On Cyperpunks recently, Tim May wrote:
The Latin maxim "And who shall guard the guardians?" has some relevance to the headlong rush into converting the U.S. into even more of a security state than it is now.
About 30 (thirty) years ago, I asked the same question at a large computer conference. Then, a representative of the FBI was presenting the NCIC computer system that was under development at the time. This system gives local officials access to a national database of arrest and conviction information. I asked the speaker how they would prevent misuse of the system by people who had legitimate access to it. The example I used was a deputy sheriff who ran a insurance agency on the side. The FBI official had no answer. My question was subsequently published a few months later in a letter to the editor in (as I recall) Modern Data, February 1966, again without answer. This question is also relevant to escrowed encryption: how to prevent misuse of escrowed keys by file clerks and other people who need access to the keys as part of their legitimate duties. Since these keys will protect a very large amount of money (consider the encryption keys used for interbank clearing) and since we know from the Aldrich Ames case that $3,000,000 can buy a high-ranking CIA employee, there are significant problems that need to be addressed. I would suspect that a Baysian analysis would indicate that the risk of holding (and losing) a key is greater than the risk of not holding (and needing) a key. Martin Minow minow@apple.com