Slashdot Mirror
Clean Needles for Hackers
scubacuda writes "Jon Lasser of the Register opines that we should "give up on the notion that computer security can be improved by putting more people in prison." He argues that a "harm reduction" approach (similar to that of "clean needle" campaign in the War on Drugs) might be more productive. If we, say, wrote in safer programming languages, used tools like Immunix's StackGuard, ProPolice, or OpenBSD 3.3, chroot and UML, we could reduce the damage a malicious hacker might do without damaging our civil liberities."
How does punishing people who commit crimes reduce our civil liberties?
It depends on what is defined as a crime, and what the punishment is.
Law is all about drawing lines - what is acceptable and what isn't. At what point does a particular act become unacceptable. If, for instance, saying things that were "unamerican" became a crime, then that would clearly be a reduction in our civil liberties.
The focus should be on preventing crime in the first place, not punishing someone after the fact.
Spending $10k to have someone go to AA to treat his alcoholism is a whole lot less than the $40k/year when he's in jail after beating his wife in a drunken rage, no?
Same idea here. You prevent the ability to commit a crime, and it can't happen (or the results are less severe). If you let them happen, you often times get an overraction from the authorities.
So making people write good code isn't impacting people's civil liberties? Considering most of the developers I know, that'd put most of them out of work...
Since when are we putting hackers behind bars just for hacking? We put people in jail for breaking the law, and usually first time convicted hackers just get probation. The only hackers we put in jail are repeat offenders or those whose crimes escalated into other higher crimes. If you root a banks server and send $100 million to your swiss bank account you're a bank robber, not a hacker. If you steal code, you're commiting an act of industrial espionage, not hacking. I think alot of people take the stance that if you commit a crime through a computer, it's just harmless hacking, and not worthy of jail time. Basically my point is there is a huge difference b/w DoSing some jerk on IRC and releasing the next big superworm that causes billion in damages and could possibly cost lives.are NOT the same thing. One thing is "hacking" (Cracking! Damnit.) the other is just being a criminal.
Everyone is entitled to their own opinion. It's just that yours is stupid.
People who break into other people's computers are trespassing. This represents an initiation of force -- a "natual crime" if you will -- because there is an actual breach of property rights. There is no question whether it is just to take action against these people.
People who use or trade drugs, on the other hand, have initiated no force. There is no breach of property rights. Drug "crimes" represent, at best, a breach of government-mandated conformity -- an "artificial crime" if you will.
To compare the two is not only illogical, but dangerously misleading.
Define "crime" as "harm to society" and you start to see that many of the "crimes" on the books are not true harm, but rather annoyances on the order of "disturbing the peace." The thicker the statutes become, the more likely you will run afoul of them. (Some people claim that LEOs like this, because it lets them engage in selective enforcement to punish those people doing things said LEOs don't like.)
"I didn't know about that law!" is not a defense; as you pile on more laws, though, the chance that you didn't know about that law rises to unity. Using firearm laws as an example, the laws on the books since we were children were not being enforced, so the "popular" answer was to pass new laws! Some of those new laws made sense, some of them just warmed over what was already on the books.
The problem is that a legislature is sorely tempted, at some point, to stop telling us prohibitions and start telling us permissions. At that point, civil liberties are out the windows.
Firstly, I doubt this is entirely workable. There's too much unsecured legacy code that no one's going to want to rewrite.
But mainly, this is simply the wrong attitude. If someone breaks into your house, it is the burglar's fault. It isn't your fault for not surrounding your house with barbed wire and a pack of rabid dogs. While I agree that penalties for hackers are often overly harsh, that doesn't change the fact that they knowingly committed a crime of their own free will, and should be punished for it. Hackers are responsible for their own actions. It's that simple.
The 'clean needle' approach basically involves making life easier for the criminal group (drug addicts) so that they don't need to commit so many troublesome crimes -- thus making life easier for everyone.
The approach advocated in the Register involves making life harder for the criminal group (hackers) so that they aren't able to commit troublesome crimes.
There is no similarity, and furthermore, while the 'clean needle' thing is hightly controversial and frequently shades into a program of government-subsidised drug abuse, writing software more securely is obviously beneficial and should be a no-brainer.
I therefore conclude, your honor, that the phrase 'clean needle' was only introduced because it's eyecatching -- perhaps because the original submitter was caught in a fringe eddy of the Really Rather Silly Field (RRSF) that usually surrounds The Register.
Whence? Hence. Whither? Thither.
This isn't about letting hackers go free. It's about making systems more secure without having to violate civil liberties by enforcing draconian security measures.
Or, to put it another way, alleviating a symptom (rampant hacking) of a problem (programs with security holes) by actually solving the problem (using safer programming methods to close the security holes) while still punishing those who continue to try to hack, who, with these lower-level holes closed, will have to resort to higher-visibility methods where they are easy to catch using ethical (i.e. strictly-reactive) methods of law enforcement, rather than violating the rights of 10,000 innocent people for the sake of catching a single wrongdoer.
I find it disturbing the number of people that are posting saying things like "but these people break the law, so they deserve what they get".
Come on Americans, what's happened to you recently? Where's your spirit gone? The spirit of justice, fairness, freedom? Is it right that teenagers get sent to jail for "hacking" when the state of IT security is so poor? If your bank left sacks of money outside it's doors, when they got stolen by a couple of kids would you think it was the kids were guilty of a crime, or the bank?
In the old America, the kids would get a stern telling off and the bank manager would be accused of negligence. These days the kids would be looking at a long jail sentence, and the bank would be pressing the government to pass laws waiving them of any responsibility.
America imprisons a higher percentage of its population than China, Saudi Arabia or Syria.
One in four young black males in America has served time in prison.
Yet people still believe America has a "wussy" legal system and that imprisoning more people will help reduce crime.
That's exactly the sort of thinking that got us into this mess of huge, bloated, corrupt, oppressive government in the first place -- the idea that government's function is to tell us what's "acceptable" and what's not. The idea that government -- or a majority -- knows what's best for an individual better than the individual themselves. This is a very dangerous mode of thinking.
Government's function is to protect us against the initiation of force -- to secure our property rights. Everything beyond that is arbitrary by definition, and necessarily screws over somebody for the benefit of somebody else.