Blayne Sucks

There’s a principle in computer security that is the basis of access control as we know it. This principle is called The Principle of Least Privilege. The idea is that you should only provide the minimum amount of rights needed for someone to do the things they need to do. For example, an account for a computer user who merely needs to browse the web and send emails shouldn’t also include rights to do things like install or remove programs.

Key to this principle is the concept of a “root” owner of rights who is able to determine who deserves to have what rights. With a computer, that “root” owner is the administrator account, but there is a political mirror to this principle. In a police state or dictatorship, the “root” owner of all rights is the State which can pretty much distribute rights however they wish. In a democracy, the root owner of all rights is the citizenry who elects politicians to create, enforce and maintain a legal system that dispenses these rights.

The citizens of a democracy must continually verify that the distribution of rights is proper. Recently, a story was posted on Slashdot about someone doing just that. I encourage you to read the details about this because it demonstrates exactly the kind of thought process that has been abandoned by many citizens for the sake of convenience.

I don’t want to get into anything overly political, so I won’t comment further. However, I do hope that you’ll at least consider this man’s situation. Ask yourself a few questions about the division of rights in this scenario. Do you feel that the Principle of Least Privilege has been violated? Consider similar situations, such as producing a driver’s license or other ID to board an airplane. For example, should you have to display an ID to fly?

[Edited to add: A friend of mine pointed out a similar story about a trip to Best Buy.]