On Wed, 6 Oct 2004 08:07:38 -0500, Todd Towles <[EMAIL PROTECTED]> wrote: > Why make more computer laws...when the current computer laws can not be > enforced correctl? We all know that the CAN-SPAM Act really cut the spam > out of our e-mails *sigh*
There is clearly allot of computer related crime that cannot be enforced, but this is not dissimilar from the physical crime that is carried out all over the world undetected (fights, drugs, fraud, (war?), you name it). The difference is scale (or is it really that different? maybe not). When a physical law is broken and it has been brought to the attention of the authorities they can prosecute because the law exists. Many physical offences also go unnoticed as with the digital world. If the laws don't exist in either world, then in both the result is the same -> you can't prosecute. While this law may not be a solution to the problem, it does mean that people can be prosecuted when they are found. It is clear that it is significantly easier to prove this law has been broken than it is to prove that an offence has been committed under older laws. This also includes the ability to target the developers as well as the middle men (distributors). > Then the INDUCE act will make half the stuff > in a normal person's house illegal. This should fall under "proper authorisation" and some companies may need to make changes to their software licenses and install routines in order to comply. > Making laws is just playing around...paper on top of paper doesn't stop > anything. It does put a significant brake on those who are prosecuted as a result of its existence. > It all falls back to the old saying - Action speaks louder > than words. Any proposals as to how it could be done properly, without breaching privacy laws? Should we be requesting ISP's to deny all addresses which are housing malware? could they ever afford to manage such a task? Should the government subsidise security systems? Again, could they afford to? What about the millions of ways around the protections, proxies, tunnels, bouncers, undiscovered regions, de-centralised connection mechanisms? This is a multinational issue and it is very true that one country can only regulate so much. The underlying infrastructure of the Internet (in particular its protocols and connectedness) is built to withstand outside influence (such as a connection orientated attack of the malware) and to successfully provide communication even in 'bad' scenarios, as a result it will always be subject to the ability for people to 'hide under' and 'go around' most of the technological challenges that are put in front of them, at very least in terms of communications. This means it is hard to fight this battle from the technology side unless you can impact a significant proportion of the world (like making changes to the functionality of a common operating system for example; but even this takes significant time to spread). Given the above, I suppose all I can say is "every little helps". _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
