Once again, time to update the Catastrophe Disclosure Trigger. When first implemented the mechanism simply monitored an inhibit input once a week. If the inhibit command was not received in a timely fashion, the entire conditional data set was automatically distributed. This kept the bad guys vigilant. Not only would they not interfere with his ability to explicitly send the message each week, they had an interest in his well being because he alone could send the message. Was this expecting to much?
The second major update came when it was recognized that the sensitivity of the data set, as amended, was important enough to the bad guys to inspire an extraordinary effort to discover the location of the data and erase it. Storing it in the cloud and making sure all read/write access transactions covered their trail and were used only once satisfied the extended requirements at the time.
These techniques, sophisticated conditional disclosure and privacy are the basis of electronic social networking. Because the need for the Trigger predated the identity project it proved quite useful as a model for the security framework. The challenge was and still is reconciling the often contradictory goals of flexibility and safety.
This update, then, was to take into account how small groups of players could be assured of fair protection from any risk created by an accountability breach in the machine. The update was not complete so it would use the phased implementation approach. This was the first time that it would be tried before testing of the last module was complete. Some risk yes, but the urgency was worth it.
No comments:
Post a Comment