[cap-talk] Horton vs. ACLs - private namespaces and the AuditProblem

[David Hopwood]

Karp, Alan H wrote:
> MarkM wrote:
>> Without asking us to wade through the text of these, can you provide
>> us with any insight about how this could possibly be the case? How
>> would one write an automated compliance predicate that could give a
>> meaningful answer from such a low level trace of human-meaningless
>> data? If the regulation is simply: "though shall record oodles of
>> stuff", then I can see it. Otherwise, I can't imagine a compliance
>> test that could be answered from these logs.
>
> Did Alan Karp access the file containing the upcoming quarterly results
> during the quiet period in which he traded HP stock?  While a response
> of "no" is inconclusive, a "yes" lands Alan in a world of hurt.
> Depending on what gets logged, you might only be able to ask if Alan had
> permission to access the file.  In this world, that makes Alan an
> insider and is enough to get him in trouble.

So if I have permission to the file, and authority to transfer that
permission to Alan, I can frame Alan as an insider?

-- 
David Hopwood <david.hopwood at industrial-designers.co.uk>