[cap-talk] The Limits of POLA's Utility - Social Engineering

[Stiegler, Marc D]

> My scenario specifically doesn't require Gramma to break any 
> of the rules. The virus does not ask to be embedded as part 
> of the OS. It only asks for authority to access a single 
> remote machine (Alice's in the original example, Gramma's 
> neighbour in the cooked up scenario). Maybe I'm 
> misunderstanding the rules but I would have thought that 
> granting the virus this small amount of authority wouldn't 
> break Gramma's rules.
> 
> >Granma, like everyone else, can choose to accept such possibly 
> >unbounded risk if she has a purpose she considers compelling enough.
> >
> >In the actual scenario, with the additional context you just gave, 
> >Granma would probably ask her grandson Bobby to help her.
> >
> I grant that this is a real possibility. It's less likely if 
> Gramma isn't violating her rules though, which I contend she' 
> s not. Can I get your opinion Marc, on whether you think that 
> granting the virus the authority to access the machine of the 
> person who Gramma will be spying on would break her rules?

Aha, I think we have missed communications. There are several steps and several variations running around here, and I got confused. 

I had confused myself into believing that the scenario had a single step, where the virus says, "gimme all your authority and I'll give you all the data on your neighbor's machine." For this scenario, Granma is covered.

However, here's the alternate I now realize you are pondering. If the virus says, "granma, just give me the authority to talk to this one other machine, and I'll tell you everything your neighbor has on his machine", you are correct, this does not violate the rules. The place where the rules get violated in this version of the game is when the virus says, "ok, now gimme all your authority, or I tell the neighbor you've been spying on him." Granma still has some defenses but none of them are as satisfactory. 

One is, this is a weaker attack, in that granma must both be interested in the neighbors data, and must also be afraid of having the neighbor know she has snatched the data -- the virus needs for Granma to have more desires than in the first scenario. This is particularly weak if Granma intends to expose the data she has snatched, at which point the neighbor will become aware that she got the data anyway. 

Second defense, it will be interesting for the virus to prove to the neighbor that Granma stole the data if Granma denies it. 

Third, Granma has an amusing counterattack, which is, "Neighbor, if you didn't want me to have this data, then why did you install a program on your computer that would give it to me? I naturally assumed you knew this was being given to me. You aren't running one of those antique obsolete computers like a Windows box, are you? Or did you violate Granma's Rules of POLA for some reason? Tsk, tsk, tsk, neighbor." :-) 

Fourth, there is a physical-world metaphorical warning handy, the made-for-tv movie plot of Alice hiring a detective to spy on Bob, and the detective blackmailing Alice with the threat of telling Bob. I would consider this fourth one the most powerful of the defenses, except that we have made our computers sufficiently alien in behavior that people are rarely able to make the cognitive pattern match from the physical world to the cyber world. 

Upon reflection, I think the third alternative is actually the most powerful one. Once Granma had gotten comfortable with the idea of POLA-based computing, it would be sensible for her to assume that, if the neighbor really cared about his data leaking, he would have been more careful. Being dumbfounded that the neighbor hadn't taken care of his own stuff would be, not naïve, but rather rational.

All of which is an intriguing reminder that, if we were to secure a majority of our computers properly, the societal norms of expected behavior would be modified because the underlying assumptions had changed.

--marcs