Epistemological Relativism

A couple of weeks ago, after I had finished the final Harry Potter novel, I wrote a couple of paragraphs about the appeal of these stories. It is a novel where kids and adults witness Harry experience new, exciting and terrifying things almost always for the first time. Even the most mundane and insignificant encounter is dramatic and memorable for Harry. Of course, in the novels, Harry experiences the fantastic as well. This transformation of the mundane into the extraordinary is something that occurs regularly in the life of a child. And this is perhaps why the novels are so appealing. As adults we may have vague memories of that transformation and through the novels we glimpse dimly into those cherished experiences. For the child reader, it is the best of both worlds. G.K. Chesterton says that these types of stories will endure because they place an ordinary character within the extraordinary.

The old fairy tale makes the hero a normal human boy; it is his adventures that are startling; they startle him because he is normal…You can make a story out of a hero among dragons; but not out of a dragon among dragons. The fairy tale discusses what a sane man will do in a mad world.

In fact, Chesterton applifies my own sentiments of this joy of discovery.

This is proved by the fact that when we are very young children we do not need fairy tales: we only need tales. Mere life is interesting enough. A child of seven is excited by being told that Tommy opened a door and saw a dragon. But a child of three is excited by being told that Tommy opened a door. Boys like romantic tales; but babies like realistic tales — because they find them romantic

I see this often in the lives of my own children. The young child is living the romantic and mystic life at every step as new encounters, people and experiences bombard his inquisitive and naive sense and open his heart and mind to the wider world around him. This is why proper education (or even facilitation) is important. This activity of timely and responsible disclosure that leads and allows children to discover the wonder of world is perhaps one of the finest things we can do. Sadly, because we have lost that feeling of wonder and live in the mundane, we have forgotten the excitement, enchantment and magic of the world that our children experience at every turn.

There is this idea driven by the combination of regulatory compliance requirements and money-hungry vendors well-intentioned solution providers that there is a malicious database administrator operating within most organizations. This database administrator is likely a part of a large network of information traders attempting to fence their ill-gotten goods to the highest bidder. They can strike at any time and are, most likely, deciding which other choice pieces of information in your organization will subsidize the purchase of their fourth Murciélago. There is no question that this scenario makes for a great (read: terrible) Hollywood film premise. Presently, however, this is nothing more than a work of fiction.

Whatever the intentions of those that are propagating this myth of the malicious DBA, the current data available does not tell us such a story. Even a cursory glance at this data paints a completely different picture. Feel free to explore the data yourself. In the chart below you can see that a malicious DBA was responsible for 3% of data-related breaches. You should also know that I was being generous with the descriptions. It was most likely *not* a DBA, but then perhaps you’d think *I* was making this up if there were no DBA-related activity.

For all this breach data there still are companies out there that tell you that their state of the art encryption technology will help you defend your organization from the malicious DBA threat. It seems odd to spend so much on the “Malicious DBA” threat when it accounts for probably less than 5% of the overall threats to confidential data. I think these product vendors know this. This is why they attempt to tell you that their database encryption products “protects the data within the DBMS and also protects against a wide range of threats, including storage media theft, well known storage attacks, database-level attacks, and malicious DBAs.”

Database encryption won’t help you with the laptop problem, it won’t help you with the paper problem, it won’t help you with process problems and it won’t help you with the hacker problem. It helps you, if you want to make the stretch (and to be charitable I will), with the tape problem (assuming your undefined processes backup data that is still important to bad guys, but is not required to be protected according to regulatory requirements), it will help you, maybe, with the disk-in-server-gone-missing problem, and it may help you with the malicious DBA problem. But, wait, there isn’t a malicious DBA problem. So what does database encryption do again?

References:

http://www.privacyrights.org/ar/ChronDataBreaches.htm#Total

http://www.ingrian.com/resources/sol_briefs/implementation-sb.pdf

Yesterday while browsing the children’s books at my local Borders I spotted Rumpelstiltskin. While it is not the version I am used to, it is very nice to look at and captures the major plot points quite simply. I’m trying to figure out why it has taken me this long to get this tale and share it with my children, but I have no answer. When I read it last night my children gasped in horror at the king’s ultimatum given to the miller’s daughter. They gasped even louder as the straw-filled rooms grew in size after each night. It was great fun and I’m sure it will become a common bedtime request.

Stories, real or imagined, have incredible power. While I’m certain that the lectures I give my oldest are quickly forgotten, I know with equal certainty that after just one reading of Rumpelstiltkin that the story will be forever locked away in her memories. This is instructive in a number of ways. Using stories to communicate moral messages, values and beliefs can be found in some of the oldest documents in antiquity. I think that as a modern society where we are surrounded by “facts” and “laws”, we quickly forget the power of story. This is especially the case when we forget that most young children are not developmentally ready to hang “facts” and “laws” onto their neural hooks and use them appropriately. Stories have this magic ability to bypass the developmental requirements and plant themselves firmly within the child’s mind with all the associated moral messages. Are stories that contain the messages we value most more effective than other methods? I don’t know, but it would seem quite foolish to completely ignore the wisdom and traditions of previous generations.

The man who cannot believe his senses, and the man who cannot believe anything else, are both insane, but their insanity is proved not by any error in their argument, but by the manifest mistake of their whole lives. They have both locked themselves up in two boxes, painted inside with the sun and stars; they are both unable to get out, the one into the health and happiness of heaven, the other even into the health and happiness of the earth.

– G.K. Chesterton, Orthodoxy (Doubleday, 2001) 22.

I took the test which allegedly tells you whether or not you have high-functioning autism. I guess I don’t. I scored 25. Unfortunately, I’m not sure whether that score is good or bad or meaningless. Perhaps that is part of the test? Try it and post your answers.

http://www.piepalace.ca/blog/asperger-test-aq-test/