I have to deal with this a great deal with systems being passed from company to company or releasing hardware between departments inside a company.
The "scrub" utility, built into most Linux distributions and available on the Knoppix CD and DVD images, works very well. The time taken really depends on the level of scrubbing. The "nnsa" and "dod" standard scrub options do take many hours, because they use patterns like all zeros, all ones, 10101010, 01010101, and then randomized data of various sorts. That's at least 5 passes over the entire disk, and disks are getting cheaper and larger. Given the size of modern systems with, that can easily take 6 hours to zero a Terabyte drive with reasonable hardware writing 80 MBytes/second.
Many people consider these standerds to be excessive, and settle for a simple zeroing of the entire drive as sufficient protection to save time. (Generating sudo random data for overwriting really slows down the process.) Even then, the big expense is connecting the systems up somewhere with the shelf space and engineer time to do it, and to verify that it's been done. Since so few people are willing to give up control of their old system until the new system is in place, you usually can't scrub them before the new hardware is in, and replacing an entire department means an entire department of machines to scrub. And some of them may be seriously screwed up and require engineering time to get the disks into a system that can actually read and write to them.
I'm afraid I went over the top here. You may mean well for your customers, and may in fact resist unconstitutional data requests. But there is a compelling amount of legislation that is aimed _precisely_ at controlling corporate data gathering, ranging from the tax code to the SEC's regulations about business finance to the HIPAA regulations about medical information, the TeleCommunications Privacy Act and its poorly writt4en regulations bout consumer protection, and the export encryption regulations of the department of commerce. Those are not merely about what you must turn over from current records, they are about what you must keep or what you must not publish.
CALEA is aimed at voice communications, and is not particularly relevant to this except that it was aimed squarely at controlling and preventing changes to business practices. Exemption or not for search engines, it prevented the use of new telecomm technologies that would prohibit easy wiretapping.
> All the existing US laws are about turning over existing business records and not about compelling you change your business practic
This is a *BLATANT* lie. The US encryption regulations are precisely about controlling corporate behavior, especially the encryption export regulations HIPAA, FISA, and the more fascinating regulations of the misnamed Telecummincations Privacy Act. And it *does not matter* that the request is unconstitutional, your servers can be shut down while the non-court-approved, unconstitutional Patriot Act request is shoved up your backside. And you *would not be allowed to admit it had happened*.
Any corporate president too stupid to lie better than that is too stupid to protect their client's privacy, or money, or electronic documents and should not be trusted to hold a spoon by the right end. Nice job costing yourself any customers you had left who read Slashdot.
They do go out of their way to please regulators and governmental agencies that can interfere with their business. The USA still has extensive regulations on the export of encryption technologies, regulations that could require compliance reviews and delay major commercial releases by months or force expensive splitting off of encryption technologies as separate packages requiring expensive, separate registration to download. This has occurred repeatedly with older technologies, such as the "3DES" and other password encryption tools used for commercial UNIX password handling.
Governmental access to the consumer's escrowed keys in an easily accessible location, namely Microsoft's databases, is critical to Microsoft's modern "UEFI" and "Trusted Computing" initiatives. The use of such a central escrow for client recovery of their own keys is one reason to have it, but the access for government or even business agencies for doing decryption of customer secured contents is another compelling reason to have it, and to centralize it, and to keep the access policies completely secret and unexamined by their own customers, which is what seems to be the case.
I've been technical lead and technical contributor on numerous such projects, it's an absolutely core part of my work. And it is incredibly difficult in large environments, where numerous groups have evolved distinct usage and workflows and are often very resistant to change. Coupled with the amount of money being managed in this project, and the military and security requirements, such a project is well beyond the capabilities of any group I've ever met.
Trust is not a sufficient factor, I'm afraid. Competence, and communications among the groups, is critical. That requires corporate buyin, and ledership and technical and business acumen that are extremely rare and will not be found by a "lowest bid" process.
And _that_ is why so many A/D systems fail miserably: because people have been very, very confused by sampling theory.
Just because it takes 100 msec to respond does not mean that the eye motion takes anywhere that time, and the motion is not "clocked" or linked to some discrete frequency. It's analog, and to measure its impulse driven movements properly you need to oversample temendously, or use some sort of triggered sensor that can record its triggers very accurately.
