Wyden is to a certain extent fighting the same problems that led to the Fair Credit Reporting Act - erroneous data misidentifying individuals causing credit denials, etc. - with victims not necessarily even knowing the data existed, much less having the ability to do anything about it. FCRA gave people the right to know about, review and seek correction of data - not perfect but at least recourse. Clearly there ought to be some way to get erroneous information cleaned off a no-fly list - both affected individuals and the enforcers would benefit. But solving the problem of authentication for air travel is the bigger problem, as it is on networks. I don't think even John Ashcroft has the nerve to propose universal individual IDs (I may be wrong, but this has proven the "third rail" of privacy regulation before), and even if this were politically possible there are major issues around system functioning and spoof-ability. (Can you effectively administer a biometrics system nationwide? How would you keep smart cards/tokens from compromise? And so on.) A "user name" system is horribly unreliable, even if buttressed by on-line verification. And on the Net or at the airport, the best we can probably do is raise the bar high enough to stop fools, greedheads, ethically challenged kiddies and dimbulb malcontents from causing harm. A highly motivated, skilled adversary with sufficient resources can probably overcome any barrier to assets (planes or computers) which is low enough to keep the assets reasonably available for legitimate purposes. I guess, therefore, that ultimately I want pretty good security, and an absence of skilled adversaries who are rich in resources and highly motivated to harm the computers and planes I depend upon . . . John R. Christiansen Preston | Gates | Ellis LLP *Direct: 206.370.8118 *Cell: 206.683.9125 Reader Advisory Notice: Internet email is inherently insecure. Message content may be subject to alteration, and email addresses may incorrectly identify the sender. If you wish to confirm the content of this message and/or the identity of the sender please contact me at one of the phone numbers given above. Secure messaging is available upon request and recommended for confidential or other sensitive communications. -----Original Message----- From: Kuo, Jimmy [mailto:Jimmy_Kuo@private] Sent: Monday, June 09, 2003 4:08 PM To: CRIME Subject: RE: CRIME Privacy Vs Security OTOH, people must also realize the difference between rights and privileges. For instance, the veiled lady in FL (driver's license picture). Driving is a privilege, and thus if a person wishes to exercise one's "right", the government can also exercise its decision not to give you the "privilege." This is to say that while we all have these basic rights, there's still ample room for things like a Registered Traveler registry for people who wish to get through lines faster, and the like. Rights give you the ability to take your gun into the back woods of Oregon and live there. But living in a city will find you much more in contact with others, and getting you closer to the line of meeting someone else's "nose." And now to bring us back to topic about internet security. Is it a right or a privilege to drive on the Information SuperHighway? I tend to view it more as a privilege. Jimmy -----Original Message----- From: Dorning, Kevin E - DI-3 [mailto:kedorning@private] Sent: Monday, June 09, 2003 7:27 AM To: 'Shaun Savage'; CRIME Subject: RE: CRIME Privacy Vs Security The whole purpose of providing security is to protect privacy whether it be of the corporation or the individual. In business we declare the limits to privacy clearly when we provide access to our business systems. Otherwise, personal privacy overrides. It is our challenge and actually part of the "fun" of being a security agent, to try to outguess the opposition. We provide protection, and gather intelligence as best we can, and so far it seems that we have done a pretty good job. I fear the government that reaches to far into the personal privacy of it's citizens. And this is from one who knows the benefits, from the security management side, of having a long reach. This is an area where we need to exercise great care, and err on the side of privacy. We need to protect privacy and all the other freedoms given by the Constitution. K.d> -----Original Message----- From: Shaun Savage [mailto:savages@private] Sent: Sunday, June 08, 2003 2:16 PM To: CRIME Subject: CRIME Privacy Vs Security Senator Wyden fights for privacy! The question I ask the group is "At what point does security out weigh the privacy and freedoms that America should offer?" http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2003/06/08/MN253740.DTL Shaun
This archive was generated by hypermail 2b30 : Mon Jun 09 2003 - 16:55:37 PDT