Clean Needles for Hackers
scubacuda writes "Jon Lasser of the Register opines that we should "give up on the notion that computer security can be improved by putting more people in prison." He argues that a "harm reduction" approach (similar to that of "clean needle" campaign in the War on Drugs) might be more productive. If we, say, wrote in safer programming languages, used tools like Immunix's StackGuard, ProPolice, or OpenBSD 3.3, chroot and UML, we could reduce the damage a malicious hacker might do without damaging our civil liberities."
How does punishing people who commit crimes reduce our civil liberties?
Drug addition is a physical additiction. The idea of the needle exchange program is to prevent reduce the spread of a FATAL disease. The purpose of the laws against needles is to cut the use of drugs, but the drugs are still illegal.
Here, this guy is proposing something along the lines of eliminating car locks so that noone will be arrested for carrying burgulary tools.
Fight Spammers!
People who break into other people's computers are trespassing. This represents an initiation of force -- a "natual crime" if you will -- because there is an actual breach of property rights. There is no question whether it is just to take action against these people.
People who use or trade drugs, on the other hand, have initiated no force. There is no breach of property rights. Drug "crimes" represent, at best, a breach of government-mandated conformity -- an "artificial crime" if you will.
To compare the two is not only illogical, but dangerously misleading.
Firstly, I doubt this is entirely workable. There's too much unsecured legacy code that no one's going to want to rewrite.
But mainly, this is simply the wrong attitude. If someone breaks into your house, it is the burglar's fault. It isn't your fault for not surrounding your house with barbed wire and a pack of rabid dogs. While I agree that penalties for hackers are often overly harsh, that doesn't change the fact that they knowingly committed a crime of their own free will, and should be punished for it. Hackers are responsible for their own actions. It's that simple.
I find it disturbing the number of people that are posting saying things like "but these people break the law, so they deserve what they get".
Come on Americans, what's happened to you recently? Where's your spirit gone? The spirit of justice, fairness, freedom? Is it right that teenagers get sent to jail for "hacking" when the state of IT security is so poor? If your bank left sacks of money outside it's doors, when they got stolen by a couple of kids would you think it was the kids were guilty of a crime, or the bank?
In the old America, the kids would get a stern telling off and the bank manager would be accused of negligence. These days the kids would be looking at a long jail sentence, and the bank would be pressing the government to pass laws waiving them of any responsibility.
I'll give up my C compiler when they pry off the platters of my cold dead hard drive.
Seriously, the problem is not insecure systems. The problem is little fucknuts that think they have some god given right to violate my systems. There's really no comparison to be made with the war on drugs. It's much more like burglary. While the vast majority of these obnoxious little h4x0rs would never even think of robbing a bank or burglarizing a house, breaking into a computer is easy to rationalize because they don't see the damage that they're doing (and the odds of getting caught are low).
Solving the problem does not mean closing the security holes, although that should be done. Solving the problem means dipshits don't try to hack.
bance.net
Let's say a group of men are shipwrecked on an island and one runs out and picks all the fruit from the few life-sustaining trees on the island while the others tend to the wounded. He now insists he owns the fruit, and demands payment of all the tools and materials which washed up from the wreck, plus a year's labor from anyone who doesn't wish to starve. Consider also the case in which he doesn't pick the fruit, but runs out and finds all the fruit trees, blazes the trails to them, and carves his initials in them, then claims perpetual total ownership over the trees.
Now, let's say each person carries a Law Giver weapon, which is perfectly effective, but only when defending natural property. In these situations who will the weapon side with?
Territory - claimed, defended, and expanded by violence and threat of violence - is natural. Claiming territory can be an act of aggression against the common welfare. Property is territory formalized with artificial rules. Rules for transactions of existing property might be considered natural and simple, but rules for the origin of property are entirely arbitrary. No matter how far down the chain of "natural" voluntary transactions, it is anchored in and tainted by an artificial and arbitrary government decision about the allocation of natural capital.
This is how, "securing your property rights screws over somebody for the benefit of somebody else" is true. It's not all of the picture, but it's a significant part of it. Defending the fruitbaskets of the man who runs out and picks all the fruit before anyone else can get to it screws over those who would have picked it themselves. There isn't one man in ten who'd agree that a just government would give this opportunistic weasel exclusive rights to nature's bounty in this situation.
Government's core function is not to secure "natural property rights." It is to minimize violence by easing the pressures that promote it. A large part of this is encouraging stability and voluntary interactions, but it's not the only part. Government is a balancing act, a series of compromises, and couldn't work according to simple, inflexible rules.
Ok, so let me see if I got this right. Current (intensely clumsy) law enforcement deterrents are not working. So we should instead decriminalize hacking, and place the burden upon the victims to mitigate their vulnerability? How much more are you going to burden them than already is the case?
To me this is like responding to a rise in shootings by decriminalizing assault with intent to kill, and instead demanding that doctors and paramedics do a better job.
For your security, this post has been encrypted with ROT-13, twice.