Re: OT: Tenet Calls to Limit Internet Access

[Guest guest]

This is a joke, right? I want to cry.

>

> " Access to networks like the World Wide Web might need to be limited

> to those

> who can show they take security seriously, he said. "

>

> By Shaun Waterman

> UNITED PRESS INTERNATIONAL

> Published December 2, 2004

[Guest guest]

> This is a joke, right? I want to cry.

Actually, no, and Tenent is right on this problem.

I worked for several years (and still do to a smaller extent) for

government doing information security. A major digital attack is only a

matter of time. And, yes, foreign organizations *are* involved with

gathering information, which, sadly, will enable them to hurt us if they

chose to. The only fault I'd give Tenent is that he ignores the fact that

we also have domestic terrorists, but then again the CIA isn't supposed to

gather information on domestic threats...

No, it won't kill people (well, most likely - so long as they stay away

from public service access points [911] and hospital record computers

and chemical plant control systems and waterway control systems and

the power grid)...

It may cause major environmental problems (release the wrong safety valve

at a chemical plant or sewage treatment facility). But most likely not.

But, most likely it will simply screw up the economy. Imagine a large

mutual fund selling all the shares in a particular stock. Imagine 10 of

them doing that. Sure, the stock exchange is probably secure but are all

the brokers connected to it secure? Or imagine no one receiving a social

security check one month while the system is rebuilt. Or a credit card

processing network not functioning for several days. Now imagine one

screw up like this on Monday (say all social security checks get delayed a

day), followed by a credit card processing problem the next day, followed

by an unwanted sell-off of stock from some state retirement system the

next day, followed by all the traffic lights in some major city only

saying " green " for a few seconds in each direction... Will we survive?

Sure. Is there any excuse for the level of risk we have right now? No.

Should government agencies and businesses with critical infrastructure

secure their stuff? Absolutely. And that's what Tenent is saying - not

that (as misquoted without context and thus implied by the original

article) that certain people shouldn't be able to browse the web.

--

[Guest guest]

Parrish S. Knight wrote:

> No, it isn't, and it's not such a bad idea. Licensing drivers was

> pretty controversial at first, too, but now everyone recognizes the

> sense of testing people thoroughly before allowing them to drive.

However there are several obsticles in the way. First testing for

drivers licences is testing skill and ability. I guess testing that way

would mean if you have the skill you might abuse it therefore you would

be denied access. Internet access is so vast and so highly used that it

would be very difficult do restrict use now.

The point is that with internet use it's not about verifying that one is

skilled enough to use it, it's about eliminating those that abuse it.

It would seem that what is needed is firewalls between countries. Maybe

racial profiling like at border crossings.

Red.

[Guest guest]

especially to people who work in tech support...

</snark>

On Fri, 3 Dec 2004 09:12:15 -0800, Parrish S. Knight

wrote:

>

> No, it isn't, and it's not such a bad idea. Licensing drivers was pretty

controversial at first, too, but now everyone recognizes the sense of testing

people thoroughly before allowing them to drive. A similar approach to computer

use is worth consideration, because using a computer irresponsibly, like driving

a car irresponsibly, poses a danger to others.

>

> --

> Homemade scented candles to bring warmth and fragrance to your home... Knight

Scents

> http://www.knightscents.biz

>

>

>

>

>

> > This is a joke, right? I want to cry.

> >

> >

> > On Fri, 03 Dec 2004 08:13:19 -0000, scap_64

> > wrote:

> >> " Access to networks like the World Wide Web might need to be

> >> limited to those

> >> who can show they take security seriously, he said. "

> >>

> >> By Shaun Waterman

> >> UNITED PRESS INTERNATIONAL

> >> Published December 2, 2004

>

>

>

>

>

[Guest guest]

No, it isn't, and it's not such a bad idea. Licensing drivers was pretty

controversial at first, too, but now everyone recognizes the sense of testing

people thoroughly before allowing them to drive. A similar approach to computer

use is worth consideration, because using a computer irresponsibly, like driving

a car irresponsibly, poses a danger to others.

--

Homemade scented candles to bring warmth and fragrance to your home... Knight

Scents

http://www.knightscents.biz

> This is a joke, right? I want to cry.

>

>

> On Fri, 03 Dec 2004 08:13:19 -0000, scap_64

> wrote:

>>  " Access to networks like the World Wide Web might need to be

>> limited to those

>> who can show they take security seriously, he said. "

>>

>> By Shaun Waterman

>> UNITED PRESS INTERNATIONAL

>> Published December 2, 2004

[Guest guest]

> Parrish S. Knight wrote:

>

>> No, it isn't, and it's not such a bad idea.  Licensing drivers

>> was pretty controversial at first, too, but now everyone

>> recognizes the sense of testing people thoroughly before allowing

>> them to drive.

>

> However there are several obsticles in the way. First testing for

> drivers licences is testing skill and ability.

Right, that's the whole point.

> I guess testing that

> way would mean if you have the skill you might abuse it therefore

> you would be denied access.

No, it would at least mean (for example) that you know better than to open email

attachments that you're not expecting. To use a corollary, driver's license

don't prevent people from speeding or driving drunk, but they do prove that they

at least *know* the laws before they break them, and they provide for penalties

for people who *do* break them.

As our esteemed colleague a.f. wilson has just pointed out, people in tech

support could spend weeks telling you about the idiotic stunts pulled by

uninformed users -- or sometimes even informed users, for that matter. I had

one user a couple of years ago who infected our corporate LAN with virii

*twice*, in spite of all the antivirus measures I had installed and all the

education I gave her to the contrary. She opens the email, double-clicks the

attachment, a matter of perhaps ten or twenty seconds, and presto, she flushes

six hours of my life down the toilet and forces me to cancel plans I had for

after work while I drop everything else, even several matters that were quite

urgent, to fix the damage that she had done -- and at that, I got off pretty

light (and I might add that she didn't even apologize). In such a case, at the

very least, if we had computer operators' licenses, she could have been fined or

had her license revoked, as we do with drivers who don't obey traffic laws.

> Internet access is so vast and so

> highly used that it would be very difficult do restrict use now.

What about, " car ownership is so vast and highly used that it would be very

difficult to restrict driving now...? "

> The point is that with internet use it's not about verifying that

> one is skilled enough to use it, it's about eliminating those that

> abuse it.

The two are not mutually exclusive. I'm saying we should do both.

> It would seem that what is needed is firewalls between countries.

Measures like that are not difficult to defeat, as I'm sure you're well aware.

--

Homemade scented candles to bring warmth and fragrance to your home... Knight

Scents

http://www.knightscents.biz

[Guest guest]

<<< No, it isn't, and it's not such a bad idea. Licensing drivers

was pretty controversial at first, too, but now everyone recognizes

the sense of testing people thoroughly before allowing them to

drive. A similar approach to computer use is worth consideration,

because using a computer irresponsibly, like driving a car

irresponsibly, poses a danger to others.>>>

I " m afraid there is hidden agenda. Such " security measures " would -

and are intended to - allow gov't restrict citizens' access to

unbiased information and their right to free speech. It would allow

to limit, monitor and trace communications of political opponents and

grassroot activism movements. Right along the lines of Patriot Acts

and very ominous.

[Guest guest]

> 

> <<< No, it isn't, and it's not such a bad idea.  Licensing drivers

> was pretty controversial at first, too, but now everyone recognizes

> the sense of testing people thoroughly before allowing them to

> drive.  A similar approach to computer use is worth consideration,

> because using a computer irresponsibly, like driving a car

> irresponsibly, poses a danger to others.>>>

>

> I " m afraid there is hidden agenda. Such " security measures " would -

> and are intended to - allow gov't restrict citizens' access to

> unbiased information and their right to free speech. It would allow

> to limit, monitor and trace communications of political opponents

> and grassroot activism movements. Right along the  lines of Patriot

> Acts and very ominous.

I know that, and that's why I'm not super-enthusiastic about the idea... I do

have reservations about it. However, a licensing and education system would

greatly reduce a *lot* of problems, as it does with driving, so I still can't

help but think that it might be a good idea. Here in 2004, you'd think that

people would know better than to open unsolicited attachments or forward emails

in hopes of getting a thousand dollars from Bill Gates, but a lot of people

still do it, and they probably always unless and until we have some kind of

stronger protections against it. I do recognize the dangers inherent in a

" computer users' license " , but I also see the probably benefits. It's an

interesting subject for academic debate, if nothing else (and, in fact, a

licensing system for computer users is almost certainly never going to happen,

so it *is* essentially an academic debate).

