|
|
Les Approximations Dangereuses:
The Sorcerer's Apprentice and other Dangerous Approximations
The myth of the Sorcerer's Apprentice can be summarized
by the old saw, Beware what you wish for, your wishes may come true.
In
cyberspace, the intersection of security, privacy, and access continue to
create new challenges for corporate security, law enforcement, privacy, and
safety. The tradeoffs are many, the implications subtle. The public discourse
on these topics has more often than not failed to take into account past
experience with similar hazards; ignoring the reasons for pre-Internet
limitations on information gathering and behavior. Often, seemingly obvious
solutions to problems have subtle hazards and dangers, and have side effects
worse than the original disease. The best of intentions can go awry, as in
December 2001, when America Online's spam filtering mechanisms waylaid Early
Action admissions decisions emailed to applicants by Harvard University.
Surveillance, monitoring, and protection tools often
represent the only way in which applications and support networks can be
monitored and protected. The
technologies and their internal approximations are highly useful, but are
often employed with a focus on their strengths, with a lesser degree of attention
paid to their limits and robustness.
The side effects vary widely, from inconsequential
annoyances to the electronic equivalents of multiple sclerosis, progressive
diseases which effectively incapacitate the affected systems. While it is
true that the connected world would not and could not exist without these
approximations, there are dangers and limits.
Approximations however, are not reality. Understanding the
limits of approximations is critical to their safe use. Conclusions beyond
the scope or validity of the approximation are dangerous to all parties
involved. While active responses to perceived attacks are the most serious
concern, even seemingly innocuous defensive measures can have a severe impact
on an organization and its customers and partners.
|