Archives » April 3rd, 2002

April 3, 2002

Catching On

I think I’m catching on to this blog thing. Read, Think, Write. Repeat.

Hmmm……

CBDTPA

I’ve been reading about the Consumer Broadband and Digital Television Promotion Act lately, and seeing a very scary proposal. Doc has been doing some excellent coverage of the CBDTPA, so I won’t go into it too much here. I also read Jeremy Bower’s article on the consequences of the CBDTPA. As I did, something struck a parallel in my mind. Jeremy says:

I have never seen a bill that as immune to criticism as the CBDTPA!

It’s absolute genius. The content industry raises their arguments, and progress their cause. We raise our counter-arguments, based on appeals to absurd results, and in the process, progress their cause all the further. We (irrationally) lose credibility in the eyes of the the undecided, and (irrationally) reinforce the arguments of the content industry, namely that those who object are stretching to find any excuse to continue the “rampant piracy”. (Because why else would we say such wacky things like this completely eliminates legal fair use?) They can’t lose!

So basically, they’ve set it up as “either you’re with us or you’re against us”. If you try to speak out against it, you are branded as one of the very criminals it’s trying to stop, and your dissent is seen as nothing more than the whining of someone who is being stopped from committing their favorite crime.

It reminds me a little too much of current US foreign policy and warmongering. Bush has tried to brand countries who are against our “terrorism abatement” tactics as terrorists themselves. Either you’re with us or you’re against us. If you don’t like our “war on terror”, then it must follow that you’re a terrorist. Even at home, too many people are soiling the good name of patriotism by labelling any criticism of the “war” as an Anti-American act, akin to treason. I guess the same thing happened to the Vietnam War protesters, and will happen during any war. Either you’re with us or you’re against us. The high and mighty get to thinking their way is the only right way, and see any kind of dissenting viewpoint as not only a threat but a direct attack.

The CBDTPA is just latching onto that mindset and moving it into the digital arena. Ridiculous. The Constitution was written to protect us from people like that.

The Password Is…

Peterme pointed to Bonnie Nardi’s interview about designing software to be easier to use. The article itself makes plenty of good points, and ties in a lot with The Inmates Are Running the Asylum, which I’m reading now. But Peter picks up on the one point she makes about not liking passwords, and in his short comments seems to dismiss them enPeterme pointed to Bonnie Nardi’s interview about designing software to be easier to use. The article itself makes plenty of good points, and ties in a lot with The Inmates Are Running the Asylum, which I’m reading now. But Peter picks up on the one point she makes about not liking passwords, and in his short comments seems to dismiss them entirely. Maybe he’s had some bad experiences with passwords in the past.

As a sysadmin myself, I suppose I’m one of those “IT types” who has “convinced us that we NEED these things.” I agree that managing passwords can get out of hand, and having to enter them constantly seems like too much of a hassle for little benefit. But, if I may play devil’s advocate for a while here, the computer password is not the only intrusive and annoying security (authentication?) device out there. I don’t hear people complaining much about keys (“You mean I have to carry this little metal thing with me everywhere just so I can drive my car?”) or IDs (“What do you mean you won’t let me withdraw $2,000 from my account without an ID?”) or combination locks (“It’s so annoying to spin that little dial when all I want to do is take my bike off the rack”). I see a password as just another way to protect what’s yours, and make sure that access to your stuff is limited.

It all comes down to a matter of trust. Do you trust the public at large to not steal your car or bike or touch your bank account? Do you leave your house unlocked when you go out for the day, trusting that no one will just walk in and help themselves? Do you trust that no one will log into your e-mail account and go through your Inbox? Sure, if you forget a password, you’re locked out of your computer, just the same as if you lose a key, you’re locked out of your car. That doesn’t make keys unnecessary, any more than it does passwords. The difference seems to be that people have had time to get used to keys, where password computing is relatively new.

At my company, we have a high level of trust. Most passwords are simple, and all the same. Most usernames have access to almost everything. It’s the same as living in a building where everyone trusts each other and leaves their doors unlocked. But, a stronger system is there, just lurking under the surface. The higher-ups have complex passwords. Some of the network shares have restricted access. A security plan is in place just in case we need it, where we could change passwords and lock down data. It’s the comfort of knowing that your door does have a lock, even if you never use it.

Protecting data is sometimes necessary. We need a system that lets certain people in and keeps others out. In the real world this is done with doors and windows, locks and keys. On the computer, passwords are just about all we have. You can tell the night watchman that Sally is allowed in the building after 8pm; the watchman knows Sally by sight, so he’ll let her in when he sees her. You can tell the computer that Sally is allowed access to the accounting data, but the computer has no idea who Sally is. Sally can only interact with the computer through a keyboard and mouse, so the possibilites are very limited. The computer asks “Who are you?” Sally can type *sbergman*, her username. But how does the computer know it’s really Sally? What’s to stop Richard from the mailroom from typing *sbergman* and being able to look at all the accounting data? Sally needs some way to prove her identity, and a password is just about all there is right now.

We do need something better, since passwords aren’t all that great. PassFaces are out there, but they seem even worse. Biometrics are up-and-coming, but still pretty expensive. What else is there? How else can Sally prove to the computer that she really is *sbergman*? Like them or not, passwords are here for a while.