Skip to content

CONCEPT Cited by 1 source

Point-checking controls

Definition

Point-checking controls is the traditional approach to enforcing privacy or access constraints at a single point of data processing:

  • Code assetsif statements in the code that reads or writes the data ("can this caller use this data?").
  • Data assets — access control lists (ACLs) on datasets in data systems ("is this consumer allowed to read this table?").

Named in the 2024-08-31 Meta PAI post as the primitive Meta moved away from when its purpose limitation requirements started crossing dozens of systems.

Why it fails at hyperscale

From the post:

  • Fragile under code churn"requires frequent and exhaustive code audits to ensure the continuous validity of these controls, especially as the codebase evolves." Every code change may silently bypass a check.
  • Forces physical data separation — ACLs for different purposes require "the physical separation of data into distinct assets to ensure each maintains a single purpose." Explodes storage/cache cost when the same underlying data serves multiple purposes.
  • Doesn't compose across systems — when a consumer reads from A and writes to B, point-checks must be coordinated across assets, which "can become operationally unviable" under Meta's "complex propagation requirements and permissions models."
  • Augmentation with data lineage helps but still requires auditing many individual assets.

Relationship to IFC

Point-checking is Meta's named prior approach; IFC (via Policy Zones) is the successor. Meta does NOT deprecate point-checking entirely — in 2024, "For some systems that don't have Policy Zones integrated yet, the point checking control is still used." Point-checking is the bridge during multi-year Policy Zones rollout.

Seen in

Last updated · 319 distilled / 1,201 read