Information Management:: On Information Attacks ---------------------- Denial-of-service attacks are unlawful. That is, any non-consensual and malicious or otherwise deliberate attack on computing equipment and software which causes the equipment or software to malfunction, or substantially degrades its utility, is not permitted, provided there is inherently no possible defense which preserves the utility of the system. It is a crime to cause procedures which have the above effect to be embedded in software distributions, media, or otherwise made to propagate. No law can forbid as such, or provide penalties for as such, the gaining of access to, and the use of, facilities or information which is explicitly accessible, on an anonymous or access-controlled basis, from common carrier networks. In making such accesses, the individual is nonetheless firmly bound by the prohibition on denial-of-service attacks, and by the terms enumerated in
. On Failure of Information Processing Infrastructure --------------------------------------------------- Any time the failure of a segment of the state information processing infrastructure impinges on the ability of a decision-making employee of the state to fulfill his responsibilities, and to determine what constitutes lawful conduct, the individual is to exercise his own judgement such that he can reasonably expect his conduct to not result in the abridgement of the rights of others. Provided he exercises his judgement in good will, he cannot be held accountable for any eventualities solely on the basis of that eventuality resulting in some way from his decisions during an information processing failure. Misrepresentation of a properly operating information processing system as malfunctioning, and deliberate causation of malfunction with intent to misrepresent the malfunction as unintentional, are crimes. Language of State Business -------------------------- All state business, including trials, elections, and all state publications, are to be in one single language specified by a national statute. The state cannot provide translations except for witnesses and defendants in trial, for whom it is required to provide translations. No law can impede the right of an individual to be accompanied by a translator. The Open Protocol ----------------- All radio, electronic, and computer protocols that non-state entities are required by law to use in communications with the state must be open and published in full. For all such computer protocols the state must make available an open-source sample implementation. Protocol definitions and sample implementations must be made available with a trivial distribution fee not to exceed an average hour's wage, and are unowned intellectual property. On Transfer and Custody of Documents ------------------------------------ A state employee must not accept any document not bearing the signature of the individual giving him the document. All signatures must be kept with the document, establishing an ostensible chain of custody. Each document signature must certify all the previous signatures, by including them as part of the document. Information Resource Integration Mandate - IRIM ----------------------------------------------- All organizations within the state which maintain a database spanning a substantial portion of any population must integrate their databases. Any access to a database entry which includes information about an individual must be accompanied by immediate notification of the individual that such access has been performed, including the chain of command, by full legal names and affiliations, responsible for its initiation and completion. Database entries are need-to-know only and available only to state agencies. It is a crime to make information from the database available to a non-state entity, directly or indirectly, except that the right of an individual or incorporated entity to access its own database entries in whole or in part, without delay of greater than one hour, must not be infringed. Information Resource Security Mandate - IRSM -------------------------------------------- This section specifies procedures for the handling of information while it is stored or processed by the state, information supplied by the state ro non-state parties, and information supplied to the state by a non-state party, or otherwise generated by a non-state party, pursuant to a pre-existing formal agreement of that party with the state in which provisions for the handling of information are enumerated. Any computing resource within the state is required to be protected as follows: 1) Except for anonymous retrieve-only access to information designated "published" in this document, all access must be predicated upon the cryptographically secure authentication of the accessor, by uniqueified name, which must be recorded. 2) All classified and personal data must be encrypted in storage, in such a manner that only those with a need to know can decrypt the data. 3) All data must be encrypted in transit. 4) All data must be replicated in electromagnetically impervious media which is stored in a secure building separate from the primary storage facility for the data, and at least 100 miles distant. Media replication must be performed at least once per week, and can be done in an interval, i.e."delta," fashion. 5) Confidential data can not be accessed with an apparatus which emits radiation which permits eavesdropping. 6) When confidential data is being accessed, authentication must be performed with a personal portable authentication/cipher engine (e.g. smart card) and authorization must expire within one hour of initialization. 7) No information can be discarded - a record of all data and accesses must be maintained in at least one place in perpetuity. The following is from to-do, collected and moved here because the section is grossly impoverished without it. The justices of the xxxxx Any encrypted information generated within or supplied to the state must include an encapsulation of the decryption key which is usable must specify a key split escrow system for all state documents. IRSM archiving should include a central archive for each unit of state. central archives must be coordinated to implement strategically dispersed replication. each unit of state must have a unique identifier. each document within a unit of state must have a security classification, and an identifier unique and indefinitely non-recurring within that unit of state. individual accountability for classification of information, review at intervals requiring positive accountable reclassification. need to explain that classification as described in this document is confined to state business, and people operating within or on behalf of the state. need to specify procedure for security clearances. who is eligible to apply, what the general standards are for each level. elsewhere, the levels of security classification must be enumerated, with their general meanings stated. called a security context. an individual's security clearance profile must be published. The generic security contexts, with their corresponding abbreviatory tokens, are: -public (P) -official use only (O) The specific security contexts, with their corresponding abbreviatory tokens, are: -law enforcement secret (L) -personal secret (Q) -military secret (M) -diplomatic secret (D)696 1494 the context modifiers are, with their corresponding abbreviatory tokens, are: -mission-critical (C) -sensitive (S) Specific contexts can be compounded to protect information with complex sensitivities. Any context can be compounded with C signifying extra measures to assure data survival. The C token must be followed by an index digit between zero and nine specifying more precisely what procedures are required to assure data survival. An individual has a need-to-know regarding an item, if he is a thresholded legislator in the unit of state that has custody of the item or in a containing unit of state, or if effective implementation of an order lawfully issued to him in the course of state business requires access to the item. All specific contexts are strictly need-to-know and can be compounded with S signifying that the document must be confined to secure hardware and environments as specified by law. Specific context tokens must be followed by an index digit between zero and nine signifying more precisely the sensitivity of the information within the domain of that specifier or modifier. The handling requirements associated with a particular index digit used as a specific context qualifier must be uniform across the entirety of the state at all levels, regardless of the specific context it qualifies. These handling requirements must be promulgated by the national legislature, and cannot include particular requirements on who is supplied with information. A document is accessible only to people who are cleared for at least the specified index for each context specifier given, and then only on a need-to-know basis. all public documents are anonymously available. all official use only documents are available on a non-anonymous basis to all individuals who have entered an appropriate contract of non-disclosure with the state. all non-public non-personal documents, are automatically made public 25 years after their initial creation (though they can be made public more quickly, at the discretion of responsible personnel, and according to court order), with the following exceptions: 1) technical plans for nuclear, biological, and chemical weapons, must remain sensitive military secret in perpetuity. 2) technical plans for major machines of war, such as submarines, aircraft, tanks, missiles, and high power beam weapons, can be maintained at their initial classification at the discretion of responsible military personnel. 3) at the discretion of responsible military personnel, technical plans for any other weaponry or armor whose use is directed under actual combat or other non-exercise conditions by current tactical or operational procedures, can be maintained at their initial level of classification until use of that equipment is no longer so directed. 4) information whose dissemination would endanger a particular living individual must remain at its initial level of classification, or a more restrictive one, until after that individual has died, or until that individual has lawfully reviewed the information at issue and concluded that declassification is acceptable to him. 5) any information that describes tactical and operational aspects of current and continuing operations by the military branch, specifically the current location and distribution of materiel, installations, and personnel, can remain classified at the discretion of responsible military personnel. gradations within named classification levels, a simple 0 to 9 scale 9 being the most sensitive, with practical definitions of the meaning of each. continuance of classification can only be by a hierarchical superior - the idea is that after, say, the initial year of classification, an item is declassified unless someone above the classifying agent continues the classification. then at intervals of (say) a year thereafter this continues up the hierarchy, except that the president of the investigative branch can continue classifications indefinitely according to law. need a FOIA-like framework. a unit of state must provide all information in its records about an individual, to that individual, within one week of a request, except that it must withhold information as necessitated by security clearance and contexts. a fee of up to an average hour's wage can be charged for the information. the individual must be in the state identity database, and the identity of the individual must be confirmed cryptographically. for one week after it is entered, and except as precluded by security classification and contexts, any new information in a state database about an individual must be retrievable by that individual without fee. the state must offer a subscription service, by which an individual can specify a method whereby he can be notified when new information is entered, and how it can be retrieved. an individual always has a "need to know" about information about himself. if his security clearance is sufficiently high, he must be allowed access to the information, subject to specified handling constraints. more details on access by justices and legislators to classified information. security clearances of justices it is a vital national security interest that the computing and communications infrastructure upon which the economy and state business rely be maximally impervious to passive (information-gathering) and active (corruption of data, usurpation of authority, denial of service, electromagnetic destruction), attack. however, doing so almost invariably conflicts with short term market forces. thus the state must be endowed with the authority necessary to assure this readiness without regard for short term market forces. standards for EMP/HIRF hardening, compromising radiation (Van Eck), and security (cryptographic privacy and verification of identity and integrity) are specified generally as follows. all equipment used to process classified information, and all equipment used to comply with legal requirements or legally bind an agreement, must meet a standard appropriate for the application. full source code for any software that is a component of this equipment must be published (with full