information leakage

on this page > non-disclosure agreements > criminal example > open systems and security   related pages > internet risks > trust > privacy > security   home page contact us information notions security notions other notions

paradoxes of power and possession Information may be power, but only if it is used. If I have a brilliant idea for making money, but I refuse to tell anyone about my idea, then it is worthless. It is impossible to use information without communicating it in some way. A person may not intend to reveal what he knows or believes; but if you pay close attention to their actions you will often be able to deduce it. In some contexts, blushing can be regarded as a form of disclosure. The value of information is inherently unstable. If nobody knows it, it's not worth anything; and if everybody knows it, it's not worth anything either. Information gains value when it's communicated, and loses value when it's not communicated. The pleasure of a secret is telling it. Sharing secrets is a powerful way of cementing a relationship. For many people, an untold secret represents an unbearable temptation. (Remember the fable of King Midas and the asses' ears.) Even the most imperceptible fissure can enable a leak. A skilled politician can communicate volumes to an astute journalist, without any obvious breach in Cabinet confidentiality rules. All it takes is a calculated hesitation, or an overhasty denial. On this page, we discuss two modes of information leakage:   into the public domain to competitors and other hostile agents

---

Non-Disclosure Agreements veryard projects > information management > information leakage > non-disclosure agreements

Non-disclosure agreements supposedly represent legal measures against information leakage. They probably represent a fantasy - that you can let go of information (and other intellectual property) without really letting go of it. Having your cake and eating it.

Non-disclosure agreements are based on the false premise that it is possible to control information. But do we understand enough about information in the first place?

NDAs belong to the paradoxes of trust. If you don't trust someone, you are unlikely to voluntarily share confidential information with them, NDA or no NDA. And if you do trust them, why do you need an NDA at all?

Perhaps NDAs are like marriage vows. Foolish to enter into such an arrangement unless there is already a strong basis of mutual trust. Submitting an already established relationship to a standard set of social norms. Mainly intended as a demonstration of seriousness to third parties.

And, like marriage, the ritual around NDAs is as important as the actual wording.

Non-disclosure agreements matter most when I'm in the middle of a chain of secrecy, entrusting A's secrets to C. The fact that C has signed a non-disclosure agreement gives me some comfort that I'm not betraying A's confidence. But when negotiating NDAs, I've found that the clauses that cause most difficulty are those relating to the transmission of information to and/or from third-parties.
.

Criminal Example veryard projects > information management > information leakage > criminal example

If you put items 1 and 2 together, there seems to be a strong hint of leakage of information from the XYZ company via John to a Smalltown jewellery gang.  The case against John is, of course, far from proven, but there are at least grounds for suspicion and further investigation.

However, although many MIS systems or data warehouses are capable of retrieving both Item 1 and Item 2 separately, I don't know of any computer systems that are capable of  intelligently linking these items.

One of the main challenges of this example is the way it mixes logical levels (data and metadata, if you like).  We are looking for correlations between events in the "real" world (robberies, claims) and events in an information world (enquiries, enquiry results).

This is also related to the question of Inference Control.

Inference Control veryard projects > information management > information leakage > inference control

Note that inaccurate inference (intelligent guess) may be good enough for many purposes, and may be damaging enough to the security of systems - especially when combined with social attacks.
 

Inference Privacy and Confidentiality The Raw and the Cooked

Open Systems and Security veryard projects > information management > information leakage > open systems

'The nature of knowledge is that it is extremely difficult, if not impossible, to maintain monopolies of information indefinitely, and there is a perpetual tendency for privately owned information to "flow back" into the public domain.'

Does the potential for information leakage reduce our enthusiasm for open systems?

References

Pierro Sraffa.  Production of Commodities by Means of Commodities.  Cambridge University Press, 1960.

Richard Veryard (ed).  The Economics of Information, Systems and Software.  Butterworth Heinemann, 1991.

top home page contact us
	This page last updated on November 11th, 2003 Copyright © 1999-2003 Veryard Projects Ltd http://www.veryard.com/infomgt/leakage.htm