Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
Ian Batten
igb at batten.eu.org
Mon Aug 2 07:43:08 BST 2010
On 1 Aug 2010, at 23:27, James Firth wrote:
>>>
>>> The server, as in a dedicated host offering professional services
>>> should
>>> protect itself against anything the "internet" throws against it,
>>
>> Except that's both contrary to the law in every other field, and
>> incredibly elitist.
>
> Did you read my whole post? And previous messages? I've been
> questioning
> why BT should be able to get police action in this case yet many
> smaller
> companies and private individuals are unable to get police action for
> these crimes.
Do you know that to be true? And even accepting, arguendo, that it
is, why would the two be mutually exclusive?
A more likely proposition would be that BT are in a position to frame
actions as crimes, have people who understand both the law and
evidence collection, have people who can give credible testimony in
court and are unlikely to have been using compromised systems to store
porn, warez and pirated films so are therefore willing to permit
forensic examination. They are therefore able to work with the
police effectively to bring a prosecution in a way individuals rarely
can.
Moreover, as a large part of Internet crime --- including the attacks
on the little man you mention --- equally besets large companies,
isn't helping bring a prosecution against a miscreant also helping the
people who cannot bring prosecutions? When Microsoft used the law to
deal with a major spam operation last year, did you argue that they
should just have used technical precautions because they are well able
to deal with the problem, or did you applaud their showing solidarity
with smaller operators upon whom the burden falls more heavily? I
know I did the latter.
[[ Note that the precise details of the crime that raised this issue
are irrelevant: you're arguing that BT should not be able to use the
law to enforce much of anything outside major DDoS ]]
> I'm sorry but I really have to take issue with how my views can be
> seen as
> elitist simply because I suggest that most professional uses of the
> internet - especially involving organisations as large as BT - only
> have
> themselves to blame if their servers are vulnerable to common attack
> vectors of the kind hinted at in the case under discussion.
No, the people to blame for crimes are the criminals. As to whether a
crime was committed in the instant case, well, the magistrate held
there had been (and Peter Sommer is saying that the accused was not
transparent about the events). Blaming the victim is rarely
acceptable (theft from unlocked cars is still theft). If you wave an
unconvincing imitation firearm in a bank and then run off as the
bandit screens descend, your proferssional target (the bank) has been
able to defend itself against a common attack vector (incompetent
stick-ups). You'll still get five years.
ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20100802/decc407a/attachment.htm>
More information about the ukcrypto
mailing list