|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Envelope-To: cryptography@wasabisystems.com To: cryptography@wasabisystems.com From: daw@mozart.cs.berkeley.edu (David Wagner) Date: 14 Oct 2001 00:35:37 GMT Message-ID: <9qamkp$6o0$1@abraham.cs.berkeley.edu> X-Complaints-To: news@abraham.cs.berkeley.edu Mike Brodhead wrote: >Just about all of the private-sector conferences I have attended >require registration. I think this is a poor example. I expect you'd be welcome to use the name 'John Smith' and pay cash, if you like. I think the real point is this: We see, all too often, cases where it is claimed that sacrifices of civil liberties are necessary for security, yet upon closer inspection one gets the impression that those sacrifices may not provide any security benefits at all. Identification requirements may be a good example of this: if teenagers have no problems obtaining fake ID, what can we conclude about a terrorist operation? In a perfect world, we'd only sacrifice civil liberties when there is sufficient benefit to security. In the real world, though, it seems that often there is great pressure to "do something" visible, even if what you do doesn't have any true security value. It is not too hard to find many examples of "security mechanisms" that improve the perception of security (i.e., give warm fuzzy feelings to the uninformed) but which actually contribute very little to real security. Think of those photo ID requirements when you fly, for example -- I have yet to hear anyone articulate how they help prevent terrorism (as opposed to improving the airlines' bottom line or reassuring the public). While such measures may be politically attractive and perhaps even defensible in some situations, they bring many risks with them, and I do think we need to be careful about how we employ them. As for Gilmore's specific example, I do not take a strong position in either direction. However, whatever you think about the specific notion of a new short-term ad-hoc ID requirement for NIST workshops, I think his general point has considerable merit that we should not overlook. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |