MHonArc v2.5.0b2 -->
emergency message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [emergency] Identity and Authority ( was RE: CAPVisualization...)
At 12:17 PM -0700 5/20/04, Kon Wilms wrote:
>Do we really want the hackers and script kiddies sending biological
>alerts, or the old lady sending a 'cat stuck in my tree' CAP alert? :)
My practical concern isn't whether a message comes from a hacker or a
bureaucrat or Homer Simpson... what I really care about is whether
it's accurate. We tend to draw an inference from source to
accuracy... and usually it's right but sometimes it turns out to be
sadly mistaken. Besides, while a hacker might be a dubious source
for a bio-terror alert, she might be a first-rate source for a
cyber-attack warning.
The cat in the tree illustrates another dimension to the problem. It
probably wouldn't be appropriate for city-wide or nation-wide
broadcast, but it might be perfectly appropriate to a residential
community-watch network. (Plus the SPCA might like to know about it,
even all the way across town.)
So again... being able to tell where the message comes from,
reliably, is necessary but not sufficient. We also need to be able
to assess the credibility of reports, based partly (but perhaps not
solely) on the reputation and standing of the source... while
understanding that we may not always know a-priori who every source
is. We also need to be able to filter message flows (or provide
enough bandwidth) so that low-level cat-sightings don't become
problematic... while remembering that necessity is ultimately in the
eyes of the recipient.
I guess what I'm saying boils down to the old Internet dictum: "We
should resist the temptation to standardize what we don't yet
understand." CAP can be used in a lot of contexts and a lot of ways;
we can certainly devise systems that use it effectively, but we
should beware of trying to impose one application's requirements on
other implementations.
>There at least has to be one level of human filtering of the alert if it
>comes from a source other than the defined 'chain of command'.
Again, that depends on the particular system we're talking about. In
most cases, I'm afraid that the closer you come to that "chain of
command" the more you'll realize that it's not all that well defined
after all... especially for unusual events that tend to fall between
the chairs of routine jurisdiction.
There's a strong and understandable desire among vendors to use
government as a sort of "liability circuit-breaker" but... especially
in a time of shrinking government budgets... we may want to be
careful about turning officialdom into a single point of failure for
alerting.
- Art
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]