Slashdot Mirror
Microsoft Calls Viruses "Industrial Terrorism"
evenprime writes: "John Ashcroft wants congress to
declare computer crimes to be terrorism, and now
it looks like microsoft is trying to jump on the
bandwagon. In a recent column discussing microsoft's
new
STPP security program, microsoft's Michael Lane
Thomas stated that destructive viruses should be recognized
as acts of 'industrial terrorism.' Sounds like microsoft's
future security plans may depend more on legislation than
on code audits."
Patriot ACT, USA ACT, ATA:
I know everyone has read and knows something about these bills, but here is a break down of what they mean in terms of things like computer crime and vandalism...
(a) Our Constitution gaurantees "due process" to all PERSONS, not all CITIZENS, meaning that immigrants may also enjoy these rights. However, under these acts, immigrants can be held on suspiscion of potential crime (ridiculous!). The Senate Bill allows for indefinite jail time without due process...
(b) These new laws broaden the definition of Terrorism to include things that include vandilism, computer crime, and (un)civil disobedience. There already exist laws that broadly define terrorism, and flying planes into buildings filled with thousands of innocent people meets those requirements. Marching in a demonstration is not terrorism, throwing a brick through a starbucks window is vandalism and property damage not terrorism, and hacking a website is not terrorism, (it is vandalism!). Also, under terrorism laws, people who harbor terrorists, or give terrorists advice can also be tried as terrorists! If you stay on my couch and then throw a brick at starbucks the next day, I am a terrorist. If I post a security weakness in Microsoft web servers on my website to warn people, and some kid uses the info to hack into someone's site, I am a terrorist!
(c) The laws give the FBI new powers to wiretap and read emails without a warrant. They can also read e-mails and URLS. If I want to read news about Bombs and Terrorists on google, and I type in "Bombs" and "Terrorists" into the field, that is all the FBI needs to suspect me of crime and set up a phone tap or a Carnivore search on me. The FBI is supposed to only be able to know where an email comes from and where it is going. They are supposed to only read the "To:" and "From:" fields of the e-mails, but how can you look at the header of an e-mail and not happen to glance at the "Subject:" line? Basically, that is what is happening in these laws and with Carnivore. ISP's have to install it on their servers. It is like a black box, no one can monitor what the FBI is doing or reading!
THESE LAWS ARE UNECESSARY FOR COMBATING TERRORISM! CURRENT LAWS ARE SUFFICIENT! WHY IS THE FBI, CIA, AND JUSTICE DEPARTMENT DOING THIS?
Resources:
But at a time when the word terrorism has an exceptionally heavy load of connotations and emotional overtones, when our government has declared a formal war on its existence, it is irresponsible in typical, egomaniacal Microsoft fashion to choose that term to describe a kind of mischief (and I'm sorry but all the recent worms and virii are mere mischief compared to, oh, I don't know, say crashing a plane into a building full of people) that it is universally recognized they and their customers make themselves unecessarily vulnerable to.
It Is the Nature of Information to Transgress Artificial Boundaries
Teenage script kiddie finds gaping hole in Outlook. SK writes virus to exploit it. Microsoft blames the government for not stopping it.
Microsoft is starting to get scared of this "System Admin or Microsoft?" blame game so they figure if they add the Government into it, there's only a 1 in 3 chance that they're liable. They just need another way to avoid the accusations that their software is insecure. The next Nimda/Code Red/Melissa/whatever attack Microsoft can sit back and yell at the government for not stopping it, rather than take the responsibility of patching their software.
There is no reasonable defense against an idiot with an agenda
:wq
It seems kind of new-speak to me. After all, viruses and exploits don't cause terror. I mean, sure it could be considered a crime but it's not like people are hoarding water and cipro because they're afraid of nimda.
You're going to leave it up to the *politicians* to discriminate between white hat and black hat, good and bad viruses? Thanks but no thanks, I'd rather have no legislation at all, and us techies can sort it out. Once you let politicians into the mix, all of a sudden campaign donators are the ones consistently making "good" viruses, while political enemies are the ones making "bad" viruses.
It's 10 PM. Do you know if you're un-American?
... is that it's undefined. It literally means whatever the politicians want it to mean. It's being co-opted as "anything I don't like, perpetrated by someone I don't like," and Microsoft doesn't like VB and IIS viruses because they might eventually be bad for business.
Religion is the opiate of the masses. The wealthy smoke the real stuff.
By your logic, the airlines are the cause of the terrorists crashing their planes into buildings. While there are things they could have done to help prevent it, and in fact they are things they SHOULD have done to prevent the tragic happenings of 9/11, we are shoring them up with taxpayer money so that they don't have to lay several thousand people off, and perhaps go under.
I have no idea if we'd do the same for microsoft. Probably not, in light of the DOJ's continuing (but limping) crusade against them. At another time? Probably.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
A two-word problem with allowing "white hat" viruses: "Unintended Effects". Do you think no well-intentioned "white hat" will ever create a serious problem that s/he never foresaw?
I find it more likely that if viruses are called acts of terrorism, MS will accuse security companies of aiding and providing information to terrorists with security alerts exposing backdoors and other security holes.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
No, there really isn't much that makes sense about this. You think virus writers should face prison time? Guess what, they already do, at least in the U.S. (and if they use them to infect a machine-- if they simply write one and don't release it into the wild, they certainly should NOT be prosecuted). We already have plenty of laws to land computer criminals in jail, and many have already been convicted and are currently serving time.
/. story isn't about some bill that would make virus writing a crime. At the risk of being on topic, I'll point out that the story is actually about MS taking advantage of the terrorism scare to make releasing a virus disproportionately penalized. There is additional leeway provided to law enforcement when dealing with things classified as terrorism, and the minimum penalties on conviction go way up. Some stupid script kiddie who accidentally writes and runs something on his own box, which then gets into the wild, could face life in prison if this trend continues.
The
Finally, I'd like to point out this statement by Thomas:
"As long as the spirit of innovation is preserved and destructive viruses are recognized as industrial terrorism, Microsoft will continue to provide revolutionary ideas.". That's the best case I've seen against this idea so far! I think he's saying that if destructive viruses aren't recognized as industrial terrorism, MS will stop making products. If anything can rouse the geeks to action, this has to be it.
I can honestly see how this might be plausible: a great number of people are affected, money is lost and potential property is damaged or stolen. These are the sorts of things that constitute terrorism. They even share a goal of terrorism: fear and confusion. However I think that it is not actually terrorism.
It is significant that Microsoft has invented the term, "industrial terrorism". There is a reason that terrorism hasn't been refered to in the context of industry: it can't be, that's not what it is.
That doesn't mean that computer viruses aren't crime of course. But considering what existing laws are doing to virus writers and even suspect virus writers there isn't a need for stronger punishment.
I can't spell or type, but that doesn't mean I'm unusually stupid.
Michael Lane Thomas write in his article:
Give me a break. The implication that IIS is a jet plane while Apache is a bus is just a little over the top. How about a better analogy: ABC Airlines and XYZ Airlines each have their own security philosophies and implementations (not true, but the airline industry isn't exactly like the web server market, after all). Terrorists analyzed and subverted ABC's security methods, but were unable to subvert XYZ's. Gartner recommends fliers switch to XYZ until ABC gets its act together.
Is this a victory for terrorists?
--
What do you mean they cut the power? How can they cut the power, man? They're animals!
If you call it a virus, then you have to deal with it yourself. Microsoft has repeatedly shown an inability to handle such things. If you call it terrorism, it's the government's responsibility.
No, Microsoft can't transfer all responsibility to the government simply by pushing to get viruses classed as terrorism. Theft is a crime, and the government is responsible for enforcing laws that forbid it, but that hasn't stopped companies and individuals from employing security guards, locks, car alarms, etc. Think about it; suppose you're putting some of your stuff in storage. There's a convenient storage place nearby, but you know they have a history of breakins. Are you going to be reassured that theft is illegal, and the government is responsible to find and punish the criminals, or are you going to look for some place with better security measures?
The heart has reasons that reason does not understand. - Jacques Bènigne Bossuet
Crashing planes into buildings, yes, that scared the daylights out of me. Having data I'm diligent about backing up erased off my hard drive, that hardly measures up.
If not now, when?
Consider these two scenarios:
1) Your wife and son are sitting in front of a cafe having lunch. You head to an ATM to get some cash to pay for lunch. A car bomb blows up in front of the cafe killing your wife and son.
2) Your wife and son are sitting in front of a cafe having lunch. You head to an ATM to get some cash to pay for lunch. A hacker has somehow managed to steal all of the money from your checking account.
Only one of these scenarios inspires terror. Legislators and business persons need to maintain a sense of perspective here. Hacking does not by itself terrify.
It is honestly shameful that corporations are playing off the fears of the public brought on by 9/11 to promote their own political agendas. By equating hacking with terrorism, they belittle the event.
Who was responsible for security on their ariplanes? The airlines. Who skimped on security because it was too expensive? The airlines. Who lobbied Congress to prevent governmental mandates that would have required greater security? The airlines.
In case you hadn't noticed, they have already laid of several thousand people - tens of thousands, actually. In a capitalistic economy, if you can't find enough customers, your business goes under.
I believe that the airlines negligently contributed to the tragedies of 9/11. They didn't pull the trigger, so to speak, but they left a loaded gun where the bad guys could find it.
In the same vein, Microsoft is guilty of negligence in the design of their OS and applications. They have created products whose purpose is to be connected to the National Information Infrastructure. They have cut costs, in part, by ignoring security issues.
What, exactly, is "industrial terrorism", anyway? Can corporations be "terrorized"? Is this the same thing as "terrorizing" ("causing to become terrified"?) a civilian population?
