12 Responses to “The Superhero Registration Act’s Fatal Flaw”

1. Kevin Bahrt Posted: May 14th, 2008 at 4:23 pm

   1 Because I like a challenge in problem solving, I will try to think up ways to protect the registration computer. No net link, meaning there is no way to hack a computer remotely due to the fact that it isn’t hooked up to a network so the computer can’t be hacked remotely, like in Mission Impossible, you would have to be physically present. This would not stop the Dr Doom or any of the other heavy hitters who could walk in though. A couple of supers could be used to guard said database 24-7, some with detection abilities and the only way to access the database would be a direct order from congress that has been issued by the majority of congress and voted on in view of the team on guard. The database could be rigged with explosives so that as a last resort it could be destroyed to prevent capture, this would prevent blackmail of some of the most powerful people on earth (very bad thing) and I’m sure congress members know all about being blackmailed. Punisher effect fear. How many of those hero’s do you think would cross the line to protect their families? If you push some one too hard it won’t end well. There is always the fear that someone that’s very powerful might get pushed to far. Imagine if Ironman or Spiderman wasn’t afraid to kill his opponent.

2. Morlun Posted: May 14th, 2008 at 7:05 pm

   2 All those reasons you listed are exactly why it became a civil war and not just a policy change.

3. BAMikeyD Posted: May 14th, 2008 at 10:42 pm

   3 Also, you’d have to find some one who could match Tony’s intelligence with the remote system any way. I’m pretty sure some one with Stark’s intense brain power could find a way to block most script kiddies. Plus with all the super computer stuff in the comic world, they could block that shit pretty easy. Plus I’m sure there is a SUPER NERD with the power of Information Protection or something any way … Plus… It’s a comic.

4. BAMikeyD Posted: May 14th, 2008 at 10:44 pm

   4 Also to counter act the FOIA there is the Privacy Act of 1974 that protects sensitive things, like SSN and specific doctor results. Example, if a reporter was interested in me for some reason, and saw me go to a doctor the reporter could claim under the FOIA that the Doc has to tell them I was there. While that’s true the PA of 1974 states that all he has to release without my consent, is the fact that I went to a doctor.

5. Kevin Bahrt Posted: May 15th, 2008 at 3:28 am

   5 And wouldn’t this stuff be classified under sensitive information? I don’t think the press can demand information of a sensitive nature like military deployment or exact military specifications due to safety and intelligence issues.

6. Mike Posted: May 15th, 2008 at 4:57 am

   6 Doom still has diplomatic immunity, right? Assuming that, then for all the counter measures Stark’s put together, a team of the top baddies can still get at the goods. If this group plans it to go to Doom, then the authorities can’t do shit. That is, of course, if they ask. I didn’t know this was that complicated til I read the responses. Thanks for showing every senerio, guys!

7. Jami Posted: May 15th, 2008 at 8:42 am

   7 Author Comment Personal info is not subject to FOIA, that’s true. And the current administration tends to cite the Privacy Act when they excise their releases. But, missions would be subject to FOIA and would be a real headache if they’re not properly documented. Which means you’d need to hire on an entire staff of folks who just document what the heroes do. Deployments would be subject to FOIA with the caveat that the agency will excise tactical information or other stuff like that. The “sensitive but unclassified” designation has been horribly abused by the current administration, but that SBU stuff should be released to the public. If parts of a mission are declared classified, by all means, excise that shit. We don’t need to know superhero social security numbers or real identities or that kind of thing. But everything else would be subject to FOIA. Oh, and the diplomatic immunity would be an interesting angle to explore. This is all quite academic for a comics discussion. I freaking love it!

8. Wayne Posted: May 15th, 2008 at 8:50 am

   8 You would do this somewhat differently in reality. First, you do this on a mainframe. That makes it physically much more difficult to steal because you stripe the data across disk drives, that would force thieves to steal a lot more physical gear, more than one person could carry regardless of strength: you make it bulky. Needless to say all disk data is heavily encrypted. We’re talking full disk crypto, not just the files, but the directory also. Second, it is NEVER connected to an external network. Third, you make a new communications protocol. To access an IBM AS/400, you have to be running a 5250 protocol. You create a new protocol that no one else has software for, and you make it sufficiently different that even if you could connect a computer to it, it wouldn’t do you much good. The specification is never released to the public, so no one can easily write an interface to connect to it. Fourth, internal network. You’re going to have to have an internal network, there’s going to be too much information for it all to be entered in at one point. First, limit the number of workstations. Make them close together, so a single squad of supers can defend all of them, or see if anyone is accessing them who shouldn’t be there. Make each network connection a direct port connection: no switches, no routers. Any disconnect of any workstation, i.e. attempt to insert a packet sniffer, results in immediate area lockdown and alert. Also encrypt the network traffic, naturally. Fifth, what happens to the original paper/electronic documents? How are they destroyed. A friend of mine worked on crypto equipment during the Vietnam war. You put paper in the top of this thing, you got dust out of the bottom. You’re going to need some significant document destruction, shredding or burn bags won’t do it. Sixth, what about backups? If all of the information is in one place, it is vulnerable to a site catastrophy. Could the Brotherhood of Evil Mutants disintegrate the entire building and data center? Normal disaster recovery planning would have the data backed up and stored in another site, which then risks the backups being stolen en route to the off-site location. I think I’d have multiple backup sites such that each site always receives the same backup tape: Site 1 always gets Tape 1. That way if any one site is compromised, they won’t get a complete backup set. And how do you secure against someone like Mystique? You’d probably have to have genetic identification for anyone to access to the system, sort of like what they did in the movie Gatticca. And finally, for now, what about output? You probably shouldn’t have printers hooked up, because printing out someone’s information is the same theft as stealing it from the computer. This can be fixed physically: no printer or USB ports on the computers, no print routines on the terminals connected to it. You trade ease of use with security, this would not be an easy system to use. Just a few thoughts. And yes, I have an extensive background in computers, networking and disaster planning. Realistically, this is how I’d approach it. But since we’re talking comics, it doesn’t have to be realistic, just dramatic.

9. Jami Posted: May 15th, 2008 at 8:55 am

   9 Author Comment Yeah, but your solution is way better than “plot” software. I could see backups being quite troublesome and a perfect target for the Marvel rogue’s list. There should just be a short line of Marvel nerd comics about the poor saps who have to build and protect this database.

10. SteveMB Posted: May 15th, 2008 at 9:13 am

    10 I’m not sure it really does any good to not include printers. The system has to display information *somehow*, and somebody can just photograph the screen display. If it’s a covert infiltration rather than a main-force takeover of the facility, that’s a better option than printing out the intel you want (a memory chip is easier to hide than a sheaf of papers — the really small ones are easier to hide than even one sheet of paper).

11. Kevin Bahrt Posted: May 16th, 2008 at 8:57 am

    11 I don’t know if any of you have ever read any Lois McMaster Bujold but a guy had a friend completely bypass all security measures by having his video phone thing turned to face a secured computer display hardwired not to connect to any outside source. Took five seconds to ruin years of security prepping.

12. SteveMB Posted: May 16th, 2008 at 1:31 pm

    12 That’s becoming an issue in the real world. For obvious reasons, high-security establishments don’t let people carry cameras, including cell-phone cameras, and it’s getting difficult to find a cell phone with any kind of advanced features that *doesn’t* also have a camera. And that’s an example of why elaborate security tends to decay over time — it’s such a PITA to authorized users that people get into the habit of bypassing it, with the tacit approval of the people who are supposed to be enforcing it because it’s a PITA for them, too.