log files (was: Re: dbts: Cryptographic Dog Stocks, The Dirigible Biplane, and Sending the Wizards Back to Menlo Park )

> 	It strikes me that while Mr. Hettinga and other e$ seers may have
> spent the past decade considering how to allow transactional exchanges to
> escape a human linkage, most professional sysops and network managers have
> been concerned with how to strengthen the linkage between on-line accounts,
> actions, and audit trails -- and the humans to which a user's account has
> been assigned.

Leaving aside the rest of this discussion, Vin touches on a point that
I think has been ignored by some:  operations demand log files.  That
is -- and I'm doffing my security hat here and donning the hat of someone
who has been running computer systems and networks for 30+ years --
when I'm trying to manage a system and/or troubleshoot a problem,
I *want* log files, as many as I can get and cross-referenced 17 different
ways.  This isn't a security issue -- most system administrator headaches are
due to the "benign indifference of the universe", or maybe to Murphy's Law
-- but simply a question of having enough information to trace the
the perturbations caused to the system by any given stimulus.

The more anonymity, and the more privacy cut-outs, the harder this is.
I claim, therefore, that the true cost of running such a system is
inherently *higher*.  There may be, as some have claimed, offesetting
operational advantages.  But the savings from those advantages need to
be balanced against losses due to hard-to-find bugs, or even bugs that
one isn't aware of because there's insufficient logging.  Remember
that double-entry bookkeeping catches all sorts of errors, not just
(or even primarily) embezzlement.

To be sure, one can assert that the philosophical gains -- privacy,
libertarianism, what have you -- are sufficiently important that this
price is worth paying.  With all due respect, I will assert that
that debate is off-topic for this list, and is best discussed over
large quantities of ethanol.