Thursday, September 14, 2006

Protecting California's state secrets... reports that an LA talk show also accessed Arnies web site.

You would think that with all his experience fighting robots etc Arnie would know better.

Part of the problem is incompetence. Private data should never be stored on a public Web server. Come to that didn't US politicians learn to stop taping themselves after the Nixon Watergate tapes became public?

A larger part is the fact that computer security systems are too hard to use. A large part of the problem is the fact that we still use systems designed to protect access and not data. It is not suprising that ACL based security schemes based down when 300Gb disks cost $200. In the traditional model, access controls are applied to the directory entry describing where a resource is stored. When the file is moved the access controls are lost.

If we are going to have security systems that work we need to apply the security protections to the data so that the access controls move with the data. In other words we need a DRM/CRM type security system.

No comments: