Full Disclosure mailing list archives
Re: House approves spyware legislation
From: James Tucker <jftucker () gmail com>
Date: Wed, 6 Oct 2004 16:53:36 +0100
On Wed, 6 Oct 2004 08:07:38 -0500, Todd Towles <toddtowles () brookshires com> wrote:
Why make more computer laws...when the current computer laws can not be enforced correctl? We all know that the CAN-SPAM Act really cut the spam out of our e-mails *sigh*
There is clearly allot of computer related crime that cannot be enforced, but this is not dissimilar from the physical crime that is carried out all over the world undetected (fights, drugs, fraud, (war?), you name it). The difference is scale (or is it really that different? maybe not). When a physical law is broken and it has been brought to the attention of the authorities they can prosecute because the law exists. Many physical offences also go unnoticed as with the digital world. If the laws don't exist in either world, then in both the result is the same -> you can't prosecute. While this law may not be a solution to the problem, it does mean that people can be prosecuted when they are found. It is clear that it is significantly easier to prove this law has been broken than it is to prove that an offence has been committed under older laws. This also includes the ability to target the developers as well as the middle men (distributors).
Then the INDUCE act will make half the stuff in a normal person's house illegal.
This should fall under "proper authorisation" and some companies may need to make changes to their software licenses and install routines in order to comply.
Making laws is just playing around...paper on top of paper doesn't stop anything.
It does put a significant brake on those who are prosecuted as a result of its existence.
It all falls back to the old saying - Action speaks louder than words.
Any proposals as to how it could be done properly, without breaching privacy laws? Should we be requesting ISP's to deny all addresses which are housing malware? could they ever afford to manage such a task? Should the government subsidise security systems? Again, could they afford to? What about the millions of ways around the protections, proxies, tunnels, bouncers, undiscovered regions, de-centralised connection mechanisms? This is a multinational issue and it is very true that one country can only regulate so much. The underlying infrastructure of the Internet (in particular its protocols and connectedness) is built to withstand outside influence (such as a connection orientated attack of the malware) and to successfully provide communication even in 'bad' scenarios, as a result it will always be subject to the ability for people to 'hide under' and 'go around' most of the technological challenges that are put in front of them, at very least in terms of communications. This means it is hard to fight this battle from the technology side unless you can impact a significant proportion of the world (like making changes to the functionality of a common operating system for example; but even this takes significant time to spread). Given the above, I suppose all I can say is "every little helps". _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- House approves spyware legislation RandallM (Oct 06)
- Re: House approves spyware legislation Gregory Gilliss (Oct 06)
- Re: House approves spyware legislation Micheal Espinola Jr (Oct 06)
- Re: House approves spyware legislation Ron DuFresne (Oct 06)
- Re: House approves spyware legislation Gregory Gilliss (Oct 07)
- Re: House approves spyware legislation Gary E. Miller (Oct 06)
- <Possible follow-ups>
- RE: House approves spyware legislation Todd Towles (Oct 06)
- Re: House approves spyware legislation Micheal Espinola Jr (Oct 06)
- Re: House approves spyware legislation Mark Shirley (Oct 06)
- Re: House approves spyware legislation Valdis . Kletnieks (Oct 06)
- Re: House approves spyware legislation Micheal Espinola Jr (Oct 06)
- Re: House approves spyware legislation James Tucker (Oct 06)
- Re: House approves spyware legislation Gregory Gilliss (Oct 06)
- Re: House approves spyware legislation RandallM (Oct 06)
- Re: House approves spyware legislation Bankim J. Tejani (Oct 06)
- Re: House approves spyware legislation Simon (Oct 07)
- Re: House approves spyware legislation Bankim J. Tejani (Oct 07)
- Re: House approves spyware legislation Simon (Oct 07)
- Disclosure policy in Re: RealPlayer vulnerabilities Martin Viktora (Oct 07)
- Re: House approves spyware legislation Bankim J. Tejani (Oct 06)
- Re: House approves spyware legislation Eric Paynter (Oct 07)
- RE: House approves spyware legislation Simon (Oct 07)
- RE: House approves spyware legislation Simon (Oct 07)