Computer Security Division Activities
David Wagner
daw at mozart.cs.berkeley.edu
Sat Oct 13 20:35:37 EDT 2001
Mike Brodhead wrote:
>Just about all of the private-sector conferences I have attended
>require registration.
I think this is a poor example. I expect you'd be welcome to use the
name 'John Smith' and pay cash, if you like.
I think the real point is this: We see, all too often, cases where it is
claimed that sacrifices of civil liberties are necessary for security,
yet upon closer inspection one gets the impression that those sacrifices
may not provide any security benefits at all. Identification requirements
may be a good example of this: if teenagers have no problems obtaining
fake ID, what can we conclude about a terrorist operation?
In a perfect world, we'd only sacrifice civil liberties when there is
sufficient benefit to security. In the real world, though, it seems
that often there is great pressure to "do something" visible, even if
what you do doesn't have any true security value. It is not too hard to
find many examples of "security mechanisms" that improve the perception
of security (i.e., give warm fuzzy feelings to the uninformed) but which
actually contribute very little to real security. Think of those photo
ID requirements when you fly, for example -- I have yet to hear anyone
articulate how they help prevent terrorism (as opposed to improving the
airlines' bottom line or reassuring the public). While such measures may
be politically attractive and perhaps even defensible in some situations,
they bring many risks with them, and I do think we need to be careful
about how we employ them.
As for Gilmore's specific example, I do not take a strong position in
either direction. However, whatever you think about the specific notion
of a new short-term ad-hoc ID requirement for NIST workshops, I think
his general point has considerable merit that we should not overlook.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list