Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)

Ian Batten igb at batten.eu.org
Mon Aug 2 07:43:08 BST 2010 

On 1 Aug 2010, at 23:27, James Firth wrote:

>>>
>>> The server, as in a dedicated host offering professional services
>>> should
>>> protect itself against anything the "internet" throws against it,
>>
>> Except that's both contrary to the law in every other field, and
>> incredibly elitist.
>
> Did you read my whole post? And previous messages? I've been  
> questioning
> why BT should be able to get police action in this case yet many  
> smaller
> companies and private individuals are unable to get police action for
> these crimes.

Do you know that to be true?  And even accepting, arguendo, that it  
is, why would the two be mutually exclusive?

A more likely proposition would be that BT are in a position to frame  
actions as crimes, have people who understand both the law and  
evidence collection, have people who can give credible testimony in  
court and are unlikely to have been using compromised systems to store  
porn, warez and pirated films so are therefore willing to permit  
forensic examination.   They are therefore able to work with the  
police effectively to bring a prosecution in a way individuals rarely  
can.

Moreover, as a large part of Internet crime --- including the attacks  
on the little man you mention --- equally besets large companies,  
isn't helping bring a prosecution against a miscreant also helping the  
people who cannot bring prosecutions?  When Microsoft used the law to  
deal with a major spam operation last year, did you argue that they  
should just have used technical precautions because they are well able  
to deal with the problem, or did you applaud their showing solidarity  
with smaller operators upon whom the burden falls more heavily?  I  
know I did the latter.

[[ Note that the precise details of the crime that raised this issue  
are irrelevant: you're arguing that BT should not be able to use the  
law to enforce much of anything outside major DDoS ]]

> I'm sorry but I really have to take issue with how my views can be  
> seen as
> elitist simply because I suggest that most professional uses of the
> internet - especially involving organisations as large as BT - only  
> have
> themselves to blame if their servers are vulnerable to common attack
> vectors of the kind hinted at in the case under discussion.

No, the people to blame for crimes are the criminals.  As to whether a  
crime was committed in the instant case, well, the magistrate held  
there had been (and Peter Sommer is saying that the accused was not  
transparent about the events).  Blaming the victim is rarely  
acceptable (theft from unlocked cars is still theft).  If you wave an  
unconvincing imitation firearm in a bank and then run off as the  
bandit screens descend, your proferssional target (the bank) has been  
able to defend itself against a common attack vector (incompetent  
stick-ups).  You'll still get five years.

ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20100802/decc407a/attachment.htm>

More information about the ukcrypto mailing list