|
List Info Thread: Interesting bit of a quote
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
Interesting bit of a quote |
|
List Info Thread: Interesting bit of a quote
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
garlic.com>
>>Sent: Jul 11, 2006 6:45 PM
>>Subject: Re: Interesting bit of a quote
>
>
> ..
>
>>my slightly different perspective is that audits in
the past have
>>somewhat been looking for inconsistencies from
independent sources. this
>>worked in the days of paper books from multiple
different corporate
>>sources. my claim with the current reliance on IT
technology ... that
>>the audited information can be all generated from a
single IT source ...
>>invalidating any assumptions about audits being able
to look for
>>inconsistencies from independent sources. A
reasonable intelligent
>>hacker could make sure that all the information was
consistent.
>
>
> It's interesting to me that this same kind of issue
comes up in voting
> security, where computerized counting of hand-marked
paper ballots (or
> punched cards) has been and is being replaced with much
more
> user-friendly DREs, where paper poll books are being
replaced with
> electronic ones, etc. It's easy to have all your
procedures built
> around the idea that records X and Y come from
independent sources,
> and then have technology undermine that assumption.
The obvious
> example of this is rules for recounts and paper record
retention which
> are applied to DREs; the procedures make lots of sense
for paper
> ballots, but no sense at all for DREs. I wonder how
many other areas
> of computer and more general security have this same
kind of issue.
Another example, possibly of some importance, is found in
registers of
births, marriages and deaths. Details of the relevant
events were
entered contemporaneously in local paper ledgers whose pages
were
numbered. (They were later, perhaps every quarter, copied
to central
registers.) As a result it was very difficult to create a
backdated
record, or remove an original one, without it being obvious.
When
registers consist of electronic databases, these natural
protections
silently disappear. They could be replaced, perhaps by
publishing an
authenticated hash of the register every week, and
cumulative hashes
periodically; but there is no sign of such methods being
adopted.
The Law Society of England and Wales suggested to the Land
Registry that
it should adopt some such methods for its electronic land
registers,
especially when the transactions recorded in the registers
become
electronic rather than paper transactions, as is planned. I
have no
reason to think this suggestion will take root.
Nicholas Bohm
--
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK
Phone 01279 871272 (+44 1279 871272)
Fax 020 7788 2198 (+44 20 7788 2198)
Mobile 07715 419728 (+44 7715 419728)
PGP public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomo