January 1, 2016

Asterix on Information Security

By  Uncategorized  0 Comments

The social commentary of Asterix comic books completely eluded me when I was a child. Reading the newest volume, “Le Papyrus de César”, I was surprised to find the authors directly addressing information security issues (Confidentiality, Integrity, and Availability) in no uncertain terms.

Spoiler alert: If you have not yet read this new volume, be warned that I talk of things that you might prefer to discover for yourself.

Bigdatha makes off with one copy of César’s memoirs that still has the undesirable part in it. As much as Promoplus might want to destroy every last copy of these scrolls, big data poses an inherent risk that you might not be able to control every last copy of the data or what is done with it. The Roman guards, which I think of as the Data Leakage Protection solution that might have been deployed, had whitelisted Bigdatha since they were told that Bigdatha is “one of theirs” and that compensating controls were in place. As a mute, it was not supposed to be possible for him to leak information.

 

 

A pigeon, who is traveling with the sensitive information, tries to evade capture (by a hawk) but is physically intercepted when it flies into the mast of the pirate ship. The authors muse how this is pirating information. It also speaks to the ease with which traffic can be physically intercepted and the importance of encryption and stateful connections. The medium over which you transmit does not inherently secure the data you transmit and this applies equally to RFC 1149, “Standard for the Transmission of IP Datagrams on Avian Carriers”.

 

 

The legionnaire Antivirus is tasked with protecting the garrison’s pigeonnier. This speaks clearly to the need of protecting incoming messages – whether you make a parable with email or deep packet inspection. You might have very strong perimeter defenses but you still need to protect your users’ communication with the outside world.

The Druid of the village determines that it is in the interest of the village to conserve forever the knowledge of the scrolls. This is a parable of the dangers of the Internet: what is on the network can never be removed. As seen from the Druid’s perspective, this might be a desirable feature, but César will surely disagree, given that he never authorized the release of the information. Compare this to the struggle of the various leakers (Snowden, Manning, et al) who allowed for information to be published which the public might consider important but which the owners/authors might wish to keep away from said public. Perhaps you could even compare the druid Archéoptérix with the likes of Cryptome or Wikileaks that act as enablers for the internet to become an immutable repository of information.

 

The Irony of it All

The hardest part of this article was not so much spending the time writing it – after all, it’s just a couple of quick observations about a comic book. The hardest part was determining if I would be authorized to reproduce the copyrighted works of Asterix. Whilst American copyright law appears to have carved out provisions for fair use for citing and reproducing copyrighted works for the purpose of research, critical commentary, etc., French law specifically excludes comics from such fair use provisions. This article was posted to the web platform of an american company hosting their infrastructure on american soil. So the case could be made that I am subject to american copyright law. However, as I reside in France, perhaps it is this fact that will become decisive in the determination of jurisdiction. So perhaps I should be ghost writing this for a blogger who is physically in the US. How would Asterix’s publisher feel about a digitized version of their latest edition being available free of charge to anyone who desires it from your local Druid?

 

Ironic how Goscinny and Uderzo are shown to hear of these stories from a Druid and who would later come to publish a successful comic book series, “Asterix”.