Um.... I'm sorry.. I really don't agree with this. You're grossly over-simplifying the issue here. Your computer is fundamentally not like a car in this situation for many reasons.
1) Your car has a physical representation in the real world. So a thief has to target your car, risk leaving evidence and physically enter it to steal it. Consumption or getting rid of said physical evidence(car) after theft is still an issue requiring distinct amounts of effort. Your computer is fundamentally different. It's basically a software entity that has the ability to communicate with the outside world. An in that respect another savy piece of software can enter that computer and rewrite key portions to be repurposed for different functionality. Try having a mechanic go in and replace the frame of your car with Titanium. Possible but prohibitively costly. Fine, we'll leave hardware recomposition to the experts. How about you have your mechanic reprogram your car to go out and steal other cars. That would be a feat of software design genius/implementation that also is prohibitively costly, besides the fact that it would leave traceable physical components that could lead back to some component manufacturer. But here's the kicker, now tell your mechanic that when your car steals other cars, it's got to do it in a way so that these other cars and their owners will not even notice that they've been repurposed. Another trick that's prohibitively costly or just plain impossible?
2)Your computer's identity and what makes it dangerous is completely virtual and almost completely composed of millions of identical zeroes and ones. Any of these binary components can be be instantly repurposed to fulfill some wonderful new task or some nefarious event.... and then majically returned to it's previous state. Try to get your car to morph into a plane for your next flight and then have it turn back into a nice car at the other end of your destination. Prohibitively costly? Probably but all of the car insurance companies know that for decades past and probably decades to come, cars will not actually be capable of flight so they don't have to consider premium changes for such eventualities. Your computer is infinitely more capable of various digital tasks not easily classified for premiums.
Fundamentally the fact that a computer is digital, reprogrammable and instantaneously replicable and transmittable means that it's a lot less traceable and more easily manipulated. The problem of software security and protection is insanely complicated and big corporations spend milliions of dollars every year to keep security in check because they can't control it enough to cure it. The problem is non-trivial and insurance although and inviting concept is in itself prohibitively costly to implement, enforce and verify.
Besides the above arguments, I don't agree that you should be penalized for the actions of others. 3rd party coverage aside, in the digital world it is entirely too easy to generate an autonomous software entity and mass communicate it to an ulimited number of systems. However it is this same functionality that makes software so powerful and crucially useful everywhere. If multibilliion dollar companies with teams of professionals can't provide foolproof mechanisms to protect machines from being hijacked and used for evil, is it really fair to lay such a complicated burden on the average user and worse penalize them when they fail? A virtual tool should not carry the same responsibilities of a physical tool. The physical rules of the universe that we all depend on are not all applicable.
This is very difficult problem that will require a new and non-trivial solution.
I completely agree. I believe that this is at the heart of why such harsh legislation for this behavior is ultimately ridiculous. For the law, ignorance is not a valid defence. So the first time that they seriously attempt to enforce this law, here's how it will play out: i)one clever hacker will implement a virus/bot/[insert vessel of malcontent] that utilizes some newly discovered flaw in a ubiquitous OS like Windows[like this doesn't happen everyday] ii)using said flaw he/she will then make half the populace(depending on level of penetration) instantly guilty(mostly through ignorance) of participating in said DoS attack. iii)Said government will then begin the ridiculous and incredibly asinine task of fining and penalizing all of the "guilty" parties. All of the aunty Ems,Sues and even lovable Grandpa Jim that stepped away from his computer to save six small children in a burning building. iv)Undoubtedly, the nefarious evil hacker responsible will be savy enough to cover his tracks and of course never get caught. However the damage will have been done to the attacked corporation and the ignorant accomplices as well.
So they've unwittingly given the malicious hacker much bigger teeth and more visible recognition for their clever actions on their victims. (sigh)
I think that those responsible for launching the DoS attacks should be penalized as they are causing loss of income/services, but vague legislation is just plain dangerous and stupid. Obviously they don't truly understand their adversary.
