Archive of UserLand's first discussion group, started October 5, 1998.

Re: Security holes, Law, and Control

Author:Ernest Argetsinger
Posted:5/10/2000; 2:20:34 PM
Topic:Security holes, Law, and Control
Msg #:17178 (In response to 17164)
Prev/Next:17177 / 17179

Sure, we should use the technology available, but at some point, you hit a wall of diminishing returns.

The point is this: Anything humans can invent, humans can also circumvent. All these layers of technological shields can get in the way of what we wanted to accomplish in the first place. Sometimes a procedural control (a law) can be a more effective, beneficial deterrent than a functional control. Is this risk of a malicious server script so great that we should increase the hurdles servers must go through to redirect clients? No one's documented a malicious server-side redirect aimed at destroying data. Capturing data for nefarious marketing purposes I might have to concede, but that is not a purpose any level of technological controls will protect us from. Only procedural controls, in the form of privacy laws and mandated disclosures about what information is gathered and what's done with it, can protect us from that.

I lock my doors and windows at home when I'm at work in the day. I also know that windows can be broken. Most people, myself included, have them in their homes anyway, because the benefits outweigh the risks. I think the "vulnerability" that's being exposed is a lot like a window. I'm not ready to install wire mesh over my window and ruin a perfectly good view, just because someone could break the window.

Technologists fear the law's potential. I fear the law's potential. But it serves a purpose that can be complementary to technology. Shouldn't we also use the law to protect ourselves?

There are responses to this message:

This page was archived on 6/13/2001; 4:55:09 PM.

© Copyright 1998-2001 UserLand Software, Inc.