Here’s a simple analogy: you have two identical twin security guards you can call on the phone at any time. Both of them are 100% reliable and trustworthy and will never lie. They are both responsible for the security of a 2 room building.
In the second room of each building there are at least 2 people.
1 is responsible for making statements as to what is happening inside the building. We’ll call her the Notary. A guard can call the Notary at any time, and she will tell the guard what’s happening inside her room. She also never lies. If something bad happens in the other room, the guard can respond.
The third person (in total) is a worker.
- Security guard A is responsible for the security of two rooms – his own guardroom, and a small 10 x 10 foot adjoining room, in which sits The Notary and 1 worker. The guard can talk to the notary simply by raising his voice, and she can yell back, at any time. He can ask her what the worker is doing, who’s in the room, if the room is in the same condition as it was when she came into work that morning. Etc.
- Security guard B is responsible for the security of two rooms – his own guardroom, and a 1M sq foot warehouse filled with thousands of workers from hundreds of companies. In that room somewhere sits The Notary. The guard must use a messenger service to communicate with the notary because she is too far away to hear him shouting, but the questions and communications can be the same as in the first case.
Knowing that you trust the guards themselves to be utterly competent and totally reliable, and each guard trusts each Notary 100%, you can ask each guard how secure each room is. It’s entirely likely that the guardrooms are equally secure, and they will tell you that. However it’s also possible that you will hear from both guards that the other room is also completely secure.
Which space is really more secure? Are the statements as to the security of the two other rooms equally valid? No. You just know that the second room has GOT to be less secure. It doesn’t make sense that it could be as secure as the first.
You can (because you are a smart person) come up with ways to make the second situation less pathetic. You could:
- Teach the guard and the notary a secret language that no one else knows to make their messages more secure.
- Give the guard and the notary secure cel-phones.
- Put the notary up on a tower in the middle of the room where she can actually see everyone.
- Give the guard a gun.
- Give the notary binoculars with which she could examine workers who are far away.
- Create a set of rules which governs worker behavior and thus makes them easier to keep track of.
- Partition the workers so that there are small groups, and there’s a “sub notary” who reports to the notary hourly as to the state of each group.
- Reduce the number of workers to something the notary feels confident she can keep track of.
- Let the notary organize the workers in some way so that they are grouped better
- Level the warehouse and build an office tower with strong barriers between each floor. Give each floor both a guard and a notary, and put 1 worker on each floor. Have the guards and notaries report to a “master” guard and notary pair who live in the basement and who control, among other things, power, heating, light security, and fire control for every floor.
You will always have a trust problem when the notary is responsible for knowing everything that is going on in any respective room, and you have diminishing security returns in bigger rooms.
However, your warehouse tenants may really enjoy the warehouse, and they may have built up entire businesses around the ease of interaction and flexibility in the warehouse. If the notary is suddenly perceived as being a dictator and the guard her jack-booted thug, then the tenants in the second room may all leave….
TPM’s are guards; notaries provide “attestation”; the workers are SW; the buildings are computers.