Slashdot Mirror
Clean Needles for Hackers
scubacuda writes "Jon Lasser of the Register opines that we should "give up on the notion that computer security can be improved by putting more people in prison." He argues that a "harm reduction" approach (similar to that of "clean needle" campaign in the War on Drugs) might be more productive. If we, say, wrote in safer programming languages, used tools like Immunix's StackGuard, ProPolice, or OpenBSD 3.3, chroot and UML, we could reduce the damage a malicious hacker might do without damaging our civil liberities."
How does punishing people who commit crimes reduce our civil liberties?
So making people write good code isn't impacting people's civil liberties? Considering most of the developers I know, that'd put most of them out of work...
Drug addition is a physical additiction. The idea of the needle exchange program is to prevent reduce the spread of a FATAL disease. The purpose of the laws against needles is to cut the use of drugs, but the drugs are still illegal.
Here, this guy is proposing something along the lines of eliminating car locks so that noone will be arrested for carrying burgulary tools.
Fight Spammers!
Since when are we putting hackers behind bars just for hacking? We put people in jail for breaking the law, and usually first time convicted hackers just get probation. The only hackers we put in jail are repeat offenders or those whose crimes escalated into other higher crimes. If you root a banks server and send $100 million to your swiss bank account you're a bank robber, not a hacker. If you steal code, you're commiting an act of industrial espionage, not hacking. I think alot of people take the stance that if you commit a crime through a computer, it's just harmless hacking, and not worthy of jail time. Basically my point is there is a huge difference b/w DoSing some jerk on IRC and releasing the next big superworm that causes billion in damages and could possibly cost lives.are NOT the same thing. One thing is "hacking" (Cracking! Damnit.) the other is just being a criminal.
Everyone is entitled to their own opinion. It's just that yours is stupid.
People who break into other people's computers are trespassing. This represents an initiation of force -- a "natual crime" if you will -- because there is an actual breach of property rights. There is no question whether it is just to take action against these people.
People who use or trade drugs, on the other hand, have initiated no force. There is no breach of property rights. Drug "crimes" represent, at best, a breach of government-mandated conformity -- an "artificial crime" if you will.
To compare the two is not only illogical, but dangerously misleading.
Firstly, I doubt this is entirely workable. There's too much unsecured legacy code that no one's going to want to rewrite.
But mainly, this is simply the wrong attitude. If someone breaks into your house, it is the burglar's fault. It isn't your fault for not surrounding your house with barbed wire and a pack of rabid dogs. While I agree that penalties for hackers are often overly harsh, that doesn't change the fact that they knowingly committed a crime of their own free will, and should be punished for it. Hackers are responsible for their own actions. It's that simple.
They are talking about User Mode Linux, not the markup language. With a nick like that, I can see how you could make that mistake.
Everyone is entitled to their own opinion. It's just that yours is stupid.
They are talking about User Mode Linux, not Unified Markup Language. How ridiculous.
Everyone is entitled to their own opinion. It's just that yours is stupid.
The 'clean needle' approach basically involves making life easier for the criminal group (drug addicts) so that they don't need to commit so many troublesome crimes -- thus making life easier for everyone.
The approach advocated in the Register involves making life harder for the criminal group (hackers) so that they aren't able to commit troublesome crimes.
There is no similarity, and furthermore, while the 'clean needle' thing is hightly controversial and frequently shades into a program of government-subsidised drug abuse, writing software more securely is obviously beneficial and should be a no-brainer.
I therefore conclude, your honor, that the phrase 'clean needle' was only introduced because it's eyecatching -- perhaps because the original submitter was caught in a fringe eddy of the Really Rather Silly Field (RRSF) that usually surrounds The Register.
Whence? Hence. Whither? Thither.
This isn't about letting hackers go free. It's about making systems more secure without having to violate civil liberties by enforcing draconian security measures.
