Slashdot Mirror
Reno Proposes Global Anti-Cybercrime Network
Mr. T writes "According to this story, Janet Reno has proposed the formation of LawNet, a global network to fight computer crime. One major issue would involve overcoming jurisdictional questions - where do you prosecute?" Personally, I wish the government would spend less time trying to crack down on miscreants and more time educating the public. Prevention starts at the end-user, Janet!
Just like governments the world over the US is trying to tackle the symptoms of the problem rather than the causes. It's not just computer crime either, how many governments try to educate drivers rather than impose rediculous blanket speed limits. They are simply doing something for the sake of being seen to do something. This way is cheaper, quicker and easier, but utterly pointless. Think of it as a cold cure remedy, makes you feel better but does nothing to get rid of the cold!
'Eagles may fly but a weasle will never be sucked into a jet engine'
Stealing a rhinoceros should not be attempted lightly.
She is about to lose all the positive Karma she gained as a MS buster, by fighting against what the, according to most, what US stands, for. It is called Freedom.
Reno said LawNet would also need to focus on privacy issues, protecting consumers from invasions like the CD Universe extortion case.
To protect us ? Isn't there quite a lot of crime in the real world, the real world, that is within the jurisdiction of the police force ? Doesn't few instance of crime on the internet pale in comparison ?
Tell us the truth, Janet, Is this LawNet newspeak for Thought Police ?
$5 says lawnet.* get's dos'ed within the first week of service.
At first there are things that are considered computer crime in one country and are not in another. A typical example is reverse engineering which is treated differently in almost any country. There is no single rule of thumb about it.
Also, even for things that are considered to be crime everywhere, there is no real definition of computer crime usable for prosecution. If you cut out financial crime, copyright violation, p0rn, prostitution, etc there is only cracking and hacking left.
These:
1. Are not subject to prosecution in many countries as a computer related offence (they are quite often handled as petty crime, destruction of property, etc).
2. Even in countries with explicit computer related laws the same case may be treated very differently.
So this utterly pointless exercise has:
1. Very small scope
2. Very small common ground and common interest to start with.
Its only common interest may be the attempt to gain cheap political divididends...
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
An FBI survey of Fortune 500 companies found 62 percent reported computer security breaches during the past year, [Reno] said.
Reno said LawNet would also need to focus on privacy issues, protecting consumers from invasions like the CD Universe extortion case.
And finally, my favorite... if anyone is willing to explain to me what is meant by this, please do so:
"It is perhaps not Big Brother we should be worried about, but big browser," said New York Attorney General Eliot Spitzer. "We need to be fearful that the aggregation of information, if it is misused, is very terrifying."
--
Does this mean protecting or privacy, or doing away with it as LawNet sees fit? I'm sorry, I see this in a very strong Orwellian light. Notice how the article emphasized one (totalitarian) law enforcement agency. Integration means less choices, bar none...
I've always considered most things online to be intellectual in nature, rather than physical (barring E-Commerce sites, etc., of course) and what I'm afraid of is this huge law enforcement agency can define cybercrime any way it wants to - will this extend past what we know to be illegal into...thoughtcrime?
--------
Oscarfish.com: tropical fish with attitude. Way t
The internet is going to be a pervasive part of human society in the coming years---and as with all things some very undesirable elements will come in.
We *will* need protection against those elements and that protection has to be global in nature as is the internet.
But who watches the watchers and what is their morality? Every human belongs to a nation first and the global community second. How do we assure ourselves that the watchers will act in the best interests of us all...and not their country? Not themselves?
We need definitive answers to those questions before anything of this nature is attempted...
Doesn't the Interpol already offer this kind of coordination-between-authorities thing?
But: coordination and information exchange between authorities via a dedicated network does not cut down crime. In the modern society, wherever there's money or other goods of high value, there is crime. It just is like that, because nobody does anything to change the basic bad architechture of the whole system. Some people have a hard time staying alive, or they feel that the society they live in has not given them anything, so they resort to crime. High crime rates or very full jails are an indication that people do not feel well.
Some silly "LawNet" does not make people feel better. They can't eat it, they can't live in it, it doesn't keep them warm and it can't be drank.
They mean evil DeCSS "pirates" and reverse engineers, shrinkwrap license breakers, and crypto exporters. They mean those who provide security information that they'd rather was kept obscure. They mean software patent violators, Napster providers, Xenu $cientology mirrors, anonymous proxies and mail systems, and people who provide ways around filtering proxies. Basically, they mean to act to bolster their power against most everything that Slashdot holds dear.
