*Note:* You are reading this message either because you can not see our
css files (served from Lygo, a Lycos image server, for performance
reasons), or because you do not have a standards-compliant browser. Read
our design notes <http://www.wired.com/support/explanation.html> for
details.

*Welcome to Wired News.* Skip directly to: Search Box <#search>, Section
Navigation <#nav>, Content <#content>.

Wired News	</>
*Search:*

  Text Size: Small Text <#> Normal Text <#> Large Text <#> Larger Text
<#> [Home] </index.html>[Technology] </technology.html>[Culture]
</culture.html>[Politics] </politics.html>[Wire Services]
<http://wireservice.wired.com>[Blogs] </support/blogs.html>[Columns]
</columns.html>[Wired Magazine] <http://www.wired.com/wired/>
 


  How to Code a Constitution


 

Breaking News	


        Breaking News from AP and Reuters

    * Alito parts with conservatives on execution
      <http://wireservice.wired.com/wired/story.asp?section=Breaking&storyId=1153481&tw=wn_wire_story>

    * Lawyer for US priest says to appeal extradition
      <http://wireservice.wired.com/wired/story.asp?section=Breaking&storyId=1153475&tw=wn_wire_story>

    * More cartoons, protests in Mohammad blasphemy row
      <http://wireservice.wired.com/wired/story.asp?section=Breaking&storyId=1153470&tw=wn_wire_story>

    * Raytheon quarter profit rises on defense sales
      <http://wireservice.wired.com/wired/story.asp?section=Breaking&storyId=1153463&tw=wn_wire_story>

    * Insurgent attacks kill four US troops in Iraq
      <http://wireservice.wired.com/wired/story.asp?section=Breaking&storyId=1153458&tw=wn_wire_story>



<http://bs.serving-sys.com//BurstingPipe/BurstingInteractionsPipe.asp?interactionsStr=190024%7eUnSpecified%7e0%5e%5feyeblaster%7e0%7e1%7e1&jumpURL=http%3a//www.bestbuy.com/site/olspage.jsp?type=category%26id=pcmcat8400050000%26cmp=JHT14>



        *
        See Also

    * Scientists: Bush Distorts Science </news/technology/0,62339-0.html>
    * Lawbreaker in Chief </news/politics/0,69886-0.html>
    * Furor Grows Over Internet Bugging </news/technology/0,69277-0.html>
    * Anonymity on a Disc </news/technology/0,70017-0.html>
    * 'UnGoogleables' Hide From Search </news/culture/0,68998-0.html>

Commentary by Jennifer Granick </support/feedback.html?headline=How to
Code a
Constitution&story_id=70114&section_path=/columns&ftype=feedback&msg_type=2&aid=1033>|
Also </storylist/1033-0-0.html> by this reporter
02:00 AM Feb, 01, 2006

As Congress considers reauthorization of the USA Patriot Act, we could
really use a few good hackers in the debate.

Hackers already know a lot about how to build a system that works,
whether it's a network or a government. That's because the principles
our legal system employs to protect life and liberty are very similar to
the principles that computer scientists use to design secure systems. We
need hackers right now because -- whether they know it or not -- they
understand democracy.


Circuit Court columnist Jennifer Granick
*Circuit Court*


Take a close look at our nation's current surveillance laws and you'll
see some of the bedrock legal principles of democracy at work. These
include the separation of powers, checks and balances, due process,
burden of proof, transparency and oversight, limited discretion and the
rule of law. Both the Wiretap Act and the Foreign Intelligence
Surveillance Act, or FISA, enlist these principles to make sure that
when the government listens in on our conversations, it does so in
accordance with the values of a free society.