I, and many of my technical colleagues, are quite senior. We'd find work there, but would almost be forced into management, because by "lines per day" metrics and "tickets closed" we're not as fast as the average youngster. However, our abilities to deal with problems the youngsters have never even _heard_ of, and to do things cleanly so the problems don't occur, and the mastery of older and stable technologies, certainly keeps us busy.
You can see the difference in our software, and our hardware. If we buy a pair of switches for high availability, we make sure that the computers connected to them are correctly connected to both switches, with pair-bonding or other failover software. When we get involved with backup systems we actually test restoring the data. When we write new web applicatons, we sanitize the inputs before feeding them to the database. (Obligatory XKCD: http://xkcd.com/327/) And when we deal with "object oriented programming", we use different functions for different classes of input, despite the protests of the Java and C++ youngsters, because we have learned the harsh and bitter lesson: distinct functions get distinct names..
My colleagues and I are also a bit odd in that when someone shows up with a new technology, we don't just demean it. Replacing racks of expensive hardware with commodity disk drives was a real rethink of how we did things, and we oldsters had to get them to slow down and invest in bandwidth to allow offsite replicaton instead of sending tapes. (http://en.wikipedia.org/wiki/Sneakernet for an example) We also had to bring in the experience that if you triple people's space, they will fill it _very quickly_: But it worked out really well, and it's a replicatable technology suite.
Actually, it's very interesting. It shows that even with the very extensive testing and layers of planning and managerial processes to prevent such errors, they can still creep in. And it shows that very expensive, one-off projects remain vulnerable to subtle design errors, so the tools to do field updates are _critical_.
Note that designing for spacecraft can be a real artform: they have extremely limited computational resources, due to the inherent risks of bit errors in increasingly small modern silicon exposed to radiation and temperature changes, and you cannot simply shield the electronics: the shielding adds weight and itself becomes radioactive over time. So you often wind up using quite old but far more stable technologies. That means tools that may be considered quite obsolete by the time your design phase is complete and the device is ready for launch. And by the time it arrives _on Mars_, the techonology is very obsolete indeed.
My respect for the programmers and designers of interplanetary spacecraft is enormous: systems like Voyager and the Mars Rover, Spirit, that exceed their lifespans by years fill me with pride as an engineer that we could build so well. And the obligatory XKCD on the subject:
> I don't really want to live in a world where I have to actively hide shit from people or they'll try to take advantage of me. Lack of privacy is a social problem soluble by bringing up people with a better attitude toward their fellow man, not a technical one soluble with an arms race (which you will lose, btw).
Goodness, you are an optimist. The military, economic, or social advantage to accessing private communications is very large, and the social and economic and political advantages are _tremendous_. Education won't solve that: the first person in the "educated" world who starts copying test answers, or reading their boss's private correspondence, will have tremendous advantages socially and in the workplace. That's part of what the NSA was doing to EU communications: industrial espionage to benefit American companies.
> We can't run the world on what you anticipate some government agency might feel.
On what I, personally, anticipate? Of course not. On the history of lawsuits and shifting governmental regulation as applied to project planning, architecture, and finance? It happens every day.
Indispensable? Perhaps not. "Able to charge billable hours and make the client or partner happy"? Yes, indeed, and such factors are part of why I can pull in the salary I have. It's why I can _afford_ to go to a movie occasionally.
Also, I don't "stare at the screen". I go outside and check it. The buzz for the phone ringing is distinct from the text message buzz.
I was very cautious about that language. The difference between the FCC "becoming upset" and "prosecuting" is a very real one. I'd anticipate the FCC changing its regulations on passive blocking very, very quickly if such passive jamming became widespread in movie theaters.
I do believe I described this. Even when not officially "on call", I'm often the target of technological emergency calls due to specialized knowledge. The same thing happens to specialists or truly skilled medical personnel all the time, because having a backup is never the same thing as having the primary and more actively maintained system available. The time spent enabling a backup can be critical.
I'm not suggesting it would be a common occurrence for tragedy to occur, but what theater would take such a risk.
They're not deliberately blocking the cell phones, they're not as effective as the "Farady cage" like wallpaper, and you're not being invited to sit in the garage for several hours at a time. It's a very different situation.
But I'm afraid the FCC will become upset because it can _block_ signals outside the movie theater. The shadow of the cage itself is a noticeable dead zone. And I'm afraid that it will only take one litigious parent whose baby sitter is trying to reach them, or one doctor who can't be paged, to create a dangerous lawsuit for for any theater that tries this.
