IP Addressing Problems: on my laptop

shapj@us.ibm.com shapj@us.ibm.com
Thu, 14 Jan 1999 12:32:59 -0500

In large measure I agree with the point you are making, but I think there
is a point you are missing.

> if E has credibility (at least) for not creating new dangers...

In one sense, it's true that E could create security problems by virtue of
poor implementation.  In the larger sense, however, it isn't "E" that
creates the security problem; it's the user who does so.

Firewalls exist for two reasons: to protect a company from outside attack
(the alleged reason) and to socially discourage some of the ways in which
people inside a company communicate with the world.  The latter, please
note, is not an enforceable property in any strict sense.

You may say, and I might agree, that there are already many ways that
people communicate across firewall boundaries, and that from a purist
perspective adding another doesn't change the security story.

However, information leakage is not merely about who can copy what bits.
It is also about the social learning curve associated with new tools.  More
and more Information tools are now groupware-enabled, and typically do not
contain mechanisms that facilitate users who wish to take care about which
things cross corporate boundaries.  During the organizational learning
curve on a new tool, it may be highly desirable to make it difficult for
the tool to cross the firewall.

If a non-turing-complete application has means to load and store things
across a firewall, there is a certain amount of damage that a user can do
with it..

If an application is turing-complete (e.g. any app with a decent macro
language), it is a much more powerful application, and the potential
consequences of user error are in consequence much larger.  Further, a
well-intentioned user may load behavior (code) that runs as them that does
things they don't intend to do.  Couple this with the ability to cross a
firewall and you have introduced a new opportunity for the user to *admit*
the trojan horse by downloading it and running it.

Now one answer to this is: educate the users not to run unknown programs.
In the face of embedded macros this grows increasingly difficult for the
user to detect and therefore increasingly difficult to implement.

How this relates to E:

If I am a paranoid company, and E makes it easy for my employees to
electronically collaborate with others from the corporate workplace, I
would probably be reluctant to install it.  The problem is that in a world
of increasingly easy software download, non-installation policies are
growing nearly impossible to enforce.

>From a purely social perspective, I might argue that education is the right
answer and tight controls of this sort are self defeating.  Ultimately,
this is why Silicon Valley still exists and Route 128 does not.
Regrettably, most companies are a long way from being ready to work in the
new reality.