: *Why* People Won't Discuss Differences Objectively"
• Previous message: cryofan@mylinuxisp.com: "New Scientist Mag offers free cryopreservation to contest winner"
• In reply to: Wei Dai: "Re: impossibility of computer security?"
• Next in thread: ABlainey@aol.com: "Re: impossibility of computer security?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> (Wei Dai <weidai@weidai.com>):
> On Tue, Sep 17, 2002 at 01:20:28PM -0500, Lee Daniel Crocker wrote:
> > We can look for answers not only in technology, but in philosophy
> > as well. For example, in structuring systems of business and life
> > in such a way that protecting bits isn't necessary, or at least is
> > less necessary and with fewer consequences of failure. Computer
> > security is often approached from the point of view of assuming
> > that bits will only go to those we want to have them, and whole
> > business plans and governments are built on that assumption. A
> > safer plan is to assume that bits will always escape no matter what
> > we try to do, and so structure our life and our businesses to thrive
> > under those conditions.
>
> Should I only consider uploading or using direct neural human-computer
> interfaces if I can accept the idea that all of the bits in my mind will
> escape? And it's not just leakage of information. What if someone gains
> "root access" to your upload or brain and starts changing your goals and
> values through the Internet from across the world? Until recently, I had
> always assumed that we can solve these problems, but you're suggesting
> that we structure our world under the assumption that they can't be
> solved. What kind of a world would it be? How do we thrive if we can't
> trust our computers?

That's a very good question--"control" is a stickier issue than mere
leakage of information. Fortunately, it's also easier to solve,
because it can be accomplished more with hardware. There are still no
guarantees; if you structure yourself so that input from others can
affect your core values (as I think any rational being would), then
you can't exactly have them in ROM, so there will still be the
possibility of undesired remote influence. But it will always be
much harder to break into a system with controlling access than merely
to retrieve bits. Control can be conditioned upon things like physical
location or possession of physical artifacts; as should be clear from
this discussion, mere possession of knowledge isn't secure enough, and
probably never will be.

-- 
Lee Daniel Crocker <lee@piclab.com> <http://www.piclab.com/lee/>
"All inventions or works of authorship original to me, herein and past,
are placed irrevocably in the public domain, and may be used or modified
for any purpose, without permission, attribution, or notification."--LDC

• Next message: Eugen Leitl: "Re: *Why* People Won't Discuss Differences Objectively"
• Previous message: cryofan@mylinuxisp.com: "New Scientist Mag offers free cryopreservation to contest winner"
• In reply to: Wei Dai: "Re: impossibility of computer security?"
• Next in thread: ABlainey@aol.com: "Re: impossibility of computer security?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:17:08 MST