Thursday, February 24, 2005

Guarding the Guards

Quis custodiet ipsos custodes? - Who will guard the guards themselves? (Juvenal, VI 347-8)

Bruce Schneier picks up a story about a dishonest security firm at San Francisco International Airport. (San Francisco Chronicle, Feb 22nd. Via Adam and Ramparts.) Bruce comments (Feb 24):

All security systems require trusted people: people that must be trusted in order for the security to work. If the trusted people turn out not to be trustworthy, security fails.

In other words, there is nobody to guard the guards. It sounds as if he is assuming a hierarchical trust structure, with the security guards at the top. If we cannot place absolute trust in the security guards, then security collapses like a house of cards.

He is also assuming that anyone cares. (Many people believe that airport security is just for show anyway, so perhaps it doesn't really matter if the security firm cheats on the tests. Anyway, it's not cheating, it's just a false positive.)

But of course there are alternatives to hierarchical trust. With network trust, we may design systems that do not have a single point of failure; with authentic trust, we may build alternative fail-safe mechanisms. There was whistle-blowing by a former employee. At least we found out eventually - surely better than nothing.

Juvenal's question is often interpreted rhetorically - our only choice is to allow the guards to guard themselves - and therefore fatalistically. But it can also be interpreted pragmatically - how specifically can we keep the guards under proper supervision - and therefore realistically.

Update July 2005

Chandler Howell posts an answer to Juvenal's question on the NotBadForACubicle blog. He refers to a computer-based tracking system, based on data mining technology. This apparently displaces the trust onto some computer solution. But as Chandler points out, the effectiveness of this solution depends not on the technology alone, but on a larger (sociotechnical) change whereby (thanks to training and other measures) the computer-based tracking appears to becomes part of the self-discipline of the guards themselves.

A computer-based tracking system may indeed contribute to broader governance of guards. But who will operate and interpret the system? Is it possible to take up the role of guarding the guards without oneself becoming a Guard (and adopting the behaviour and mindset that characterizes guards)?