--

Homemade scented candles to bring warmth and fragrance to your home... Knight

Scents

http://www.knightscents.biz

[Guest guest]

Parrish S. Knight wrote:

> No, it isn't, and it's not such a bad idea.

It is one of the most frightening, Orwellian ideas I have heard for some time,

and it is one that should never be given a moment's consideration in any free

society.

> Licensing drivers was pretty

> controversial at first, too, but now everyone recognizes the sense of testing

> people thoroughly before allowing them to drive.

Don't be so sure. I am not so sure I am in favor of the government granting

licenses to do *anything.*

> A similar approach to

> computer use is worth consideration, because using a computer irresponsibly,

> like driving a car irresponsibly, poses a danger to others.

In other words, a prior restraint, which is specifically forbidden in the

Constitution, as well as in spirit by all who hold the concept of liberty in

high regard.

I think that we should be hypervigilant when the government tries to get

anywhere close to restricting access to the internet in any way, shape, or form.

The supposed risk to others is just the supposed " need " that the government

needs to get the unthinking masses out there to support yet another restriction

on liberty. Assaults on the First Amendment should not be permitted, no matter

how innocuous, reasonable, or necessary they may seem. Once you get people to

accept the idea that government approval is required to exercise essential

freedom, you have turned them from citizens into subjects.

Living in a free society requires some risk. Trying to legislate the risk out

of life, one " reasonable " law at a time, at the risk of a " little " liberty

(which will never be regained), is a strategy doomed to fail-- unless, of

course, you are a member of a government bent on tyranny, as are 99% of those

who claim to represent us.

[Guest guest]

Parrish S. Knight wrote:

> No, it would at least mean (for example) that you know better than to open

> email attachments that you're not expecting.

People have the liberty to open any attachment they like. It is not for you,

nor anyone else, to try to restrict their access to what has become a primary

conduit for free expression, regardless of how they score on some arbitrary test

of how well they can regurgitate to you the answers you wish to hear.

> To use a corollary, driver's

> license don't prevent people from speeding or driving drunk, but they do

> prove that they at least *know* the laws before they break them, and they

> provide for penalties for people who *do* break them.

Driver's licenses have nothing to do with penalties for breaking driving laws.

There are no licenses required to own handguns in Arizona, but I can assure you

that if someone here were to misuse one, he would be penalized.

Ignorance of law is no excuse, so the mere existence of laws is all that is

required for a presumption that the person knows those laws. If a person

commits misconduct in a car, he should be penalized, but requiring a license is

a prior restraint on the exercising of one form of a natural right-- the right

to move about freely.

> As our esteemed colleague a.f. wilson has just pointed out, people in tech

> support could spend weeks telling you about the idiotic stunts pulled by

> uninformed users -- or sometimes even informed users, for that matter.

Wholly irrelevant. The idea of " needing " to restrict freedom for some expedient

purpose has long been the tool of tyrants. As Ayn Rand pointed out, the only

thing a government can do is crack down on criminals. All they need to do is

define the laws in such a way that you are the criminal, and they can crack down

on you if the mood strikes. Once people get used to living in a police state,

they will be so accustomed to such abuses of liberty that they will never stop

to wonder what the end result of all of the cracking down will be. We are

already far down that slippery slope.

> I had

> one user a couple of years ago who infected our corporate LAN with virii

> *twice*, in spite of all the antivirus measures I had installed and all the

> education I gave her to the contrary. She opens the email, double-clicks the

> attachment, a matter of perhaps ten or twenty seconds, and presto, she

> flushes six hours of my life down the toilet and forces me to cancel plans I

> had for after work while I drop everything else, even several matters that

> were quite urgent, to fix the damage that she had done -- and at that, I got

> off pretty light (and I might add that she didn't even apologize).

It was your job. Maybe you should have thanked her, and people like her, for

providing job security.

Saving people who are paid to take care of problems like that the effort of

taking care of problems like that is not a good reason to support an

unconstitutional abridgement of free speech.

> In such a

> case, at the very least, if we had computer operators' licenses, she could

> have been fined or had her license revoked, as we do with drivers who don't

> obey traffic laws.

Oh, sure-- taking away a driver's license prevents the person from driving,

right?

