All sections - Chapter Information Management

Information Management::


On Information Attacks
----------------------
Denial-of-service attacks are unlawful.  That is, any non-consensual
and malicious or otherwise deliberate attack on computing equipment
and software which causes the equipment or software to malfunction, or
substantially degrades its utility, is not permitted, provided there
is inherently no possible defense which preserves the utility of the
system.  It is a crime to cause procedures which have the above effect
to be embedded in software distributions, media, or otherwise made to
propagate.

No law can forbid as such, or provide penalties for as such, the
gaining of access to, and the use of, facilities or information which
is explicitly accessible, on an anonymous or access-controlled basis,
from common carrier networks.  In making such accesses, the individual
is nonetheless firmly bound by the prohibition on denial-of-service
attacks, and by the terms enumerated in .

On Failure of Information Processing Infrastructure
---------------------------------------------------
Any time the failure of a segment of the state information processing
infrastructure impinges on the ability of a decision-making employee
of the state to fulfill his responsibilities, and to determine what
constitutes lawful conduct, the individual is to exercise his own
judgement such that he can reasonably expect his conduct to not result
in the abridgement of the rights of others.  Provided he exercises his
judgement in good will, he cannot be held accountable for any
eventualities solely on the basis of that eventuality resulting in
some way from his decisions during an information processing failure.

Misrepresentation of a properly operating information processing
system as malfunctioning, and deliberate causation of malfunction with
intent to misrepresent the malfunction as unintentional, are crimes.

Language of State Business
--------------------------
All state business, including trials, elections, and all state
publications, are to be in one single language specified by a national
statute.  The state cannot provide translations except for witnesses
and defendants in trial, for whom it is required to provide
translations.  No law can impede the right of an individual to be
accompanied by a translator.

The Open Protocol
-----------------
All radio, electronic, and computer protocols that non-state entities
are required by law to use in communications with the state must be
open and published in full.  For all such computer protocols the state
must make available an open-source sample implementation.  Protocol
definitions and sample implementations must be made available with a
trivial distribution fee not to exceed an average hour's wage, and are
unowned intellectual property.

On Transfer and Custody of Documents
------------------------------------
A state employee must not accept any document not bearing the
signature of the individual giving him the document.  All signatures
must be kept with the document, establishing an ostensible chain of
custody.  Each document signature must certify all the previous
signatures, by including them as part of the document.

Information Resource Integration Mandate - IRIM
-----------------------------------------------
All organizations within the state which maintain a database spanning
a substantial portion of any population must integrate their
databases.
Any access to a database entry which includes information about an
individual must be accompanied by immediate notification of the
individual that such access has been performed, including the chain of
command, by full legal names and affiliations, responsible for its
initiation and completion.  Database entries are need-to-know only and
available only to state agencies.  It is a crime to make information
from the database available to a non-state entity, directly or
indirectly, except that the right of an individual or incorporated
entity to access its own database entries in whole or in part, without
delay of greater than one hour, must not be infringed.

Information Resource Security Mandate - IRSM
--------------------------------------------
This section specifies procedures for the handling of information
while it is stored or processed by the state, information supplied by
the state ro non-state parties, and information supplied to the state
by a non-state party, or otherwise generated by a non-state party,
pursuant to a pre-existing formal agreement of that party with the
state in which provisions for the handling of information are
enumerated.

Any computing resource within the state is required to be protected as
follows: 1) Except for anonymous retrieve-only access to information
designated "published" in this document, all access must be predicated
upon the cryptographically secure authentication of the accessor, by
uniqueified name, which must be recorded.  2) All classified and
personal data must be encrypted in storage, in such a manner that only
those with a need to know can decrypt the data.  3) All data must be
encrypted in transit.  4) All data must be replicated in
electromagnetically impervious media which is stored in a secure
building separate from the primary storage facility for the data, and
at least 100 miles distant.  Media replication must be performed at
least once per week, and can be done in an interval, i.e."delta,"
fashion.  5) Confidential data can not be accessed with an apparatus
which emits radiation which permits eavesdropping.  6) When
confidential data is being accessed, authentication must be performed
with a personal portable authentication/cipher engine (e.g. smart
card) and authorization must expire within one hour of initialization.
7) No information can be discarded - a record of all data and accesses
must be maintained in at least one place in perpetuity.

The following is from to-do, collected and moved here because the
section is grossly impoverished without it.

The justices of the xxxxx

Any encrypted information generated within or supplied to the state
must include an encapsulation of the decryption key which is usable 

must specify a key split escrow system for all state documents.  IRSM
archiving should include a central archive for each unit of state.
central archives must be coordinated to implement strategically
dispersed replication.

each unit of state must have a unique identifier.  each document
within a unit of state must have a security classification, and an
identifier unique and indefinitely non-recurring within that unit of
state.

individual accountability for classification of information,
review at intervals requiring positive accountable reclassification.

need to explain that classification as described in this document is
confined to state business, and people operating within or on behalf
of the state.

need to specify procedure for security clearances.  who is eligible
to apply, what the general standards are for each level.  elsewhere,
the levels of security classification must be enumerated, with their
general meanings stated.  called a security context.  

an individual's security clearance profile must be published.

