John Kelsey wrote: >>From: Anne & Lynn Wheeler <[EMAIL PROTECTED]> >>Sent: Jul 11, 2006 6:45 PM >>Subject: Re: Interesting bit of a quote > > > .. > >>my slightly different perspective is that audits in the past have >>somewhat been looking for inconsistencies from independent sources. this >>worked in the days of paper books from multiple different corporate >>sources. my claim with the current reliance on IT technology ... that >>the audited information can be all generated from a single IT source ... >>invalidating any assumptions about audits being able to look for >>inconsistencies from independent sources. A reasonable intelligent >>hacker could make sure that all the information was consistent. > > > It's interesting to me that this same kind of issue comes up in voting > security, where computerized counting of hand-marked paper ballots (or > punched cards) has been and is being replaced with much more > user-friendly DREs, where paper poll books are being replaced with > electronic ones, etc. It's easy to have all your procedures built > around the idea that records X and Y come from independent sources, > and then have technology undermine that assumption. The obvious > example of this is rules for recounts and paper record retention which > are applied to DREs; the procedures make lots of sense for paper > ballots, but no sense at all for DREs. I wonder how many other areas > of computer and more general security have this same kind of issue.
Another example, possibly of some importance, is found in registers of births, marriages and deaths. Details of the relevant events were entered contemporaneously in local paper ledgers whose pages were numbered. (They were later, perhaps every quarter, copied to central registers.) As a result it was very difficult to create a backdated record, or remove an original one, without it being obvious. When registers consist of electronic databases, these natural protections silently disappear. They could be replaced, perhaps by publishing an authenticated hash of the register every week, and cumulative hashes periodically; but there is no sign of such methods being adopted. The Law Society of England and Wales suggested to the Land Registry that it should adopt some such methods for its electronic land registers, especially when the transactions recorded in the registers become electronic rather than paper transactions, as is planned. I have no reason to think this suggestion will take root. Nicholas Bohm -- Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 020 7788 2198 (+44 20 7788 2198) Mobile 07715 419728 (+44 7715 419728) PGP public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]