You're talking about entirely different stuff, Lynn, but you are correct that data fusion at IRS and everywhere else is aided and abetted by substantially increased record keeping requirements. Remember, Poindexter's TIA thing did *not* posit new information sources, just fusing existing sources and that alone blew it up politically. As a security matter relevant here, we can't protect un-fused data so fused data is indeed probably worse.
On the "prove-a-negative" area, every time I say this in front of CISO-level audiences I get nodding assent. Ain't making it up, in other words. Innocent until proven guilty seems now to be true in criminal matters; guilty until proven innocent holds sway in the civil arena. On the idea that our version of it is just one of many versions of the same phenomenon in all fields, not just the crypto-security one, today (literally) I was ordered by the State of Rhode Island to install smoke and fire detectors with direct tie-in to the Fire Department in my farm's riding arena (a steel frame building with dirt floor and three doors big enough for a semi). Why? Because the regulators couldn't figure out whether I was a place of assembly or not so, therefore, I must be a place of assembly and my next hearing is whether I need sprinklers. Mind you, klaxons & strobes, now required, guarantee killing any non-expert riders who are in the ring when they go off, but since the regulators themselves cannot prove to themselves that they don't have to impose the same requirements as a movie theater, to protect their own asses it is me that has to now prove to them that I am not covered -- which appears to mean getting the Legislature to specifically exempt riding arenas since if that Legislature is silent the regulators will assume the worst and that means their ass versus mine. The core issue here is thus runaway positive feedback loops. When you hold regulators (fire inspectors, financial auditors, whatever) liable for not having proven that their clients cannot have anything wrong (which is why Arthur Anderson went out of business, e.g.), then you get prove-a-negative from the regulators and auditors -- madness on the same scale as tulip mania or the defenestration of Prague. --dan --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
