Friday, September 17, 2010

Whitelisting and Blacklisting

In the field of computer security, we have the concepts of whitelisting and blacklisting. When deciding whether to accept data from an untrusted source, we have to figure out a way to determine whether the data is safe or not. There are two ways to do this: We can make a list of all the unsafe data, and reject it when we recognize it, or we can make a list of all the safe data, and reject everything else. Which approach to take depends on the kind of problems we are trying to solve, and which list is more manageable.

A whitelist is like a guest list. If you're having a party, you don't list everyone in the world who is not allowed -- a blacklist isn't feasible -- rather, you make a list of the people you want to attend.

Firewalls work on the whitelist principle. No service requests are allowed except for services we know are safe. Virus scanners work on the blacklist principle. They scan all files, looking for characteristics that are on the blacklist. Blacklists are usually difficult to maintain, and even if they're up to date, it is possible to miss a heretofore unrecognized new threat. That's why virus scanners constantly have to update their profiles at great expense, and even then, some viruses get through.

Which brings us to the constitutional principle of enumerated powers. James Madison, the constitution's primary architect, recognized that our rights come from nature, not from government, and that listing all of them is not feasible. Madison also realized that power is dangerous, and government is risky. Therefore, his design provided for a whitelist: the enumerated powers -- about 26 in all. These are the few powers that We the People agreed to cede to government to exercise on our behalf. Everything else is off limits.

When it came time to ratify the Constitution, the states were concerned about the federal government usurping their sovereignty. Some people were concerned about specific rights. It is apparent that these people did not fully understand the principle of whitelisting, and they were demanding a blacklist: The Bill of Rights ("congress shall make no law..."). Madison at first resisted this lobby, because it was contrary to his vision for the Constitution. He was concerned that people would concentrate on the blacklist, and ignore the whitelist. He eventually relented. Even so, the last two articles in the Bill of Rights, the ninth and tenth amendments, still attempt to whitelist government power:

Amendment IX
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Amendment X
The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
Now, 223 years later, we find our government completely oblivious to Madison's principle of enumerated powers, and We the People are fighting just to defend the scraps remaining in the Bill of Rights.

James Madison was bloody well right!

No comments :

Post a Comment

This is a moderated forum. Please try to avoid ad-hominem attacks and gratuitous profanity. Justifiable profanity may be tolerated.

I am sorry, but due to the un-manageable volume of spam comments, I have enabled the scrambled word verification. I apologize for the inconvenience.