You can compare these legal concepts to the eight principles for
designing secure systems set forth in an article
<http://www.cs.virginia.edu/~evans/cs551/saltzer> by Jerome Saltzer and
Michael Schroeder and discussed in Computer Security: Art and Science
<http://nob.cs.ucdavis.edu/book> by Matt Bishop, where I ran across
them. These principles are:

    * *Separation of privilege:* The protection mechanism should grant
      access based on more than one piece of information.
    * *Least privilege:* The protection mechanism should force every
      process to operate with the minimum privileges needed to perform
      its task.
    * *Open design:* The protection mechanism should not depend on
      attackers being ignorant of its design to succeed. It may,
      however, be based on the attacker's ignorance of specific
      information such as passwords or cipher keys.
    * *Fail-safe defaults:* The protection mechanism should deny access
      by default, and grant access only when explicit permission exists.
    * *Complete mediation:* The protection mechanism should check every
      access to every object.
    * *Economy of mechanism:* The protection mechanism should have a
      simple and small design.
    * *Least common mechanism:* The protection mechanism should be
      shared as little as possible among users.
    * *Psychological acceptability:* The protection mechanism should be
      easy to use (at least as easy as not using it).

Separation of privilege is like the separation of powers coded into the
Constitution. A computer system requires a user name and password; a
surveillance warrant requires executive and judicial examination.

Least privilege resembles the Constitution's enumerated powers or the
surveillance statutes' general prohibition on eavesdropping. The law
broadly prohibits intercepting communications, then specifically defines
limited exceptions to that rule, including probable cause. Just as you
don't need root to do word processing, you don't need to listen in on
everyone's conversations to fight crime.

Open design is analogous to transparency and oversight: If electronic
surveillance is carried out as part of a criminal probe, at some point
the target of the investigation -- and all the people he spoke with who
were eavesdropped upon -- must be told about it. More on point, Congress
and the public know the legal process, and there are strict reporting
requirements, even if the specific information about the wiretap
applications is kept from view.

If, as the Bush administration has recently asserted, our homeland
security hinged on nobody knowing that the government was conducting
warrantless wiretaps, then the program’s benefit was illusory to begin
with. As the old hacker adage puts it, security through obscurity is no
security at all.

We "fail-safe" by denying the government access to our private
communications by default, and granting it in an emergency. In a bigger
sense, we fail-safe by outlawing antisocial behavior, even though we
understand that there may be extenuating circumstances that we consider
on a case-by-case basis. That's why we need a law against torture,
regardless of hypothetical ticking-bomb situations in which some might
justify the practice.

The complete-mediation and least-common-mechanism principals explain why
warrants must specifically define the person to be monitored, and why
there are limits on how collected information can be used. If you're
suspected of a crime, it's not a license for the government to rummage
through all of your belongings or listen to all your phone calls in a
fishing expedition for any wrongdoing whatsoever.

Economy of mechanism does not work in my analogy, because getting
democratic government right is complex -- certainly, running a democracy
is more difficult in some ways than running a dictatorship.
Psychological acceptability, though, plays a key role. The government's
legitimacy comes from its democratic principles, and ultimately it
derives its power from the people it serves.

Hackers understand the protocols for building secure, functional
systems. The law is just another protocol, with similar properties. It
is not something that politicians or lawyers are necessarily any better
at than the average citizen, especially if she's a hacker.

- - -

/Jennifer Granick <http://www.granick.com/blog/> is executive director
of the Stanford Law School Center for Internet and Society
<http://cyberlaw.stanford.edu/>, and teaches the Cyberlaw Clinic
<http://cyberlaw.stanford.edu/about/clinic/>./
 
