10.17.2008

Mandatory Encryption - a silent tax.

Nevada this month enacted a law mandating
all businesses there to encrypt personally-identifiable customer data, including names and credit-card numbers, that are transmitted electronically.
Cool.

So - where are the keys?

PKIX notwithstanding - single sided authentication works in the web (HTTP) world and presumably would fulfill the requirement of encryption during transmission. We have it today - no cost involved.

But email encryption implies S/MIME or proprietary schemes, and a set of technology available to users and businesses alike. It means that those communicating with businesses are not only "registered" with that business, but have the appropriate software and security artifacts (keys, certs, what have you). Average per user cost? $50 a computer according to estimates.

The Wall Street Journal goes on to report
The new state data-security laws are stricter than past regulations, which only required businesses to notify people whose personal information they lost. The new laws establish a standard that can be used by plaintiffs in civil suits to argue that a business that lost data was negligent, said Miriam Wugmeister, an attorney with Morrison & Foerster LLP.
So - how well would have the new legislation protected the 47 million customers of the TJ Maxx conglomerate?

A better solution might be to require companies that transact business with retail customers to delete credit card information once a transaction is completed and approved by the credit card company. Leave essential CC authentication data in the hands of the authenticator (user).

This doesn't solve the other use cases, medical records or portions thereof, or business to business communications. But the later is of significantly reduced scope to the consumer case.

Healthcare organizations will be driven to more web based interactions with their patients, forgoing the quick Dr's note which the patient requested. Rather they will simply send a link saying "Sign in to discover what we can't tell you here."

Mandating "encryption" is like mandating the color of your car - it may look nice - but its probably not exactly what you wanted, especially when you have to pay for it.

10.16.2008

5 Years of 401(k) Contributions - "Poof!"

In assessing the personal damage from the current "World has Changed" events - I realized that the past 2 months have erased (yes - erased) 5 years of contribution to our 401(k). Granted - that's before taxes - but still ... its a shock. And a loss.

That said (and felt ), I bless my God - who is not made of wood or stone, or even precious metals or jewels, or indeed any made thing, rather He is, and He who was, and is, and is to come, and who has provided for me and my family faithfully - beyond anything I can ask or think. And I expect no less of Him in this time.

"Be anxious for nothing, but in everything by prayer and thanksgiving, let your requests be made known to God. And the peace of God, which surpasses all understanding, will keep your hearts and minds in Christ Jesus." Paul's letter to the Phillippian Church, Chapter 4, verses 6 & 7

So we are thankful that in Him we live, and breathe, and have our being. And our meals, and our house, car, dogs, school, music, church, friends, and work. And the living God Himself. We are excited to see the awesome things He does in our lives, our home, and in our community, in the midst these times that will try men's souls. And challenge ourselves.

~r

10.11.2008

Financial Crisis and Terrorism

This past week, on October 8th to be precise, British Prime minister Gordon Brown used the British version of the Patriot Act, the "2001 Anti-Terrorism and Anti-Crime Act" to freeze Icelandic assets in British banks. This legislation, enacted in the wake of the 9/11 attacks in the United States, was proposed to protect the British Public from terrorism and crime by granting to the state special powers. These powers include the seizure of assets - supposedly to mitigate a terrorist's or criminal's means of practicing their trades. 

The backdrop of Gordon Brown's action is the historic financial collapse Iceland has now suffered. In its wake, the Icelandic state has made financial guarantees which simple arithmetic suggests are far from the realm of possibility. But this is only backdrop. The key feature of the British action against Icelandic assets is the use of legislation that in no way was intended to be so used.

Granting new powers to the state in times of fear and crisis almost always have unintended and negative side effects. Those who have contested both the British anti-terrorism and U.S. "Patriot" acts and the extended powers they grant have been accused of un-patriotic or even disloyal sentiments. But Gordon Brown's unprecedented actions underscore the threat where powers are granted under the guise of "safety and security," and consequently used for the convenience of the state. While the British government will no doubt defend its actions with explanations of the criticality of the threat to British assets - this will sidestep the fundamental issue.  The use of anti-terrorist law for purposes decidedly unrelated to terrorism is a different kind of threat - the latter perhaps equal to the former.

If the lines between controlling terrorists and friendly economic partners can be eradicated by no less than the Prime Minister of one of the leading democratic western powers in a time of crisis - what can we expect from governments with histories less democratic in nature?

Key to the principle of limited government is the recognition that government can't do/fix/be everything that is wrong in our lives. And yet, increasingly it appears, we look to our government as the solution, even if of last resort - despite the erosion of liberty that inevitably results. Whether the "Patriot Act," or new legislation intended stem the flood of financial failure - we might ask why we think rapid and sweeping legislative action in the absence of broad, open, and deliberate debate will achieve what prior legislation has failed to do?  I'd like to think we'd resist the temptation to accept at face value "solutions" proffered  with the attendant risk that it may cost us more than they are intended to save. 

We are faced with an unprecedented financial crisis, and one of global proportions. Its repercussions will take many months, if not years, to be realized. The impact on our day-to-day lives will be significant. We will witness the emergence of geo-political alignments that were previously unthinkable. And yet, live our lives we will, and by God's grace, well.

Of all tyrannies a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience. -C.S. Lewis

~r