Letters

To The Faculty Newsletter:

Page 7 of the May/June 1998 MIT Faculty Newsletter announces a summer test plan for a faculty bulletin board, describing it as "...a verifiable and totally secure Electronic MIT Faculty Bulletin Board...."

Having been involved in research in computer security for some 35 years, I was very pleased to hear about this breakthrough. Up until your announcement there had been only one known technique for obtaining a totally secure computer system: turn its power off and lock it in a concrete bunker defended by a large army. Unfortunately this prior technique makes the subject computer system somewhat awkward to use. I am eagerly awaiting details on how total security has been achieved for the bulletin board, so that I can explain it to my colleagues who no doubt are wondering how they could have missed such a significant development. You should expect that the United States Defense Department, among others, will also have a great interest in this development.

On a more serious note, I followed up the article's invitation to see other uses of the Web Crossing software by surfing to the Web page listed in the article. One of the bulletin boards listed there – an "MIT community" discussion group – looked interesting, so I tried to sample it. After successfully presenting an acceptable certificate I was presented with a multi-page legal agreement that in itself was a bit of a turn-off, but I went ahead and read it. The farther I read the greater was my disbelief. When I got to the paragraph that asked me to indemnify MIT I was so astonished that I stopped reading. This legal agreement is completely over the top. I would not consider signing it, and I would advise anyone else to read it very carefully, especially the indemnification clause.

Jerry Saltzer
Professor Emeritus, EECS

[Please see related article-ed.]