I have seen it done for certain conference rooms, that were clearly marked this this way, and even then people became quite upset at not having their cell phones work.
I'm often on call. Even when I'm not on call, I'm always a "call me if you need help" resource for various projects. So I'm afraid that I do have to leave my phone on, but I get up and step outside the theater precisely to avoid bothering others with the sound, or lights.
It's actually a much worse problem with modern cell phones than it used to be with small pagers, because of the larger screen.
It's even more complex. It's normally illegal for the NSA to spy on US internal communications., but it's not illegal for them to _trade_ information on North Korea communications with the Australians to obtain that same USA internal communications. So worldwide monitoring facilities have a fascinating tradition history of monitoring everything, except their own nations, and trading content with the other facilities to get their own local content.
Besides the Geneva Convention on handling prisoners of war? Even if you accept that the prisoners there are not from nations with whom the US was at war, the Convention Against Torture certainly applies to US handling of prisoners in Afghanistatn (with the Abu Ghraib fiasco) and at Guantanamo (where compelling testimony from former prisoners reveals the presence of a building especially for tortuer, in which at least 3 prisoners have died).
Please review the NSA charter. Quoting Harry Truman's specific words in the original charter:
> The COMINT mission of the National Security Agency (NSA) shall be to provide an effective, unified organization and control of the communications intelligence activities of the United States conducted against foreign governments, to provide for integrated operational policies and procedures pertaining thereto.
They have no legal justification for the widespread monitoring of domestic communications in which they are involved, as documented by Mr. Snowden's leaks. Such domestic monitoring would be the task of the FBI, or for economic matters the Secret Service. Moreovier, the NSA is frequently in vioolation of international treaty with the nature and scope of its monitoring. Being a "spy agency" does not, and should not, provide judicial immunity.
I'm afraid it really is a guarantee of power. It's certainly not absolute, but being able to afford lawyers, or to invest in politically sensitive causes, or even to pay taxes, all grant some level of power.
I've seen numerous studies and theories about the ballistic impact of asteroid strikes and satellite collisions. I've seen nothing on the _spin_, the angular momentum, imparted by such impacts. Even if the shield survives, if the angular momentum imparted by an off-center impact is large enough, the impacted satellite or space craft could well be spinning faster than its available rocket resources can compensate for, or even beyond the ability of its communications and guidance systems to plan a recovery. This possibility could actually be made _worse_ by installing effective shielding. An impact that would have previously left a small hole through the spacecraft would instead be stopped or deflected and instead deposit far more angular momentum.
Has anyone here seen or participated in such analyses?
There are already laws and regulations in many states about what data can be stored where. Bringing up those rules, and pointing out how the work can be done more safely and follow those rules, can be far more useful than merely saying "we're at risk". The risks are very real, and your concerns well founded.
However, compare it to the security of most academic environments. The passwords are too often kept in the front office desks for easy access. The backup and recovery systems are often a sad joke, and the person responsible for the emaill is far too often someone who says "we trust the people we work with" and the dedicated bad people can't be stopped" and goes on to send passwords in plain text over email, in direct violation of the very policy they signed and published for the school. I've seen all of that happen, personally, at 3 different academic environments in the last decade.
For those people, getting their data into the Google based could is an enormous step _up_ in reliability and security.
I'd read her book. My old copy is in my workplace library. And I'd not even thought about the author's gender, simply assumed male from the era it was written and the subject matter. I'm delighted to be wrong, and saddened to hear of the loss of a great engineer.
The proposal is aimed at charging the domain squatters for the thousands or millions of daily hits they make, which do burden the whois system profoundly. I'm aware of entire companies that were founded to do this during the "dotcom" bubble, most of which thankfully died out during the "dotbomb" burst. But the business remains intact, and is even more populated by fraudsters than it was then. And this proposal is clearly aimed at limiting the large scale data mining to a much more select clientele.
It might help the system. The fraudulent registrations and registrars unresponsive to abuse complaints are a constant drain on network administrator resources. But there's no reason to think that this centralized data will be used to actually monitor for or prevent abuse. Like when Verisign declared "*.com" to point to automatically point to their web pages and email systems, it's likely to cause a lot of chaos and serve only a small group in a place to profit from it.
Slashdot Mirror
I have to deal with this a great deal with systems being passed from company to company or releasing hardware between departments inside a company.