I'd like to believe I'm being paranoid about this, but they've never given me a reason to feel otherwise. If they'd prefer that I was less paranoid, perhaps they should hold off legislation (eg UCITA) making things like the above more illegal. It would also help if they didn't pass legislation legitimising genuinely odious practices like spam.
I'd be happier, I think, if I could believe they were doing this to make us all safer, but I'm afraid that possibility doesn't move the meter from 0 on the credibilityometer.
--
Xenu loves you!
error 'ASP 0113'
Script timed out
/news/355783.asp
The maximum amount of time for a script to execute was exceeded. You can change this limit by specifying a new value for the property Server.ScriptTimeOut or by changing the value in the IIS administration tools.
Ayway, you guys have fun with your little totalitarian state. Those of you who can, relocate ASAP (Rob and Jeff, the Caribbean is always a good choice...); those who can't, prepare to forget the meaning of freedom in the coming years. Me, I'm in Brazil, which is not exactly the freest of countries either, but just in case anybody tries to bother me, I'm going back into my bunker and get my shotgun - it might turn out to be useful after all...
To the editors: your English is as bad as your Perl. Please go back to grade school.
It is the lack of jurisdiction of national governments and legislatures on the Internet that has resulted in this single most free environment on the planet.
Not surprisingly, their lack of direct control over it has got them scared shitless --- just imagine, too much of this and the little people might get the idea that their "leaders" perform no useful function in the offline world either.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
I mean, look what happens when cell phones fall into the hands of *Drug Dealers*. Plus, many men are using telephones with the intention of *getting women to have sex with them*. People *swear* on telephones, and talk about *bad things they shouldn't. Telephones are polluting the minds of our sons and daughters, something has to be done.
Life's a bitch but somebody's gotta do it.
While we readers on slashdot feel some connection with illicit hackers, even if we personally deteste the thought of cracking into someone's box it will eventually become necessery to have serious law enforcement power to protect our machines. Sure most hackers are doing it just to see if it can be done or for the fun of it this doesn't mean there aren't malicious hackers out there. With the growth ofthe internet and the increasing commercialization *real* computer crime won't be far behind. Already we have seen examples of organized crime moving in on the action.
The easy anonimity and facelessness of the crimes opens up the doors for criminal activity on a massive scale. While it might be slightly interesting that 300,000 credit cards were recently stolen when this escalates it will become a serious problem.
Can prevention stop this problem? Experience says no. Even big companies with expert know-how get hacked not to mention the huge difficulty getting the masses to routinely upgrade their personal computers (which will probably have permanent connections within ten years).
Can current law enforcement adequatly deal with this problem? Probably not. If I route my attack through 10 countries (which would be easy enough to do) it would take reams and reams of paper work to get the necessery warrents for all ten countries to track me down. If this is happening on a widespread scale the government could not cope.
I will mourn the free-wheeling days of the internet but like the coyboys in the old west the needs of civilazation must necesserily squash the independent gunslinging culture of the internet. (Yes gun sligning...sheriffs on the net are few and far between people are left to secure their own hardware and match their skill vs. that of the hacker).
P.S. I used hacker intentionally here so please no "use cracker" posts. It is a lost cause the rest of the nation has already adopted the new vocabulary. Besides its just a word why do you care?
Marriage is the "pseudo-ethics" that cloaks the messy truth of sexuality in the raiment of propriety -- it's "Don't Ask,
Separate the rhetoric from the substance and all you find is the usual legal travesty: the global controls will limit what the ordinary man can do, not the outlaw who can and does ignore the laws with impunity.
The only "undesirable element" that will get curbed by this is the freedom of the people. But then, it has always been the goal of those in power to put a firm cap on that. No change.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
It is great to spout on like that but nothing is really being said. This is obviously not a global thing until the global community can decide on what is legal and what is not. After that the next thing to decide is how best to safeguard ourselves from crime. And lastly, how to catch and convict criminals.
The porn issue has been discussed elsewhere, but in brief if a site is hosted in a country that has liberal censorship then no crime is being commited by the site host and America has to re-think its own attitude to these issues rather than try and tell other people how they should live.