Or, to put it another way, alleviating a symptom (rampant hacking) of a problem (programs with security holes) by actually solving the problem (using safer programming methods to close the security holes) while still punishing those who continue to try to hack, who, with these lower-level holes closed, will have to resort to higher-visibility methods where they are easy to catch using ethical (i.e. strictly-reactive) methods of law enforcement, rather than violating the rights of 10,000 innocent people for the sake of catching a single wrongdoer.
I find it disturbing the number of people that are posting saying things like "but these people break the law, so they deserve what they get".
Come on Americans, what's happened to you recently? Where's your spirit gone? The spirit of justice, fairness, freedom? Is it right that teenagers get sent to jail for "hacking" when the state of IT security is so poor? If your bank left sacks of money outside it's doors, when they got stolen by a couple of kids would you think it was the kids were guilty of a crime, or the bank?
In the old America, the kids would get a stern telling off and the bank manager would be accused of negligence. These days the kids would be looking at a long jail sentence, and the bank would be pressing the government to pass laws waiving them of any responsibility.
This idea misunderstands things. It's widely and openly acknowledged that security can never be perfectly impenetrable. You therefore make security as best as you can, and make it illegal to breach security, and then punish breaches of security when you catch those responsible for them.
Where this all gets hazy and crazy is when people with wide-open systems can prosecute someone for "hacking" them when all they did was walk in through an open door. Open doors are good for public places; if you don't want your computer systems to be public, don't allow it. Put a lock on it. If someone breaks and enters, that's prosecutable. But that should be the line drawn.
What we need is for the law to say that an open door is good as an invitation, but that breaching a locked door with a sign on it that says Authorized Access and Use Only is a criminal offense -- the equivalent of tresspassing, breaking and entering, robbery, or destruction of property, as is appropriate to what actually takes place.
You see? You see? Your stupid minds! Stupid! Stupid!
Let's say a group of men are shipwrecked on an island and one runs out and picks all the fruit from the few life-sustaining trees on the island while the others tend to the wounded. He now insists he owns the fruit, and demands payment of all the tools and materials which washed up from the wreck, plus a year's labor from anyone who doesn't wish to starve. Consider also the case in which he doesn't pick the fruit, but runs out and finds all the fruit trees, blazes the trails to them, and carves his initials in them, then claims perpetual total ownership over the trees.
Now, let's say each person carries a Law Giver weapon, which is perfectly effective, but only when defending natural property. In these situations who will the weapon side with?
Territory - claimed, defended, and expanded by violence and threat of violence - is natural. Claiming territory can be an act of aggression against the common welfare. Property is territory formalized with artificial rules. Rules for transactions of existing property might be considered natural and simple, but rules for the origin of property are entirely arbitrary. No matter how far down the chain of "natural" voluntary transactions, it is anchored in and tainted by an artificial and arbitrary government decision about the allocation of natural capital.
This is how, "securing your property rights screws over somebody for the benefit of somebody else" is true. It's not all of the picture, but it's a significant part of it. Defending the fruitbaskets of the man who runs out and picks all the fruit before anyone else can get to it screws over those who would have picked it themselves. There isn't one man in ten who'd agree that a just government would give this opportunistic weasel exclusive rights to nature's bounty in this situation.
Government's core function is not to secure "natural property rights." It is to minimize violence by easing the pressures that promote it. A large part of this is encouraging stability and voluntary interactions, but it's not the only part. Government is a balancing act, a series of compromises, and couldn't work according to simple, inflexible rules.
Ok, so let me see if I got this right. Current (intensely clumsy) law enforcement deterrents are not working. So we should instead decriminalize hacking, and place the burden upon the victims to mitigate their vulnerability? How much more are you going to burden them than already is the case?
To me this is like responding to a rise in shootings by decriminalizing assault with intent to kill, and instead demanding that doctors and paramedics do a better job.
For your security, this post has been encrypted with ROT-13, twice.