The generic security contexts, with their corresponding abbreviatory tokens, are:
 -public (P)
 -official use only (O)

The specific security contexts, with their corresponding abbreviatory tokens, are:
 -law enforcement secret (L)
 -personal secret (Q)
 -military secret (M)
 -diplomatic secret (D)696 1494

the context modifiers are, with their corresponding abbreviatory tokens, are:
 -mission-critical (C)
 -sensitive (S)

Specific contexts can be compounded to protect information with complex
sensitivities.

Any context can be compounded with C signifying extra measures to
assure data survival.  The C token must be followed by an index digit
between zero and nine specifying more precisely what procedures are
required to assure data survival.

An individual has a need-to-know regarding an item, if he is a
thresholded legislator in the unit of state that has custody of the
item or in a containing unit of state, or if effective implementation
of an order lawfully issued to him in the course of state business
requires access to the item.

All specific contexts are strictly need-to-know and can be compounded
with S signifying that the document must be confined to secure
hardware and environments as specified by law.

Specific context tokens must be followed by an index digit between
zero and nine signifying more precisely the sensitivity of the
information within the domain of that specifier or modifier.

The handling requirements associated with a particular index digit
used as a specific context qualifier must be uniform across the
entirety of the state at all levels, regardless of the specific
context it qualifies.  These handling requirements must be promulgated
by the national legislature, and cannot include particular
requirements on who is supplied with information.

A document is accessible only to people who are cleared for at least
the specified index for each context specifier given, and then only on
a need-to-know basis.

all public
documents are anonymously available.  all
official use only documents are available on a non-anonymous basis to
all individuals who have entered an appropriate contract of
non-disclosure with the state.  all
non-public non-personal
documents, are automatically made public 25 years after their initial
creation (though they can be made public more quickly, at the
discretion of responsible personnel, and according to court order),
with the following exceptions: 1) technical plans for nuclear,
biological, and chemical weapons, must remain sensitive military
secret in perpetuity.  2) technical plans for major machines of war,
such as submarines, aircraft, tanks, missiles, and high power beam
weapons, can be maintained at their initial classification at the
discretion of responsible military personnel.  3) at the discretion of
responsible military personnel, technical plans for any other weaponry
or armor whose use is directed under actual combat or other
non-exercise conditions by current tactical or operational procedures,
can be maintained at their initial level of classification until use
of that equipment is no longer so directed.  4) information whose
dissemination would endanger a particular living individual must
remain at its initial level of classification, or a more restrictive
one, until after that individual has died, or until that individual
has lawfully reviewed the information at issue and concluded that
declassification is acceptable to him.  5) any information that
describes tactical and operational aspects of current and continuing
operations by the military branch, specifically the current location
and distribution of materiel, installations, and personnel, can remain
classified at the discretion of responsible military personnel.

gradations within named classification levels, a
simple 0 to 9 scale 9 being the most sensitive, with practical
definitions of the meaning of each.

continuance of classification can only be by a hierarchical superior -
the idea is that after, say, the initial year of classification, an
item is declassified unless someone above the classifying agent
continues the classification.  then at intervals of (say) a year
thereafter this continues up the hierarchy, except that the president
of the investigative branch can continue classifications indefinitely according to law.

need a FOIA-like framework.

a unit of state must provide all information in its records about an
individual, to that individual, within one week of a request, except
that it must withhold information as necessitated by security
clearance and contexts.  a fee of up to an average hour's wage can be
charged for the information.  the individual must be in the state
identity database, and the identity of the individual must be
confirmed cryptographically.

for one week after it is entered, and except as precluded by security
classification and contexts, any new information in a state database
about an individual must be retrievable by that individual without
fee.  the state must offer a subscription service, by which an
individual can specify a method whereby he can be notified when new
information is entered, and how it can be retrieved.

an individual always has a "need to know" about information about
himself.  if his security clearance is sufficiently high, he must be
allowed access to the information, subject to specified handling
constraints.

more details on access by justices and legislators to classified
information.

security clearances of justices

it is a vital national security interest that the computing and
communications infrastructure upon which the economy and state
business rely be maximally impervious to passive
(information-gathering) and active (corruption of data, usurpation of
authority, denial of service, electromagnetic destruction), attack.
however, doing so almost invariably conflicts with short term market
forces.  thus the state must be endowed with the authority necessary
to assure this readiness without regard for short term market forces.

standards for EMP/HIRF hardening, compromising radiation (Van Eck),
and security (cryptographic privacy and verification of identity and
integrity) are specified generally as follows.  all equipment used to
process classified information, and all equipment used to comply with
legal requirements or legally bind an agreement, must meet a standard
appropriate for the application.  full source code for any software
that is a component of this equipment must be published (with full
copyright protection if desired).  particularly, communications
equipment used in interactions with or by the state, and equipment
used to verify licenses, pay use fees (for highway travel, for
example), or sign documents in a legally binding manner, must be
hardened, Tempestified, and secure.

