[cap-talk] The Limits of POLA's Utility - Social Engineering

Wed Jun 7 09:44:43 EDT 2006

Toby Murray wrote:
> David Hopwood wrote:
> 
>> Toby Murray wrote:
>> [...]
>>  
>>
>>> The virus has exploited Bob's human weaknesses, thereby corrupting his
>>>
>>> ability to make good trust decisions. The provision of POLA hasn't 
>>> helped Bob.
>>>    
>>>
>> I have to say that I don't see the problem.
>>
>>  
>>
>> Bob has been hoist by his own petard; he did something illegal (or at
>> least immoral) and got caught. Tough.
>>  
>>
> Yes. But I wonder if there isn't a case for building systems that 
> protect users against themselves.
> 
>> Alice was not running a POLA system, and therefore we cannot say that it
>> is a failure of POLA that allowed her files to be accessed.
>>
>>  
>>
> It's not so much that Alice's files got accessed. It's just the bigger 
> question of "Can POLA stop viruses?".

Isn't the real issue here: can POLA stop users from making bad
decisions? Phrased that way, I think it's obviously "no".

I don't think it's feasible to do better than that though, as it then
raises the question: who are you to decide what's a bad decision for me?

Sandro

> One thing that has always been a 
> big selling point with capabilities for me is POLA and that in the 
> current environment, POLA might largely kill the effectiveness of the 
> current breed of malware. I guess I'm just saying that if we can't also 
> protect users from themselves, then POLA might not be enough.
> 
> I take the implied point that Bob might not "deserve" helping in this 
> instance. That said, it's interesting to look at the historical 
> precursors to POLA and where they were motivated from. I've read some of 
> Nick Szabo's stuff that draws parallels between eg. the Separation of 
> Powers and POLA. (I hope I'm not misrepresenting him here). There are 
> quotes from the Federalist papers (if I remember correctly) that 
> motivate the design of the governmental system with language like 
> "ambition must be made to counteract ambition", "if all men were angles 
> government wouldn't be necessary". Surely, these are arguments along the 
> lines of "The system must protect users against their own [bad] nature, 
> for the good of all".
> 
> A system that prevented Bob from doing the illegal/immoral thing would 
> make him and Alice more secure. My original point was that POLA might 
> not be sufficient to do this sort of thing. But if not POLA, then what 
> could help protect Bob from himself?
> 