brandon_scott (brandon_scott) wrote,

  • Mood:
  • Music:

Is bad security worse than no security?

The Obama-Biden Transition team promised last Monday that they would provide most policy documents from meetings with outside groups – i.e., lobbyists – would be posted on the Web site.

By Wednesday, Dec. 10th, this policy already saw some interesting results. David Kravets over at Wired’s Threat Level blog pointed out that the site has already published a paper detailing the requests of the MPAA’s lobbying organization, which include requesting filtering information from technology companies.

I’m not against the MPAA using the means available to protect their intellectual property concerns, but there are two problems with filtering: false positives, and performance degradation.

False positives are already a major problem with the content industry – back in 2003, the RIAA sent a cease and desist letter to Penn State University – they had confused work from Prof. Peter Usher at the Department of Astronomy and Astrophysics with that of Usher, the R&B pop singer.

This is also a recent problem; in October of 2007, Google launched a copyright filter for the YouTube Web site. It, too, has many false positives. For example, a fan production of the reality TV show "The Mole" was removed, presumably, because it was confused with the real thing by the filter. Judging from the production values of the fan-film, it’s very unlikely that a human censor would confuse the two.

(Fun fact I learned while researching for this entry: Andy Warhol made a “Batman” fan film back in 1964.)

Videos removed for copyright complaint – legitimately or not - have been catalogued (but not archived) at YouTomb, a project from MIT Free Culture.

But YouTube is one, privately operated Web site. Filtering the content as it is uploaded merely affects the time to publish, not the time to distribute. Additionally, videos can also be hosted on competing sites.

If one were to try to use filtering on the Internet as a whole, as the MPAA seems to be lobbying, it is likely that the results would be similar to the results of the tests run by the Australian government – where even the best of filters degraded network performance, and the better the filter was at avoiding false positives and false negatives, the more performance degraded. Even the best filter wasn’t very effective.

The lesson to learn from all of this is that too often, measures taken in the name of "computer security" – even if it’s to instill a false sense of security – can have serious impacts on network performance. For this reason, those in the enterprise responsible for making sure that networks remain secure and those responsible for making sure that applications remain responsive absolutely need to coordinate efforts.
Tags: writings

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.