Slashdot Mirror
Um.... I'm sorry .. I really don't agree with this. You're grossly over-simplifying the issue here. Your computer is fundamentally not like a car in this situation for many reasons.
.... and then majically returned to it's previous state. Try to get your car to morph into a plane for your next flight and then have it turn back into a nice car at the other end of your destination. Prohibitively costly? Probably but all of the car insurance companies know that for decades past and probably decades to come, cars will not actually be capable of flight so they don't have to consider premium changes for such eventualities. Your computer is infinitely more capable of various digital tasks not easily classified for premiums.
1) Your car has a physical representation in the real world. So a thief has to target your car, risk leaving evidence and physically enter it to steal it. Consumption or getting rid of said physical evidence(car) after theft is still an issue requiring distinct amounts of effort. Your computer is fundamentally different. It's basically a software entity that has the ability to communicate with the outside world. An in that respect another savy piece of software can enter that computer and rewrite key portions to be repurposed for different functionality. Try having a mechanic go in and replace the frame of your car with Titanium. Possible but prohibitively costly. Fine, we'll leave hardware recomposition to the experts. How about you have your mechanic reprogram your car to go out and steal other cars. That would be a feat of software design genius/implementation that also is prohibitively costly, besides the fact that it would leave traceable physical components that could lead back to some component manufacturer. But here's the kicker, now tell your mechanic that when your car steals other cars, it's got to do it in a way so that these other cars and their owners will not even notice that they've been repurposed. Another trick that's prohibitively costly or just plain impossible?
2)Your computer's identity and what makes it dangerous is completely virtual and almost completely composed of millions of identical zeroes and ones. Any of these binary components can be be instantly repurposed to fulfill some wonderful new task or some nefarious event
Fundamentally the fact that a computer is digital, reprogrammable and instantaneously replicable and transmittable means that it's a lot less traceable and more easily manipulated. The problem of software security and protection is insanely complicated and big corporations spend milliions of dollars every year to keep security in check because they can't control it enough to cure it. The problem is non-trivial and insurance although and inviting concept is in itself prohibitively costly to implement, enforce and verify.
Besides the above arguments, I don't agree that you should be penalized for the actions of others. 3rd party coverage aside, in the digital world it is entirely too easy to generate an autonomous software entity and mass communicate it to an ulimited number of systems. However it is this same functionality that makes software so powerful and crucially useful everywhere. If multibilliion dollar companies with teams of professionals can't provide foolproof mechanisms to protect machines from being hijacked and used for evil, is it really fair to lay such a complicated burden on the average user and worse penalize them when they fail? A virtual tool should not carry the same responsibilities of a physical tool. The physical rules of the universe that we all depend on are not all applicable.
This is very difficult problem that will require a new and non-trivial solution.
I completely agree. I believe that this is at the heart of why such harsh legislation for this behavior is ultimately ridiculous. For the law, ignorance is not a valid defence. So the first time that they seriously attempt to enforce this law, here's how it will play out:
i)one clever hacker will implement a virus/bot/[insert vessel of malcontent] that utilizes some newly discovered flaw in a ubiquitous OS like Windows[like this doesn't happen everyday]
ii)using said flaw he/she will then make half the populace(depending on level of penetration) instantly guilty(mostly through ignorance) of participating in said DoS attack.
iii)Said government will then begin the ridiculous and incredibly asinine task of fining and penalizing all of the "guilty" parties. All of the aunty Ems,Sues and even lovable Grandpa Jim that stepped away from his computer to save six small children in a burning building.
iv)Undoubtedly, the nefarious evil hacker responsible will be savy enough to cover his tracks and of course never get caught. However the damage will have been done to the attacked corporation and the ignorant accomplices as well.
So they've unwittingly given the malicious hacker much bigger teeth and more visible recognition for their clever actions on their victims. (sigh)
I think that those responsible for launching the DoS attacks should be penalized as they are causing loss of income/services, but vague legislation is just plain dangerous and stupid. Obviously they don't truly understand their adversary.