<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On 1 Aug 2010, at 23:27, James Firth wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">The server, as in a dedicated host offering professional services<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">should<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">protect itself against anything the "internet" throws against it,<br></blockquote></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Except that's both contrary to the law in every other field, and<br></blockquote><blockquote type="cite">incredibly elitist.<br></blockquote><br>Did you read my whole post? And previous messages? I've been questioning<br>why BT should be able to get police action in this case yet many smaller<br>companies and private individuals are unable to get police action for<br>these crimes.</div></blockquote><br></div><div>Do you know that to be true? And even accepting, arguendo, that it is, why would the two be mutually exclusive?</div><div><br></div><div>A more likely proposition would be that BT are in a position to frame actions as crimes, have people who understand both the law and evidence collection, have people who can give credible testimony in court and are unlikely to have been using compromised systems to store porn, warez and pirated films so are therefore willing to permit forensic examination. They are therefore able to work with the police effectively to bring a prosecution in a way individuals rarely can. </div><div><br></div><div>Moreover, as a large part of Internet crime --- including the attacks on the little man you mention --- equally besets large companies, isn't helping bring a prosecution against a miscreant also helping the people who cannot bring prosecutions? When Microsoft used the law to deal with a major spam operation last year, did you argue that they should just have used technical precautions because they are well able to deal with the problem, or did you applaud their showing solidarity with smaller operators upon whom the burden falls more heavily? I know I did the latter.</div><div><br></div><div>[[ Note that the precise details of the crime that raised this issue are irrelevant: you're arguing that BT should not be able to use the law to enforce much of anything outside major DDoS ]]</div><div><br></div><div><blockquote type="cite"><font class="Apple-style-span" color="#000000">I'm sorry but I really have to take issue with how my views can be seen as<br>elitist simply because I suggest that most professional uses of the<br>internet - especially involving organisations as large as BT - <u>only have<br>themselves to blame</u> if their servers are vulnerable to common attack<br>vectors of the kind hinted at in the case under discussion.</font></blockquote><br></div><div>No, the people to blame for crimes are the criminals. As to whether a crime was committed in the instant case, well, the magistrate held there had been (and Peter Sommer is saying that the accused was not transparent about the events). Blaming the victim is rarely acceptable (theft from unlocked cars is still theft). If you wave an unconvincing imitation firearm in a bank and then run off as the bandit screens descend, your proferssional target (the bank) has been able to defend itself against a common attack vector (incompetent stick-ups). You'll still get five years.</div><div><br></div><div>ian</div></body></html>