Cart
[Home] [By Thread] [By Date] [Recent Entries]
Hi Joel Thanks for your reply. Comments inlined -----Ursprungligt meddelande----- Från: Joel Rees [mailto:rees@s...] Skickat: den 4 juni 2001 07:04 Till: Dimitris Dimitriadis; 'Bullard, Claude L (Len)' Kopia: XML DEV Ämne: Re: Copyrighting schemas, Hailstorm Dimitris Dimitriadis wrote: [snipped] [dd] If I have a particular set of identification means (password, voice, retinal scan, fingerprint, what have you) and rest assured that that's enough and they can be forged and used by others, we end up in the pig loving donkey case (only difference being that I have less money and more bills, possibly even a secret lover I didn't know of until then). If, on the other hand, we can come up with alternative means that cannot be forged, we can rest assured that nothing bad will happen. [snipped] Forgeries have always existed and always will. So are you asking how to keep the statical rate of occurence low enough to avoid violent revolution? (in spite of the fact that your tool is primarily a box that allows people to do stupid things at higher and higher speeds.) --- [dd] Forged identity is only one of the many unwanted things I mentioned. In the context you copied from, it had to do with the most obvious danger, that of using information in a simply wrong way. That, however, is too obvious a thing to discuss at length. There's a series of other effects frameworks like the one we're discussing can have: 1. Collecting information about people to predict behaviour (done today already, no big deal) 2. Creating platforms that use that kind of prediction engines to "simplify ordinary people's lives", that is, sell them stuff 3. Making the platform big enough for non-typical services to use the platform as a primary menas of cummincation between subject and service giver (govenrment, non-profit organizations, what have you). 4. Scale this up any number of times. So onow the question becomes: who has primary access to my identification means? Obviously not the bodies that have, up to now, done the job. This power gets transferred to other kinds of organisations. Trivially, these organisations can keep track of every piece of information you send around. (Connect this to the work done on the semantic web to get some idea of why the layer of trust is needed) Why, then, is this relevant to xml-dev? Well, our beloved syntax makes these things possible to a far higher degree than ordinary binary code does. And as we are responsible human beings, we should have some clue as to what kind of consequence it could have. Arguments that, by the way, I cannot see have any relevance (and please correct me if I'm wrong) are: 1. Weapons do not kill people, people do 2. People know what they do when they sign up for various services (ask the farmers in the backwoods of India, I don't think what their fingerprints could lead them to) 3. Forgery can be tried in a court of law. (Sure, but the question is how you measure activity in a system you don't have access to, in order to realise that someone has broken the law) --- Has anyone noted the news items about computerizing land records for farmers in the backwoods of India? They use fingerprint IDs, and the government officials in charge seem sold on the concept that since passwords aren't being used they can't be abused. Said government officials have extrapolated to a zero probability of forgery (or at least a low enough probability of forgery). [dd] I think this goes to show why it is so important to inform people as to what identification means nowadays. It's equally important to raise awareness amongst ourselves that we are, to some degree, relevant for any change in that direction, by building systems like that, hooking up to frameworks with that functionality and so on. http://www.timesofindia.com/130101/13mban11.htm http://www.siliconvalley.com/docs/regions/asia/073820.htm Joel Rees jreesmf@m... ------------------------------------------------------------------ The xml-dev list is sponsored by XML.org, an initiative of OASIS <http://www.oasis-open.org> The list archives are at http://lists.xml.org/archives/xml-dev/ To unsubscribe from this elist send a message with the single word "unsubscribe" in the body to: xml-dev-request@l...
|