The "scrub" utility, built into most Linux distributions and available on the Knoppix CD and DVD images, works very well. The time taken really depends on the level of scrubbing. The "nnsa" and "dod" standard scrub options do take many hours, because they use patterns like all zeros, all ones, 10101010, 01010101, and then randomized data of various sorts. That's at least 5 passes over the entire disk, and disks are getting cheaper and larger. Given the size of modern systems with, that can easily take 6 hours to zero a Terabyte drive with reasonable hardware writing 80 MBytes/second.
Many people consider these standerds to be excessive, and settle for a simple zeroing of the entire drive as sufficient protection to save time. (Generating sudo random data for overwriting really slows down the process.) Even then, the big expense is connecting the systems up somewhere with the shelf space and engineer time to do it, and to verify that it's been done. Since so few people are willing to give up control of their old system until the new system is in place, you usually can't scrub them before the new hardware is in, and replacing an entire department means an entire department of machines to scrub. And some of them may be seriously screwed up and require engineering time to get the disks into a system that can actually read and write to them.
I'm afraid I went over the top here. You may mean well for your customers, and may in fact resist unconstitutional data requests. But there is a compelling amount of legislation that is aimed _precisely_ at controlling corporate data gathering, ranging from the tax code to the SEC's regulations about business finance to the HIPAA regulations about medical information, the TeleCommunications Privacy Act and its poorly writt4en regulations bout consumer protection, and the export encryption regulations of the department of commerce. Those are not merely about what you must turn over from current records, they are about what you must keep or what you must not publish.
CALEA is aimed at voice communications, and is not particularly relevant to this except that it was aimed squarely at controlling and preventing changes to business practices. Exemption or not for search engines, it prevented the use of new telecomm technologies that would prohibit easy wiretapping.
> All the existing US laws are about turning over existing business records and not about compelling you change your business practic
This is a *BLATANT* lie. The US encryption regulations are precisely about controlling corporate behavior, especially the encryption export regulations HIPAA, FISA, and the more fascinating regulations of the misnamed Telecummincations Privacy Act. And it *does not matter* that the request is unconstitutional, your servers can be shut down while the non-court-approved, unconstitutional Patriot Act request is shoved up your backside. And you *would not be allowed to admit it had happened*.
Any corporate president too stupid to lie better than that is too stupid to protect their client's privacy, or money, or electronic documents and should not be trusted to hold a spoon by the right end. Nice job costing yourself any customers you had left who read Slashdot.
They do go out of their way to please regulators and governmental agencies that can interfere with their business. The USA still has extensive regulations on the export of encryption technologies, regulations that could require compliance reviews and delay major commercial releases by months or force expensive splitting off of encryption technologies as separate packages requiring expensive, separate registration to download. This has occurred repeatedly with older technologies, such as the "3DES" and other password encryption tools used for commercial UNIX password handling.
Governmental access to the consumer's escrowed keys in an easily accessible location, namely Microsoft's databases, is critical to Microsoft's modern "UEFI" and "Trusted Computing" initiatives. The use of such a central escrow for client recovery of their own keys is one reason to have it, but the access for government or even business agencies for doing decryption of customer secured contents is another compelling reason to have it, and to centralize it, and to keep the access policies completely secret and unexamined by their own customers, which is what seems to be the case.
I've been technical lead and technical contributor on numerous such projects, it's an absolutely core part of my work. And it is incredibly difficult in large environments, where numerous groups have evolved distinct usage and workflows and are often very resistant to change. Coupled with the amount of money being managed in this project, and the military and security requirements, such a project is well beyond the capabilities of any group I've ever met.
Trust is not a sufficient factor, I'm afraid. Competence, and communications among the groups, is critical. That requires corporate buyin, and ledership and technical and business acumen that are extremely rare and will not be found by a "lowest bid" process.
And _that_ is why so many A/D systems fail miserably: because people have been very, very confused by sampling theory.
Just because it takes 100 msec to respond does not mean that the eye motion takes anywhere that time, and the motion is not "clocked" or linked to some discrete frequency. It's analog, and to measure its impulse driven movements properly you need to oversample temendously, or use some sort of triggered sensor that can record its triggers very accurately.
I, and many of my technical colleagues, are quite senior. We'd find work there, but would almost be forced into management, because by "lines per day" metrics and "tickets closed" we're not as fast as the average youngster. However, our abilities to deal with problems the youngsters have never even _heard_ of, and to do things cleanly so the problems don't occur, and the mastery of older and stable technologies, certainly keeps us busy.
