Re: Gorelick testifies before Senate, unveils new executive order
David Sternlight writes:
Here's the problem in a nutshell: Everyone who has looked at our systems, from Cliff Stoll
A *famous* security expert.
on to blue ribbon scientific commissions,
The last of which recommended that crypto be entirely deregulated.
Serious studies have shown that the kinds of protections to make the systems we depend on robust against determined and malicious attackers (say a terrorist government, or one bent on doing a lot of damage in retaliation for one of our policies they don't like), have costs beyond the capability of individual private sector actors.
Defense is cheaper than attack in encryption because it is easier to make coherent information incoherent (see Usenet) than it is to make incoherent information coherent.
In such a case, where public benefits from government action greatly exceed public (taxpayer) costs, and the private sector cannot (or will not) act unaided, the classical basis for government action in the interests of the citizenry exists. It's the economist's "lighthouse" argument.
But since the Internet and the WANs and LANs that you are talking about are all "private value-added networks," the benefits of enhanced security a fully captured by the users of those networks and there is no "public goods" problems. (BTW, there were private lighthouses too.) Note too that major money center banks disagree with you. There was a recent article about the fact that they are not reporting computer intrusions and just fixing the problems themselves. They don't seem interested in official security "help" with all the disadvantages (publicity and security leaks) that it brings. DCF
At 6:34 AM -0700 7/19/96, Duncan Frissell wrote:
David Sternlight writes:
Here's the problem in a nutshell: Everyone who has looked at our systems, from Cliff Stoll
A *famous* security expert.
on to blue ribbon scientific commissions,
The last of which recommended that crypto be entirely deregulated.
We're not reading from the same page. This discussion is about information warfare and the robustness of US financial, information, control, and power infrastructures, not ITAR. Could you be kind enough to check the Subject, read Gorelick's testimony, and perhaps even (dare I suggest it) read the discussion prior to your post?
Serious studies have shown that the kinds of protections to make the systems we depend on robust against determined and malicious attackers (say a terrorist government, or one bent on doing a lot of damage in retaliation for one of our policies they don't like), have costs beyond the capability of individual private sector actors.
Defense is cheaper than attack in encryption because it is easier to make coherent information incoherent (see Usenet) than it is to make incoherent information coherent.
Again you are off-topic and non-responsive.
In such a case, where public benefits from government action greatly exceed public (taxpayer) costs, and the private sector cannot (or will not) act unaided, the classical basis for government action in the interests of the citizenry exists. It's the economist's "lighthouse" argument.
But since the Internet and the WANs and LANs that you are talking about are all "private value-added networks," the benefits of enhanced security a fully captured by the users of those networks and there is no "public goods" problems. (BTW, there were private lighthouses too.)
Again you are off-topic and non-responsive.
Note too that major money center banks disagree with you. There was a recent article about the fact that they are not reporting computer intrusions and just fixing the problems themselves. They don't seem interested in official security "help" with all the disadvantages (publicity and security leaks) that it brings.
Again you are off-topic. We're talking about information warfare threats of the sort that bring entire systems and infrastructures crashing down. But thanks for responding. I share your concerns. I feel your pain. Vote for me in '93. :-) David
participants (2)
-
David Sternlight -
Duncan Frissell