Slashdot Mirror
Clean Needles for Hackers
scubacuda writes "Jon Lasser of the Register opines that we should "give up on the notion that computer security can be improved by putting more people in prison." He argues that a "harm reduction" approach (similar to that of "clean needle" campaign in the War on Drugs) might be more productive. If we, say, wrote in safer programming languages, used tools like Immunix's StackGuard, ProPolice, or OpenBSD 3.3, chroot and UML, we could reduce the damage a malicious hacker might do without damaging our civil liberities."
How does punishing people who commit crimes reduce our civil liberties?
It depends on what is defined as a crime, and what the punishment is.
Law is all about drawing lines - what is acceptable and what isn't. At what point does a particular act become unacceptable. If, for instance, saying things that were "unamerican" became a crime, then that would clearly be a reduction in our civil liberties.
People who break into other people's computers are trespassing. This represents an initiation of force -- a "natual crime" if you will -- because there is an actual breach of property rights. There is no question whether it is just to take action against these people.
People who use or trade drugs, on the other hand, have initiated no force. There is no breach of property rights. Drug "crimes" represent, at best, a breach of government-mandated conformity -- an "artificial crime" if you will.
To compare the two is not only illogical, but dangerously misleading.
Define "crime" as "harm to society" and you start to see that many of the "crimes" on the books are not true harm, but rather annoyances on the order of "disturbing the peace." The thicker the statutes become, the more likely you will run afoul of them. (Some people claim that LEOs like this, because it lets them engage in selective enforcement to punish those people doing things said LEOs don't like.)
"I didn't know about that law!" is not a defense; as you pile on more laws, though, the chance that you didn't know about that law rises to unity. Using firearm laws as an example, the laws on the books since we were children were not being enforced, so the "popular" answer was to pass new laws! Some of those new laws made sense, some of them just warmed over what was already on the books.
The problem is that a legislature is sorely tempted, at some point, to stop telling us prohibitions and start telling us permissions. At that point, civil liberties are out the windows.
This isn't about letting hackers go free. It's about making systems more secure without having to violate civil liberties by enforcing draconian security measures.
Or, to put it another way, alleviating a symptom (rampant hacking) of a problem (programs with security holes) by actually solving the problem (using safer programming methods to close the security holes) while still punishing those who continue to try to hack, who, with these lower-level holes closed, will have to resort to higher-visibility methods where they are easy to catch using ethical (i.e. strictly-reactive) methods of law enforcement, rather than violating the rights of 10,000 innocent people for the sake of catching a single wrongdoer.
America imprisons a higher percentage of its population than China, Saudi Arabia or Syria.
One in four young black males in America has served time in prison.
Yet people still believe America has a "wussy" legal system and that imprisoning more people will help reduce crime.