Any sufficiently well-organized community is indistinguishable from Government.
Lets remind ourselves what the word actually means. Merriam Webster defines it as the systematic use of terror especially as a means of coercion , and the pertinent definition of terror it gives is violence (as bombing) committed by groups in order to intimidate a population or government into granting their demands [insurrection and revolutionary terror]
Computer viruses are of course nowhere near this. But since there will now be special rules for "terrorism", it is not surprising to see everyone scrambling to get classified as a terrorist victim. We've seen it before with people trying to get classified as disaster victims, minority members, or any other form of state sanctioned victimhood. It's just how people are.
The pressure will be to get every form of non trivial crime defined as terrorism, and morally equal to killing 7000 people with hijacked airplanes.
Instead of posting virulently on Slashdot, did anyone email the author(mlthomas@microsoft.com) of the "Industrial terrorism" article?
This is probably the most tasteless attempt to use the September 11th events to further an agenda I've seen yet.
It's things like this that cause people to hate capitalism - a government that is created to ensure that corporations continually meet the bottom line, doling out social services when it is convinient.
George Bush has talked strong on stamping out terrorism in all its forms throughout the world, but wasn't it just a few days ago that some court or another upheld the right of the KKK to march?
If it's okay to bomb Afghanistan for hosting Bin Laden, why can't we jail the Klan, who have killed more innocent (blacks) than Bin Laden or his "terrorist organization" could ever hope to.
The US claim to enforce human rights all over the planet. However there seems to be a blind spot.
DoJ analysis of the Anti-Terrorism Act:
"This retroactivity provision ensures that no limitation period will bar the prosecution of crimes committed in connection with the September 11, 2001 terrorist attacks. The constitutionality of such retroactive applications of changes in statutes of limitations is well-settled."
Declaration of human rights, Article 11.2:
No one shall be held guilty of any penal offence on account of any act or omission which did not constitute a penal offence, under national or international law, at the time when it was committed. Nor shall a heavier penalty be imposed than the one that was applicable at the time the penal offence was committed.
If you have a pool in a fenced-in backyard, and some kid climbs over your fence and drowns, you can bet your ass you're responsible. It's called an "attractive nuisance." Now, one could argue that hole-y software is a attractive nuisance to script kiddies...
Ceci n'est pas un sig
In most Microsoft EULAs, it states you can't give the software to nations or individuals involved in making atomic, bacteriological, or chemical weapons.
Do they mean *besides* the US?
-This sig intentionally left blank
Newspeak like this shouldn't be tolerated.
People in the WTC had a reasonable expectation that a 767 wouldn't land there. It's not normal for an airplane to crash into a skyscraper. It had been many years since the last time it had happened. (B25 into Empire State Building, maybe?) It probably won't happen again for a very long time. They people in WTC were unconsenting victims.
People who use MS Outlook, or run potentially overflowable servers with full privledges, do not have a reasonable expectation of being free of attacks. It is normal for Outlook to execute viruses. It is normal for Windows to load and execute code on removable media by merely inserting media. It happens all the time. It will happen again. People who catch Outlook viruses are consenting victims, making them not victims at all. They are simply unwise.
If you know that you are a sitting duck, and you can trivially do something about it, then when the duck gets shot, the shooter is not a terrorist. He is merely a teacher and fulfiller of destiny.
The hijackings were pulled off with the use of box cutters, or similar small-bladed instruments, which were permitted under general security rules at almost every airport. I doubt you could have found very many people who would have thought they should be banned, pre-9/11. No one thought such a thing was possible.
it shows that you do not travel internationally very much. if you did, you would know that airport security in the USofA is about the most lax in the world. go to europe, the middle east or asia and you will see how much tougher it is to get anything like 'mere' box cutters or other implements on board. these other countries DID think those kinds of things were possible and have for some time been prepared for such events. they have tougher regulations for their airlines and it shows.
check out my comic: Essential Tremors
The New American Buzzword (sarcasm folks)
I don't like football. Football is terrorism.
Smoking is bad for people's health. Smoking is terrorism.
Stealing is wrong. Stealing is terrorism.
I dislike the winter. Winter is terrorism.
I ate a burger yesterday, and it tasted horrible. It was pure terrorism.
Racism is nothing more than terrorism.
Ford Explorers plus Firestone tires are nothing more than terrorism.
Hippies? Sheesh! They are terrorism born flesh.
P2P filesharing hurts our bottom line. Napster is terrorism.
Them peoples over in the middle east... yeah, they are different, and I don't like it. The only explanation is that they are terrorists.
Sooner or later, running red lights and other traffic violations will be equated with terrorism. Not long after that, the latest type of music popular amongst teens will be branded terrorism, just because the older generation dislikes it.
Reminds me of Object-Oriented Programming in the 90s. EVERYTHING IS AN OBJECT. Well now, EVERYTHING IS TERRORISM!