You can see the difference in our software, and our hardware. If we buy a pair of switches for high availability, we make sure that the computers connected to them are correctly connected to both switches, with pair-bonding or other failover software. When we get involved with backup systems we actually test restoring the data. When we write new web applicatons, we sanitize the inputs before feeding them to the database. (Obligatory XKCD: http://xkcd.com/327/) And when we deal with "object oriented programming", we use different functions for different classes of input, despite the protests of the Java and C++ youngsters, because we have learned the harsh and bitter lesson: distinct functions get distinct names..
My colleagues and I are also a bit odd in that when someone shows up with a new technology, we don't just demean it. Replacing racks of expensive hardware with commodity disk drives was a real rethink of how we did things, and we oldsters had to get them to slow down and invest in bandwidth to allow offsite replicaton instead of sending tapes. (http://en.wikipedia.org/wiki/Sneakernet for an example) We also had to bring in the experience that if you triple people's space, they will fill it _very quickly_: But it worked out really well, and it's a replicatable technology suite.
Actually, it's very interesting. It shows that even with the very extensive testing and layers of planning and managerial processes to prevent such errors, they can still creep in. And it shows that very expensive, one-off projects remain vulnerable to subtle design errors, so the tools to do field updates are _critical_.
Note that designing for spacecraft can be a real artform: they have extremely limited computational resources, due to the inherent risks of bit errors in increasingly small modern silicon exposed to radiation and temperature changes, and you cannot simply shield the electronics: the shielding adds weight and itself becomes radioactive over time. So you often wind up using quite old but far more stable technologies. That means tools that may be considered quite obsolete by the time your design phase is complete and the device is ready for launch. And by the time it arrives _on Mars_, the techonology is very obsolete indeed.
My respect for the programmers and designers of interplanetary spacecraft is enormous: systems like Voyager and the Mars Rover, Spirit, that exceed their lifespans by years fill me with pride as an engineer that we could build so well. And the obligatory XKCD on the subject:
http://www.xkcd.com/695/
> I don't really want to live in a world where I have to actively hide shit from people or they'll try to take advantage of me. Lack of privacy is a social problem soluble by bringing up people with a better attitude toward their fellow man, not a technical one soluble with an arms race (which you will lose, btw).
Goodness, you are an optimist. The military, economic, or social advantage to accessing private communications is very large, and the social and economic and political advantages are _tremendous_. Education won't solve that: the first person in the "educated" world who starts copying test answers, or reading their boss's private correspondence, will have tremendous advantages socially and in the workplace. That's part of what the NSA was doing to EU communications: industrial espionage to benefit American companies.
Yes, I do know what he makes. He's on call even more than I am and works harder: I get to go to a movie occasionally.
> We can't run the world on what you anticipate some government agency might feel.
On what I, personally, anticipate? Of course not. On the history of lawsuits and shifting governmental regulation as applied to project planning, architecture, and finance? It happens every day.
Indispensable? Perhaps not. "Able to charge billable hours and make the client or partner happy"? Yes, indeed, and such factors are part of why I can pull in the salary I have. It's why I can _afford_ to go to a movie occasionally.
Also, I don't "stare at the screen". I go outside and check it. The buzz for the phone ringing is distinct from the text message buzz.
I was very cautious about that language. The difference between the FCC "becoming upset" and "prosecuting" is a very real one. I'd anticipate the FCC changing its regulations on passive blocking very, very quickly if such passive jamming became widespread in movie theaters.
I do believe I described this. Even when not officially "on call", I'm often the target of technological emergency calls due to specialized knowledge. The same thing happens to specialists or truly skilled medical personnel all the time, because having a backup is never the same thing as having the primary and more actively maintained system available. The time spent enabling a backup can be critical.
I'm not suggesting it would be a common occurrence for tragedy to occur, but what theater would take such a risk.
They're not deliberately blocking the cell phones, they're not as effective as the "Farady cage" like wallpaper, and you're not being invited to sit in the garage for several hours at a time. It's a very different situation.
Such materials are commercially available as wallpaper for years. (See http://blogs.wsj.com/ideas-market/2012/05/25/wallpaper-that-blocks-wi-fi/)
But I'm afraid the FCC will become upset because it can _block_ signals outside the movie theater. The shadow of the cage itself is a noticeable dead zone. And I'm afraid that it will only take one litigious parent whose baby sitter is trying to reach them, or one doctor who can't be paged, to create a dangerous lawsuit for for any theater that tries this.
