paradoxes of power and possession
On this page, we discuss two modes of information leakage:
Non-Disclosure Agreementsveryard projects > information management > information leakage > non-disclosure agreements
Non-disclosure agreements supposedly represent legal measures against information leakage. They probably represent a fantasy - that you can let go of information (and other intellectual property) without really letting go of it. Having your cake and eating it.
Non-disclosure agreements are based on the false premise that it is possible to control information. But do we understand enough about information in the first place?
NDAs belong to the paradoxes of trust. If you don't trust someone, you are unlikely to voluntarily share confidential information with them, NDA or no NDA. And if you do trust them, why do you need an NDA at all?
Perhaps NDAs are like marriage vows. Foolish to enter into such an arrangement unless there is already a strong basis of mutual trust. Submitting an already established relationship to a standard set of social norms. Mainly intended as a demonstration of seriousness to third parties.
And, like marriage, the ritual around NDAs is as important as the actual wording.
Non-disclosure agreements matter most when I'm in the middle of a chain
of secrecy, entrusting A's secrets to C. The fact that C has signed a non-disclosure
agreement gives me some comfort that I'm not betraying A's confidence.
But when negotiating NDAs, I've found that the clauses that cause most
difficulty are those relating to the transmission of information to and/or
Criminal Exampleveryard projects > information management > information leakage > criminal example
|Item 1||It is a Wednesday morning in October. John arrives at his desk at XYZ insurance company, and logs onto the computer system where he runs several adhoc enquiries. Including the following one: "Find all households in Smalltown with jewellery insured value over £5000 and no burglar alarm and no dog." All John's enquiries, including this one, are logged in the system, and his department is cross-charged for the computer time.|
|Item 2||During November, there was a spate of burglaries in Smalltown. The XYZ company has received claims for stolen jewellery amounting to over 2 million pounds, several times larger than the expected amount.|
If you put items 1 and 2 together, there seems to be a strong hint of leakage of information from the XYZ company via John to a Smalltown jewellery gang. The case against John is, of course, far from proven, but there are at least grounds for suspicion and further investigation.
However, although many MIS systems or data warehouses are capable of retrieving both Item 1 and Item 2 separately, I don't know of any computer systems that are capable of intelligently linking these items.
One of the main challenges of this example is the way it mixes logical levels (data and metadata, if you like). We are looking for correlations between events in the "real" world (robberies, claims) and events in an information world (enquiries, enquiry results).
This is also related to the question of Inference Control.
Inference Controlveryard projects > information management > information leakage > inference control
Note that inaccurate inference (intelligent guess) may be good enough
for many purposes, and may be damaging enough to the security of systems
- especially when combined with social attacks.
Privacy and Confidentiality
The Raw and the Cooked
Open Systems and Securityveryard projects > information management > information leakage > open systems
'The nature of knowledge is that it is extremely difficult, if not impossible, to maintain monopolies of information indefinitely, and there is a perpetual tendency for privately owned information to "flow back" into the public domain.'
Does the potential for information leakage reduce our enthusiasm for open systems?
Pierro Sraffa. Production of Commodities by Means of Commodities. Cambridge University Press, 1960.
Richard Veryard (ed). The Economics of Information, Systems and Software. Butterworth Heinemann, 1991.
Copyright © 1999-2003 Veryard Projects Ltd