next up previous
Next: Implications for the legal Up: Trade and Industry Issues Previous: Healthcare experience

Banking experience

This reflects an experience of mine in the mid 1980's where a large client (a bank) centralised its data processing from seven regional centres to one large mainframe. Security management became a nightmare, as the personnel were still managed in seven regional head offices, but access controls were managed at the centre (which involved engaging an extra 30 staff there to manage a user population of 25,000). An enormous volume of messages passed back and forth as staff were hired, moved, promoted and fired; and it was difficult to respond quickly to the several disciplinary dismissals that occurred every week. This lesson learned from this experience is that access controls should be managed where the personnel are; thus while centralised key management may work for government departments, it is unlikely to be a good idea in most of industry, commerce, professional practice or academia.

It might be argued that only confidentiality keys need to be escrowed. Signing keys can then still reflect traditional trust structures (such as medical registration). However, as confidentiality keys should reflect system access privileges, they will be much more complex, diverse and short-lived than signature keys. They will thus be much more intractable from the point of view of managing escrow.

Ross Anderson
Tue Oct 21 11:00:05 BST 1997