[Cryptography] Confidential Document Management, the right name or weaselly marketing?

Fri Aug 19 12:19:41 EDT 2016

On Fri, Aug 19, 2016 at 11:49 AM, Bill Frantz <frantz at pwpconsult.com> wrote:

> Phil and others interested in this area might be interested in an idea
> developed by Alan Karp and others at HP research called "Voluntary
> Oblivious Compliance". The idea is that, since sharing information is
> necessary to accomplish almost any job, you make it easy to share
> information through the appropriate security checks. This way, the system
> can warn the user that the sharing violates policy.
>
> An example would be a accountant who inadvertently posts the corporate
> financial report to an outside web site before the official release. (This
> has happend.) He doesn't want to violate policy, but makes mistakes. In
> other cases, the employee may not even know the policy.
>
> The system is voluntary in the sense that the controls can be bypassed by
> doing things the hard way. It is not a solid enforcement mechanism.
>

That is precisely what I am getting at.

I want a mechanism that makes it easy for people working inside an
organization to pass documents around with the same freedom that they do
today that greatly mitigates the risk of an accidental disclosure and
limits the number of parties that can perform a malicious disclosure.

A hostile foreign power that has invaded two neighboring countries and
maintains an army of street thugs to intimidate opponents has hacked into
the email servers of a US national party with the objective of changing the
outcome of the election.

This is or at least should be above part as I am absolutely certain that if
the FSB was in the DNC servers then they were in the RNC servers as well.
It probably isn't a complete accident that a man who was recently managing
a $12 million Russian slush fund became Trump's campaign manager. Quite
possibly similar activities played a role in the curious collapse of
certain rival campaigns.

Making email, making confidential documents secure is now a matter of vital
national interest. And I would argue that preventing Putin choosing the
President of the United States through cyber attacks is a much much greater
threat to national security than anything ISIS, Al Qaeda or the rest might
do.

Hilary's email server has been identified as a weak link in the custody of
confidential material. Fine, rather than spending another $100 million on
Benghazi blamestorming, lets rejig the mail protocols so that mail servers
are no longer a weak link no matter who is managing them.

Yes, in some circumstances it might well be desirable to back up
Confidential Document Controls with trustworthy hardware. But we have spent
the past 20 years putting the cart before the horse, obsessing over the
security of the trustworthy hardware while ignoring the fact that we don't
have a viable cryptographic architecture.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160819/3e699629/attachment.html>