The CD Universe issue is a red herring as extorsion is a crime in any country and as Max appears to be Russian I would think that the authorities should help the Russians catch him and let him get prosecuted and sentenced under Russian law (not nice).
The greatest problem is one of letting go. It is just like bringing up a child. When the child reaches a certain age you have to let go. It is really hard to release your control and let the child take control of its own life, but you have to do it.
If you are a good parent you will have taught your child what to look out for, and how best to protect his/her self. Has anyone seen any gov/aol/msn advice on how users should protect themselves? Can you imagine MSN telling people they should not use Win98 online as it has very weak security?
Catching the criminals is not as hard as it sounds. Remember the Melissa virus? Other techniques can be used to track traffic etc. but, as with all crime a proportion of criminals will get away with it. The biggest step here is to learn to concede jurisdiction to the relevant authority. The FBI are not going to find it easy playing a subordinate role to the Russians if they want to catch Max. So Max will probably get away with it thanks to a childish power struggle.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
How is this a privacy issue? Consumers gave their CC#s to CD Universe to obtain services from them. Maybe a retailer that sent you CDs for free is indeed a great idea, but it's probably not much of a viable business plan.
The only problem with CD Universe is that they were cracked.
That they were then blackmailed is no great issue since there are already perfectly adequate non-Internet-related anti-blackmail laws.
According to The Register the crack was caused by a hole in NetVerify. Personally it seems to me that credit card processor connection software like ICVerify's actually does very little for what it costs and it would be a Really Good Thing if it could be replaced by free software, for security reasons as well as lowering the cost of entry to e-commerce.
Anyway, haven't we already got pretty good information exchange on the computer security front without LawNet's help? If law enforcement isn't currently reading the likes of CERT advisories, that's it's own stupid fault IMHO.
--
This comment was brought to you by And Clover.
Don't protect my system for me, thats my job. People are afraid of having their credit cards stolen from ecommerce, don't use it. Don't want our children seeing the 'vile filth' of the world? Use filters, moderate what they see and when they can see it, and don't dare come to me when your kids won't listen to you anymore because you kept them in such a sheltered life. By controlling peoples technology, what do we have? more ebullshit.com of everything, and more lawsuits. A waste of money on an open battle field in which (i hope) the government will lose. Computer crimes result because of someone who is smart enough to figure out where someone else didn't do their job. Which frightens and/or repulses YOU more? Walking the streets seeing the homeless, the drug dealers, the possible rapist or theif. Or the computer gurus?
At first I didn't see any harm or problem with LawNet as long as it boiled down to an agreement between countries to assist in tracking down internet based crime. This would mean that if the appropriate level of law enforcement in the US contacted the appropriate level of law enforcement in some other country a channel would be cleared for the rapid finding of facts, gathering of evidence and so on. Then I started thinking of the current state of extradition between countries. Extradition has been denied in serious crimes against people such as kidnapping or murder. The chances of any real cooperation in light of this would appear to be nil.
Second of all as far as the government goes for protecting privacy in actuallity it is against privacy, or at least against meaningful privacy. If they were in favour of privacy there would be no encryption restrictions, or if there were encryption restrictions it would be against snake oil encryption. My bet is that this stance won't change until the lack of strong encryption enables a third party to intercept and decode a message which from the governments point of view should have been kept private. Either that or perhaps a real war where letters exchanged with people back home might be intercepted and reveal information valuable to the enemy.
At the end of 98 a group did a bulk scan of most of the internet for 18 common remotely exploitable security vulnerabilities. Here is a summary:
That's at least 450,000 vulnerable (read: r00table) hosts. Also remember that one vulnerable host if often enough to allow compromise of a whole network of machines. There is no reason for any machines to show up in this scan. Fixes are available.I leave it as an exercise for the reader to work out what people should be doing before setting up a "global, round-the-clock anti-cybercrime network". I fear that it might take a few more CDuniverses to shock business into taking security seriously.
Details are here: The Internet Auditing Project - It's actually quite an interesting read. Also features details on how one of thier highly secure linux boxes was cracked with an amazing super-crack. This is a good example of how one cracked host and bring down other secure machines.
--
Simon
Personally, I wish the government would spend less time trying to crack down on miscreants and more time educating the public. Prevention starts at he end-user, Janet!
.45 and you would have been secure against that exploit.' ?
This statement annoys me to no end. So many people on this site are completely against the end 'User' protecting themselves from conventional crime, yet expect them to completely secure themselves from all harm when it comes to the 'net and their PC.
