Matt's Blog

Trust and databases

Tue Jul 25 21:08:46 BST 2006

Each person has data associated with them which defines who they are and what they have done. Knowledge of this data allows prediction of future actions or verification of past actions. Consider a national DNA database that can be used for law enforcement. The idea is that once a person is arrested for any crime their details are placed in the database, allowing identification of that person if they commit a crime in the future. The arguments for this system are that it is beneficial for society to punish criminals, and that if you are not doing anything wrong you have nothing to hide.

Security researcher [Bruce Schneier] presents a very good argument against a system such as this: we should not have to justify why we do not want our data to go into the database, rather the entity running the database should have to prove why they can be trusted with our data. Privacy is not a desire to hide wrongdoing, it is a fundamental human right.

In any organisation there are people who are in a position to introduce policay that reduces privacy and freedom in the cause of solving a problem. Here is my idea: make those people be the first to be subjected to the policy.

If a government decides to introduce a technology that has privacy or security implications for the population as a whole then the members of the government should be the first people on which the technology is tested. This includes the politicians, the civil service, police service and military. These groups are the trusted agents of the state, any technology that weeds out the untrustworthy will be beneficial for society as a whole.

Concrete examples: all politicians should have their DNA and fingerprints entered in the national criminal database. All politicians should be subject to criminal records checks. All civil servants above a certain grade should also be tested - ideally the entire civil service, but at present levels of technology this is impractical.

Companies that require random drugs testing of their employees should test the company directors as well, and more frequently. Many organisations follow a power law distribution of responsibility. A thousand workers are controlled by one hundred managers, who answer to ten vice-presidents, who are directed by the company director. The probability of being selected for an invasive test should be proportional to the number of people that that person controls, ie the company director should be a thousand times more likely to be selected for a test than a worker. The higher up in an organisation that a person is, the more damage they can do if they are untrustworthy.

[ideas] [security]


code (24)

erlang (5)
ideas (19)
lisp (1)
me (11)
notes (4)
ocaml (1)
physics (45)
qo (7)
unix (6)
vim (3)