Member-only story
Trusted Audit
The Answer To “Who Watches the Watchers?” (Quis Custodiet Ipsos Custodes?)
Kerckhoffs’s principle (Auguste Kerckhoffs, 19th century, aka Kerckhoffs’s desideratum, assumption, axiom, doctrine or law) states that a cryptosystem should be secure, even if everything about the system, except the key, is public knowledge. Claude Shannon maximized it as “the enemy knows the system”, or “one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them”. Therein, secure systems are to be designed assuming that opponents know it in detail. It is the common maxim among cryptographers therein that “security with obscurity is a malady” or there can be no security with (systematic) obscurity. Though we have to keep in mind the caveat that we should have learned by now that 1000s of people are looking at it (refer: CVE-2008–0166), which connotes that no systems can be salvaged when systems are a disaster to start with.
The need for partial open audit on certain systems and data is to earn the trust from the people to be able to function and willing to function on the system whether it be monetary, administrative, transactional or operational. Only when people trust and understand the system, can they be willing and able to function within the ecosystem along with the policies it governs in code and in law. Hence, the `need to know` should be based on that.
1. Food System Security
2. Financial System Security
3. Informational Integrity Security
3.1. When Open Audit Can Be Misused
3.2. Decision Machines
4. Social Justice
5. Open Mistakes
6. Crux
7. Criteria
7.1. Tenability And Secure Tractability
8. Crucible
9. The Demand For Proofs
10. Disintermediation
11. Where Would Blockchain Be Helpful?
12. Where Is The Point Of Reference Of Center In The Middle Path?
