Cart
[Home] [By Thread] [By Date] [Recent Entries]
Hi Joel Please, no need for excuses. I'm glad you took some time to reply again. My original intention in writing this series of mails to this particular list, is that I wanted to see what kind of sensitivity we, as a community, have when it comes to indentitiy, intergrity and similar concepts and our leverage on those things in developing particular solutions and discussing others. Comments inlined Best, /Dimitris -----Ursprungligt meddelande----- Från: Joel Rees [mailto:rees@s...] Skickat: den 6 juni 2001 14:05 Till: Dimitris Dimitriadis Kopia: XML DEV Ämne: Re: Copyrighting schemas, Hailstorm (strayed a bit) Hello, Dimitris, I really did a poor job of clipping and inserting when I responded below, and I apologize. I guess what I'm driving at is this -- the governments of various nations (and various corporations with out-of-control ambitions) _will_ try these kinds of things. Some of them will go down in flames, but some will unfortunately succeed. Going out of our way to build the standards to prevent such abuse will only make it harder for us to defend ourselves. The best approach is clean, simple, open standards. [dd] I fully agree. And, I'd like to add, keeping an eye open for what goes on and try to inform people to prepare them for various situations. We all have some older relatives who are possible future victims as they don't know technology. Look at the encryption flap in the US. That one actually came really close to the wire. Fortunately, there were some of us developing alternative technologies on an open base and getting them outside of the government's control as fast as possible. (We still aren't safe, barely any breathing room, but at least we held the control freaks off until we could get Mr. Slick out of the oval office. Cycling is a good thing, and will help us again in four to eight years.) And look at Microsoft. We are to blame for creating that monster. We let them get ahead of us. We (as an industry) told ourselves no sane person would buy their snake oil, and spent too much time too far beyond the cutting edge solving the next decade's problems before we knew what they were. They grabbed the bits and pieces that were too mundane for us and did a little end-run around our pieces of the frontier. And we keep using the tools they build for us. [dd] My original mail may have been posted as a reply to a thread that had to do with Hailstorm, but wasn't directed at them. Needless to say, of course, I do have difficulties in accepting that large corporations gain control over identification means (this is probably because we have let the current model emerge withouth putting it under thourough analysis). I also want to separate identification from services (which is my reply to Len's original question). But I don't think that's enough. Even if we were to do that, we'd have lost another battle that would have been goin gon simltaneously. That of integrity. Constant vigilance. And regularly going to the polls and voting people out and voting government smaller. Also, voting with your pocket book, even when it hurts in the short run. You can't substitute for these in code, so you have to build the code strong enough to defend yourself with it when you need to. And you have to make the technology available to as many people as you can, especially freedom-minded people. [dd] I definitely agree with you here, and especially with the last sentence. If nothing else, the goal is to raise awareness amongst ourselves. One nice advantage -- power mongers have a harder time understanding clean, simple code. Convoluted code is easier for them to pervert. [dd] So, again risking making people very tired, what are other peoples' views on these matters? What can/should we do to avoid ending up in a 1984ish scenario? Should we care to begin with? My two jpy. Joel Rees jreesmf@m... Dimitris Dimitriadis" <dimitris.dimitriadis@i...> To: "'Joel Rees'" <rees@m...> Cc: "XML DEV" <xml-dev@l...> Sent: Monday, June 04, 2001 9:18 PM Subject: SV: Copyrighting schemas, Hailstorm Hi Joel Thanks for your reply. Comments inlined -----Ursprungligt meddelande----- Från: Joel Rees [mailto:rees@s...] Skickat: den 4 juni 2001 07:04 Till: Dimitris Dimitriadis; 'Bullard, Claude L (Len)' Kopia: XML DEV Ämne: Re: Copyrighting schemas, Hailstorm Dimitris Dimitriadis wrote: [snipped] [dd] If I have a particular set of identification means (password, voice, retinal scan, fingerprint, what have you) and rest assured that that's enough and they can be forged and used by others, we end up in the pig loving donkey case (only difference being that I have less money and more bills, possibly even a secret lover I didn't know of until then). If, on the other hand, we can come up with alternative means that cannot be forged, we can rest assured that nothing bad will happen. [snipped] Forgeries have always existed and always will. So are you asking how to keep the statical rate of occurence low enough to avoid violent revolution? (in spite of the fact that your tool is primarily a box that allows people to do stupid things at higher and higher speeds.) --- [dd] Forged identity is only one of the many unwanted things I mentioned. In the context you copied from, it had to do with the most obvious danger, that of using information in a simply wrong way. That, however, is too obvious a thing to discuss at length. There's a series of other effects frameworks like the one we're discussing can have: 1. Collecting information about people to predict behaviour (done today already, no big deal) 2. Creating platforms that use that kind of prediction engines to "simplify ordinary people's lives", that is, sell them stuff 3. Making the platform big enough for non-typical services to use the platform as a primary menas of cummincation between subject and service giver (govenrment, non-profit organizations, what have you). 4. Scale this up any number of times. So onow the question becomes: who has primary access to my identification means? Obviously not the bodies that have, up to now, done the job. This power gets transferred to other kinds of organisations. Trivially, these organisations can keep track of every piece of information you send around. (Connect this to the work done on the semantic web to get some idea of why the layer of trust is needed) Why, then, is this relevant to xml-dev? Well, our beloved syntax makes these things possible to a far higher degree than ordinary binary code does. And as we are responsible human beings, we should have some clue as to what kind of consequence it could have. Arguments that, by the way, I cannot see have any relevance (and please correct me if I'm wrong) are: 1. Weapons do not kill people, people do 2. People know what they do when they sign up for various services (ask the farmers in the backwoods of India, I don't think what their fingerprints could lead them to) 3. Forgery can be tried in a court of law. (Sure, but the question is how you measure activity in a system you don't have access to, in order to realise that someone has broken the law) --- Has anyone noted the news items about computerizing land records for farmers in the backwoods of India? They use fingerprint IDs, and the government officials in charge seem sold on the concept that since passwords aren't being used they can't be abused. Said government officials have extrapolated to a zero probability of forgery (or at least a low enough probability of forgery). [dd] I think this goes to show why it is so important to inform people as to what identification means nowadays. It's equally important to raise awareness amongst ourselves that we are, to some degree, relevant for any change in that direction, by building systems like that, hooking up to frameworks with that functionality and so on. http://www.timesofindia.com/130101/13mban11.htm http://www.siliconvalley.com/docs/regions/asia/073820.htm Joel Rees jreesmf@m... ------------------------------------------------------------------ The xml-dev list is sponsored by XML.org, an initiative of OASIS <http://www.oasis-open.org> The list archives are at http://lists.xml.org/archives/xml-dev/ To unsubscribe from this elist send a message with the single word "unsubscribe" in the body to: xml-dev-request@l...
|