equipment used in processing money must be hardened, Tempestified, and
secure, and source code for software that is a component of this
equipment must be published (with full copyright protection if
desired).

embedded computers or communications systems in non-recreational
machinery not known principally as a computing or communications
device must be hardened, Tempestified, and secure.  non-recreational
machinery includes but is not limited to all equipment used in
earthmoving operations, construction operations, military operations,
vehicular transportation including automobiles, airplanes, powered and
unpowered boats, and trains, and all industrial systems including
those used in generation and distribution of electrical power, fluid
pumping, processing, and distribution, factories, and mines.
computing and communications devices and systems whose proper
operation is necessary for the proper operation of non-recreational
machinery must be hardened, Tempestified, and secure.

all equipment covered by this section must undergo a battery of tests
in which the equipment's compliance with the above requirements is
verified before it can be used in the roles described in this section.

The state reserves the right to require any contractor to adhere
to the IRSM if it is clearly determined that the contractor is important
to national communication, financial, transportation, agricultural,
or manufacturing infrastructure.

Human Identification Infrastructure
-----------------------------------
No law can require that an individual carry any external form of
physical identification, bear any artificial identifying marks, or
carry internally, through surgical modification or otherwise, any
artificial device or marking substance, except that a state soldier
can be required to carry such identification only while he is a state
soldier.

All residents can choose to enter a unified state database of
identities.  Voting, entering contracts recognized in state courts,
holding of a state license or entering contracts with the state,
purchase of dangerous devices and substances (as enumerated in this
document), and any other commerce or conduct which the state is
authorized to track (as enumerated in this document), requires being
in this database.  No other rights protected by the state or
privileges granted by the state can be predicated upon being in this
database.

Each database entry has a unique, identifying number, a name of the
individual's choice (typically the name their parents gave them at
birth), and a cryptographic key set associated with it which is used
exclusively for the signing of documents (and not for privacy
protection).  Compelling an individual through any means to commit
forgery with, or reveal the secret portion of, this key set, is a
serious crime.  Use of another person's secret keys under any
circumstances is a serious crime.  The voluntary surrender of one's
secret keys is a serious crime.

Only an individual who has been convicted of a serious crime can be
required to enter himself in the database.  Such an individual must be
so required.

Only an individual who has been convicted of a destructive or
biological crime can be required to submit to biometric measurements,
the results of which must be entered into the database.  Such an
individual must be so required.  Biometric information cannot be
required by law of anyone who has not been convicted of a destructive
or biological crime, and biometric measurements of individuals who
have not been so convicted cannot be entered into the database.

Photographs or other visual renderings of a person constitute
biometric measurements.

The state maintains an anonymously accessed database which maps
identities to a list of revocations and suspensions.  The theft of an
identity (compromise of a private key) is announced as an identity
revocation in this database.

The validity of an identity or a license is confirmed with a single
access to the suspension/revocation database.  An identity or license
is pre-validated by authenticating the state-generated signature on
the identity public key, and if validating a license, the state-
generated signature on the license presented by the licensee.  Then
the individual's entry from the suspension/revocation database is
retrieved.  The license or identity is fully validated if and only if
pre-validation was successful, no identity revocation is listed for
the identity presented by the individual, and if validating a license,
no suspension or revocation is listed which invalidates the license
presented by the individual.

All suspension/revocation entries must include the nature, time, and
place of the crime or event which prompted the suspension/revocation.
No record can be kept of accesses to the database, except as necessary
for protection from denial of service attacks.

State Secrets
-------------
Information whose disclosure can reasonably be expected to have a
significant adverse effect on the physical national defense and
defense readiness can be kept secret.  Information about private
individuals and incorporated entities must be guarded as detailed in
.  Trade secrets made available to the state by
private parties in the course of contract fulfillment must be
protected as detailed in .  All
information stored by the state that does not meet these criteria must
be published in a conveniently and multiply indexed electronic library
and thereby made available to the general public.

All state-owned and state-operated facilities must be publicly
catalogued with a POC and the controlling unit(s) of state and
department(s) thereof.  The specific location, purpose, contents, and
budgetting of a facility can be secret though.

strictly subject to his security clearance, a supreme court justice of
a unit of state that controls a facility in whole or in part can visit
any portion of that facility any time the facility is open for
business, without advance arrangement, and cannot be delayed in
gaining access to facilities or personnel, except insofar as the
normal, chartered operation of the facility can render facilities or
personnel unavoidably but temporarily inaccessible as dictated by the
technology in use, and as explained specifically to the visiting
justice.  He can ask any employee any question regarding that
employee's official activities, and he can make audiovisual recordings
of anything he encounters, strictly subject to the security context
requirements of the facilities and information thus recorded.