How would you feel if you got mugged and the response by the people you talked to was nothing but 'Well, you should have downloaded the easily available patch Remington
Either it is the end users job to protect themselves from everything or nothing. I vote for Everything.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
I assume that you're referring to firearms control?
If so, there's a problem with your analogy -- software patches are free, and weapons are not.
If all levels of weaponry were free, and none of them could be used for evil purposes, then your analogy would hold.
However, weapons are not free, and they CAN be used for evil purposes -- unlike software patches.
Ever accidentally patched your TCP/IP stack with a SCSI patch? I thought not. Ever missed a target with a bullet? I thought so.
This doesn't mean that your underlying point is equally flawed, but you'll need to elaborate on it a bit more . . .
first, not all software is free. Second, it is much easier to learn how to use a gun than learn how to effectively patch every security hole in your system. Most people who own computers don't have time to spend cruising BugTraq and downloading patches to keep their system secure up to the minute, if they did that they would never get anything else done on their system.
Patches CAN screw up a system, one of the patches for my V3 screwed my sound card up, requiring me to get a second patch for my sound card, the V3 patch also screwed up my DVD player, which had no patch available, so no more DVD capability on my PC. No big deal to me, but still annoying.
Anyways, I'm drifting from my point...
My first POINT is that if the meatspace cops can't protect me from some back alley mugger then why should we expect these guys to protect us from crackers? And my SECOND point is, since the government can't protect the average user, how is the average use supposed to secure their system?
Hopefully that isn't too muddled.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
I can't hold a conversation with an AC; anyone nameful care to raise the issue?
--
Xenu loves you!
You know, of all the articles to post to, with such a defeatists attitude, one on civil liberties should be the last.
There is a difference between hacker and cracker. It's not just a word, any more so than nigger, faggot, heeb or any other slurr. It has a meaning, given to it a long time ago.
The definition of 'hacker' is quite elusive, but as such it gives us a sense of searching for identity - like any emerging culture. 'Cracker' OTOH is well defined and there are few who misunderstand it north of the Mason-Dixon line.
'Hacker' hails from doing things roughly, as with an axe or hack-saw. It suggests solving problems in the 'ad-hoc' style. (Contrast with 'Engineer', as few engineers see themselves as hackers and few hackers are formally schooled to be engineers) Over time, the definition evolved to imply a certain virtuosity to the method of problem solving - hence a hacker is a talented programmer.
The idea is an immortal virus. For so long as one person holds true to the definition of a word, and makes a point of educating the 'differently-informed', the idea lives, and the history of the word, and whence it came, is carried on.
'Communist' and 'socialist' are just words. Too few people stand up for what they really mean. The 'reat of the nation' has the incorrect connotation, and the misconception just gets deeper. If I were to claim to be a communist in the middle of town square, it would get the undesired sort of attention.
Freedom is a word, yet people have fought, killed and died for it over centuries. Liberty and privacy are just words. If you're so willing to give up on 'hacker', then why even take part in a discussion on 'privacy'. Let someone else (i.e. the Federal Gummint) define it for you.
I know that this is being very dramatic, but a bit of drama is needed IMO. As soon as you let someone who is uninformed define who you are, you cease to be yourself. If the general population is steered to see 'hacker' as nefarious, then they will regard hackers with fear and suspicion. Most of us don't warrant that attitude. This is why we keep on fighting for that label, for the clean reputation of the term we use to describe ourselves.
If the rest of the nation adopts the idea of abortion as a valid means of chosing the gender of a child, would that suddenly make it ok to do so?
What's more, with AOL TW in charge of the 'big picture', if it seems that the rest of the nation has accepted something, does that mean that they really did?
-- What you do today will cost you a day of your life.
just the facts ma'am ;)
_________________________
So, what color is the sky on your home planet?
Just pointing out the daftness of the Reno quote - this still has nothing to do with on-line privacy. Which is an issue, just not one that could be resolved by LawNet as described in the article.
It certainly does. But no more than in any other, non-e-commercy case, I'd have thought. But then I am British and don't 'get' how US state law works.
Of course in this case the cracker was not so much in Michigan as in Russia. So unless the 'international agents' mentioned were in fact hitmen there's probably not that much LawNet can do about it. :-)
--
This comment was brought to you by And Clover.