[Print story] <1,70114-0.html>[E-mail story]
</support/feedback.html?headline=How to Code a
Constitution&story_id=70114&section_path=/columns&ftype=feedback&msg_type=2>*
Page 1* of 1 
------------------------------------------------------------------------
Ads by Google
<http://pagead2.googlesyndication.com/pagead/userfeedback?url=www.wired.com&hl=en&adU=www.innovativesystems.com&adT=Free%20Compliance%20Guide&adU=www.giftssoft.com&adT=GIFTS%20Software%20Inc&adU=www.USAPatriotActCompliance.com&adT=USA%20Patriot%20Act%20Solution&adU=www.safeboot.com&adT=Managed%20HD%20Encryption&done=1>Free
Compliance Guide
The Facts On Patriot Act Section
326 Compliance: Free Download
www.innovativesystems.com
<http://pagead2.googlesyndication.com/pagead/iclk?sa=l&ai=Bd6VyiADiQ8vULq-yaoaZsdgK9_OBC522hY4BwI23AbCYRhABGAEgl9r7ASgESIs5UMTdi7H______wGyAQ13d3cud2lyZWQuY29tyAEB2gEwaHR0cDovL3d3dy53aXJlZC5jb20vbmV3cy9jb2x1bW5zLzEsNzAxMTQtMC5odG1slQJAnxoK&num=1&adurl=http://www.innovativesystems.com/secure/google/padownload_021104.htm&client=ca-lycos_us_wired_below_300x250>
GIFTS Software Inc
Anti-Money Laundering &
OFAC Solutions - Free online demo
www.giftssoft.com
<http://pagead2.googlesyndication.com/pagead/iclk?sa=l&ai=BHiIUiADiQ8vULq-yaoaZsdgKiNmKDryG0KUBwI23AdCh0wwQAhgCIJfa-wEoBEiIOVCum6He_f____8BsgENd3d3LndpcmVkLmNvbcgBAdoBMGh0dHA6Ly93d3cud2lyZWQuY29tL25ld3MvY29sdW1ucy8xLDcwMTE0LTAuaHRtbJUCSZoaCg&num=2&adurl=http://www.giftssoft.com&client=ca-lycos_us_wired_below_300x250>
USA Patriot Act Solution
Complete tracking and reporting for
Patriot Act Section 326. Free Trial
www.USAPatriotActCompliance.com
<http://pagead2.googlesyndication.com/pagead/iclk?sa=l&ai=BHQi3iADiQ8vULq-yaoaZsdgKifKdEfG5mNoBwI23AbCRchADGAMgl9r7ASgESIU5UNSwvav8_____wGgAfmykv8DsgENd3d3LndpcmVkLmNvbcgBAdoBMGh0dHA6Ly93d3cud2lyZWQuY29tL25ld3MvY29sdW1ucy8xLDcwMTE0LTAuaHRtbJUCJ6caCg&num=3&adurl=https://secure.bridgerinsight.choicepoint.com/free-trial.asp%3F%26wt.srch%3D1%26wt.mc_id%3D5DGOOG%26PageTitle%3DUSA+Patriot+Act+Solution.+Try+it+FREE+for+30+days.&client=ca-lycos_us_wired_below_300x250>
Managed HD Encryption
Auditors can't argue w/ total disk
encryption of laptops/PCs/PDA/etc.
www.safeboot.com
<http://pagead2.googlesyndication.com/pagead/iclk?sa=l&ai=BSYaViADiQ8vULq-yaoaZsdgKh6PFCrH_sNoBwI23AaDhZxAEGAQgl9r7ASgESI45UPLd9rP9_____wGyAQ13d3cud2lyZWQuY29tyAEB2gEwaHR0cDovL3d3dy53aXJlZC5jb20vbmV3cy9jb2x1bW5zLzEsNzAxMTQtMC5odG1slQIEpBoK&num=4&adurl=http://www.safeboot.com&client=ca-lycos_us_wired_below_300x250>

 

------------------------------------------------------------------------
*Wired News: * Contact Us </support/feedback.html>	| Advertising
<http://advertising.lycos.com/contactus.html> | Subscribe
<https://w1.buysub.com/servlet/OrdersGateway?cds_mag_code=WIR&cds_page_id=25233&cds_response_key=I5RWWH1>

We are translated daily into Korean <http://wired.daum.net> and Japanese
<http://hotwired.goo.ne.jp>
© Copyright <http://www.lycos.com/lycosinc/legal.html#copy> 2006, Lycos,
Inc. All Rights Reserved. Lycos® is a registered trademark of Carnegie
Mellon University.
Your use of this website constitutes acceptance of the Lycos *Privacy
Policy* <http://www.lycos.com/privacy/> and Terms & Conditions
<http://www.lycos.com/lycosinc/legal_terms.html>