I have seen it done for certain conference rooms, that were clearly marked this this way, and even then people became quite upset at not having their cell phones work.
I'm often on call. Even when I'm not on call, I'm always a "call me if you need help" resource for various projects. So I'm afraid that I do have to leave my phone on, but I get up and step outside the theater precisely to avoid bothering others with the sound, or lights.
It's actually a much worse problem with modern cell phones than it used to be with small pagers, because of the larger screen.
It's even more complex. It's normally illegal for the NSA to spy on US internal communications., but it's not illegal for them to _trade_ information on North Korea communications with the Australians to obtain that same USA internal communications. So worldwide monitoring facilities have a fascinating tradition history of monitoring everything, except their own nations, and trading content with the other facilities to get their own local content.
Besides the Geneva Convention on handling prisoners of war? Even if you accept that the prisoners there are not from nations with whom the US was at war, the Convention Against Torture certainly applies to US handling of prisoners in Afghanistatn (with the Abu Ghraib fiasco) and at Guantanamo (where compelling testimony from former prisoners reveals the presence of a building especially for tortuer, in which at least 3 prisoners have died).
The USA ratified their signature in 1994.
Please review the NSA charter. Quoting Harry Truman's specific words in the original charter:
> The COMINT mission of the National Security Agency (NSA) shall be to provide an effective, unified organization and control of the communications intelligence activities of the United States conducted against foreign governments, to provide for integrated operational policies and procedures pertaining thereto.
They have no legal justification for the widespread monitoring of domestic communications in which they are involved, as documented by Mr. Snowden's leaks. Such domestic monitoring would be the task of the FBI, or for economic matters the Secret Service. Moreovier, the NSA is frequently in vioolation of international treaty with the nature and scope of its monitoring. Being a "spy agency" does not, and should not, provide judicial immunity.
> Wealth is no guarantee of power
I'm afraid it really is a guarantee of power. It's certainly not absolute, but being able to afford lawyers, or to invest in politically sensitive causes, or even to pay taxes, all grant some level of power.
It's certainly not absolute.
I've seen numerous studies and theories about the ballistic impact of asteroid strikes and satellite collisions. I've seen nothing on the _spin_, the angular momentum, imparted by such impacts. Even if the shield survives, if the angular momentum imparted by an off-center impact is large enough, the impacted satellite or space craft could well be spinning faster than its available rocket resources can compensate for, or even beyond the ability of its communications and guidance systems to plan a recovery. This possibility could actually be made _worse_ by installing effective shielding. An impact that would have previously left a small hole through the spacecraft would instead be stopped or deflected and instead deposit far more angular momentum.
Has anyone here seen or participated in such analyses?
There are already laws and regulations in many states about what data can be stored where. Bringing up those rules, and pointing out how the work can be done more safely and follow those rules, can be far more useful than merely saying "we're at risk". The risks are very real, and your concerns well founded.
However, compare it to the security of most academic environments. The passwords are too often kept in the front office desks for easy access. The backup and recovery systems are often a sad joke, and the person responsible for the emaill is far too often someone who says "we trust the people we work with" and the dedicated bad people can't be stopped" and goes on to send passwords in plain text over email, in direct violation of the very policy they signed and published for the school. I've seen all of that happen, personally, at 3 different academic environments in the last decade.
For those people, getting their data into the Google based could is an enormous step _up_ in reliability and security.
I'd read her book. My old copy is in my workplace library. And I'd not even thought about the author's gender, simply assumed male from the era it was written and the subject matter. I'm delighted to be wrong, and saddened to hear of the loss of a great engineer.
The proposal is aimed at charging the domain squatters for the thousands or millions of daily hits they make, which do burden the whois system profoundly. I'm aware of entire companies that were founded to do this during the "dotcom" bubble, most of which thankfully died out during the "dotbomb" burst. But the business remains intact, and is even more populated by fraudsters than it was then. And this proposal is clearly aimed at limiting the large scale data mining to a much more select clientele.
It might help the system. The fraudulent registrations and registrars unresponsive to abuse complaints are a constant drain on network administrator resources. But there's no reason to think that this centralized data will be used to actually monitor for or prevent abuse. Like when Verisign declared "*.com" to point to automatically point to their web pages and email systems, it's likely to cause a lot of chaos and serve only a small group in a place to profit from it.