[EMAIL PROTECTED] wrote:
You're talking about entirely different stuff, Lynn, but you are correct that data fusion at IRS and everywhere else is aided and abetted by substantially increased record keeping requirements. Remember, Poindexter's TIA thing did *not* posit new information sources, just fusing existing sources and that alone blew it up politically. As a security matter relevant here, we can't protect un-fused data so fused data is indeed probably worse.
but this is the security issue dating back to before the 80s ... when they decided they could no longer guarantee single point of security ... in part because of insider threats ... they added multiple independent sources as a countermeasure. the crooks responded with collusion ... so you started to see countermeasures to collusion appearing in the early 80s.
the advent of the internet, sort of refocused attention to outsider attacks ... even tho the statistics continue to hold that the major source of fraud is still insiders ... including thru the whole internet era. the possibility of outsiders may have helped insiders obfuscate true source of many insider vulnerabilities.
the issue with auditing to prove no possible vulnerability for a single point ... leading to the extremes of having to prove a negative ... can possibly be interpreted within the context of attempting to preserve the current audit paradigm.
independent operation/sources/entities have been used for a variety of different purposes. however, my claim has been then auditing has been used to look for inconsistencies. this has worked better in situations where there was independent physical books from independent sources (even in the same corporation).
As IT technology has evolved ... my assertion is a complete set of (consistent) corporate books can be generated from a single IT source/operation. The IRS example is having multiple independent sources of the same information (so that you can have independent sources to check for inconsistencies).
The fusion scenarios tend to be having multiple independent sources of at least some different data ... so the aggregation is more than the individual parts (as opposed to the same data to corroborate).
ref: http://www.garlic.com/~lynn/aadsm24.htm#35 Interesting bit of a quote http://www.garlic.com/~lynn/2006h.html#58 Sarbanes-Oxley http://www.garlic.com/~lynn/2006l.html#1 Sarbanes-Oxley --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]