copyright protection if desired). particularly, communications equipment used in interactions with or by the state, and equipment used to verify licenses, pay use fees (for highway travel, for example), or sign documents in a legally binding manner, must be hardened, Tempestified, and secure. equipment used in processing money must be hardened, Tempestified, and secure, and source code for software that is a component of this equipment must be published (with full copyright protection if desired). embedded computers or communications systems in non-recreational machinery not known principally as a computing or communications device must be hardened, Tempestified, and secure. non-recreational machinery includes but is not limited to all equipment used in earthmoving operations, construction operations, military operations, vehicular transportation including automobiles, airplanes, powered and unpowered boats, and trains, and all industrial systems including those used in generation and distribution of electrical power, fluid pumping, processing, and distribution, factories, and mines. computing and communications devices and systems whose proper operation is necessary for the proper operation of non-recreational machinery must be hardened, Tempestified, and secure. all equipment covered by this section must undergo a battery of tests in which the equipment's compliance with the above requirements is verified before it can be used in the roles described in this section. The state reserves the right to require any contractor to adhere to the IRSM if it is clearly determined that the contractor is important to national communication, financial, transportation, agricultural, or manufacturing infrastructure. Human Identification Infrastructure ----------------------------------- No law can require that an individual carry any external form of physical identification, bear any artificial identifying marks, or carry internally, through surgical modification or otherwise, any artificial device or marking substance, except that a state soldier can be required to carry such identification only while he is a state soldier. All residents can choose to enter a unified state database of identities. Voting, entering contracts recognized in state courts, holding of a state license or entering contracts with the state, purchase of dangerous devices and substances (as enumerated in this document), and any other commerce or conduct which the state is authorized to track (as enumerated in this document), requires being in this database. No other rights protected by the state or privileges granted by the state can be predicated upon being in this database. Each database entry has a unique, identifying number, a name of the individual's choice (typically the name their parents gave them at birth), and a cryptographic key set associated with it which is used exclusively for the signing of documents (and not for privacy protection). Compelling an individual through any means to commit forgery with, or reveal the secret portion of, this key set, is a serious crime. Use of another person's secret keys under any circumstances is a serious crime. The voluntary surrender of one's secret keys is a serious crime. Only an individual who has been convicted of a serious crime can be required to enter himself in the database. Such an individual must be so required. Only an individual who has been convicted of a destructive or biological crime can be required to submit to biometric measurements, the results of which must be entered into the database. Such an individual must be so required. Biometric information cannot be required by law of anyone who has not been convicted of a destructive or biological crime, and biometric measurements of individuals who have not been so convicted cannot be entered into the database. Photographs or other visual renderings of a person constitute biometric measurements. The state maintains an anonymously accessed database which maps identities to a list of revocations and suspensions. The theft of an identity (compromise of a private key) is announced as an identity revocation in this database. The validity of an identity or a license is confirmed with a single access to the suspension/revocation database. An identity or license is pre-validated by authenticating the state-generated signature on the identity public key, and if validating a license, the state- generated signature on the license presented by the licensee. Then the individual's entry from the suspension/revocation database is retrieved. The license or identity is fully validated if and only if pre-validation was successful, no identity revocation is listed for the identity presented by the individual, and if validating a license, no suspension or revocation is listed which invalidates the license presented by the individual. All suspension/revocation entries must include the nature, time, and place of the crime or event which prompted the suspension/revocation. No record can be kept of accesses to the database, except as necessary for protection from denial of service attacks. State Secrets ------------- Information whose disclosure can reasonably be expected to have a significant adverse effect on the physical national defense and defense readiness can be kept secret. Information about private individuals and incorporated entities must be guarded as detailed in . Trade secrets made available to the state by private parties in the course of contract fulfillment must be protected as detailed in . All information stored by the state that does not meet these criteria must be published in a conveniently and multiply indexed electronic library and thereby made available to the general public. All state-owned and state-operated facilities must be publicly catalogued with a POC and the controlling unit(s) of state and department(s) thereof. The specific location, purpose, contents, and budgetting of a facility can be secret though. strictly subject to his security clearance, a supreme court justice of a unit of state that controls a facility in whole or in part can visit any portion of that facility any time the facility is open for business, without advance arrangement, and cannot be delayed in gaining access to facilities or personnel, except insofar as the normal, chartered operation of the facility can render facilities or personnel unavoidably but temporarily inaccessible as dictated by the technology in use, and as explained specifically to the visiting justice. He can ask any employee any question regarding that employee's official activities, and he can make audiovisual recordings of anything he encounters, strictly subject to the security context requirements of the facilities and information thus recorded.