On Mon, 22 May 2000, Gary Flynn wrote:
> > > Ah, but that's part of the point. If it's a remote attack, how do you
> > > know who the suspected perp. is? Do we *really* need to make everything
> > > into a criminal case?
>
> With online voting, banking, and stock trades involved not to mention
> industrial secrets, academic research, and plain old service
> availability, do we have much choice when we're talking about a
> series of compromised systems?
*Absolutely*. If _everything_ is a case, we'll clog down the system and
end up with legislative "cures" for that which will be terrible.
I've LARTed my fair share of lusers locally and remotely. Every local one
resulted in the termination of the offensive behaviour. I didn't need to
add stuff to the local policies, get HR involved, or anything. That
doesn't cost tax money, doesn't create a new criminal class, doesn't
outlaw certain software, and doesn't create broad privacy-invading powers.
The problem with turning everything into a serious event is that nobody
takes *any* of the events seriously. It's like speed enforcement in the
US- over 90% of accidents are caused by the fastest and slowest 10% of
drivers, but ticketing is at the whim of the enforcer for almost every
jurisdiction. Making everyone a potential criminal, then targeting who
gets busted for it seems inately wrong to me, and I think we're starting
to slide down that slippery slope. Ever seen a line of cars pulled over
for going too slow? If around half of the accidents are caused by or due
to slow drivers, why doesn't that happen? Selective enforcement by law
enforcement is a bad thing, and I worry about spending a lot of money on
"law enforcers" who's sole job is to sit on the side of the road
selectively generating revenue when there are real bad guys out there
shooting people. After-the-fact clean-up is still *bad*.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