If we decide that a certain driving action is illegal, why would a license be

needed to make that person answerable for that crime? If a cop sees someone

driving drunk, and he pulls the person over, only to find that the person has

never had a driver's license, do you think that the state is then powerless to

enforce the law against drunk driving? Do you think that the person will not be

charged with drunk driving, since he did not have a license? The license is

wholly superfluous. If a person commits an illegal act with any object, he can

be made to answer for that offense with or without a permission slip from the

government to use that item.

Now, about the person that you mentioned...

Someone sent her an email, and she had _every right_ to open it as far as the

law is concerned (and rightfully so). Now, certainly, since she was on a

company network, the company she worked for had every right to fire her for

doing that, or to sanction her as they see fit, just as they would have the

right to fire her for wearing blue on Monday, for making personal phone calls on

company time (should we have a license to use the phone too?), or anything else,

if they had such a policy in place.

The network was not hers to use as she pleased. She caused a problem for the

company through her actions. She cost them time and money. That's a civil

matter, not a criminal matter, and the company had the perfect right to fire

her, suspend her, demote her, or what have you, if they saw fit.

Now, if she wants to open email attachments on her own time, on her own

computer, that is her right too.

Also, I have to comment that if your company network had gateway email scanning

(possibly something that would delete all nontext attachments), or client-level

scanning/attachment quarantine, this also would likely have been avoided. You

can't presume that every office worker has a clue about computers. Or, perhaps

she had Microsoft Internet Exploiter/Outlook on her machine, and the virus used

the exploit that opened the email attachment as soon as the letter was read.

Having the government involved in micromanaging yet another aspect of our lives,

and taking a dump on another one of our Constitutional rights with this prior

restraint, is not the answer. In this case, the cure is several thousand orders

of magnitude worse than the disease. Having the government licensing free

speech is a lot worse than anything it would prevent. (And it would certainly

do nothing to stop eastern-bloc hackers/crackers, which are some of the most

active at this point in time).

>> Internet access is so vast and so highly used that it would be very

>> difficult do restrict use now.

>

> What about, " car ownership is so vast and highly used that it would be very

> difficult to restrict driving now...? "

It's nonsense, for one thing. Someone in Russia can't operate a car and affect

someone here.

There is no authority granted to the US federal government to restrict the

internet. Therefore, it would be _at best_ a state matter. The internet is

global; trying to fix the problem by allowing one of fifty states to restrict

its subjects as it sees fit is not going to solve anything. Even if yet another

unconstitutional federal law were invoked, it would still have no effect upon

the rest of the world. The internet is global.

Then, of course, you have the problem of free speech and prior restraints.

> The two are not mutually exclusive. I'm saying we should do both.

The very same thing has been said about people that " abuse " their rights to free

speech by mentioning ideas that are offensive to the regime in power. Such

ideas are branded as harmful to the collective, too dangerous to be discussed,

and the person is deemed to be unworthy of the right to speak his mind.

This is EXACTLY the same thing, since the internet is the one place where an

ordinary person can have his ideas just as available for the world to read as

any corporation or government entity (until you start licensing internet access,

of course-- then all the government has to do is change the requirements to get

this internet license. And it would be perfectly within its power to do so,

since it will have been established by then that accessing the internet, like

other forms of free expression, is not a right, but a privilege that is enjoyed

at the pleasure of the government.

All the government need do is establish a really innocuous internet testing

standard, one that virtually everyone can pass... and in a few years, having to

have a license to use the net will be the norm to most people. Then all the

government need do is incrementally change the requirements to get the license,

again and again, each one accompanied by claims of being a " reasonable measure "

that is necessary for the greater good, and before you know it, only the " right "

kind of people will be able to access the net, at the whim of the government.

This is how every encroachment of vital freedoms has taken place in this

country.

>> It would seem that what is needed is firewalls between countries.>

> Measures like that are not difficult to defeat, as I'm sure you're well

> aware.

What is needed is for people to realize that we don't live in a Pollyanna-esque

world, where everything is safe and everyone is good. Live involves risk, and

living in a free society means you have that many more opportunities to do harm

to yourself or others if you are careless. There are a lot of things that a

government unconcerned with liberty could do to increase safety, but all of them

would mean unacceptable limitations of liberty.

[Guest guest]

redhottech@... wrote:

> The point is that with internet use it's not about verifying that one is

> skilled enough to use it, it's about eliminating those that abuse it.

Precisely. Hacking, writing/spreading virii, et cetera, are already illegal.

Go after those that abuse the system, but leave it free. That is how things are

done in a free society.

Having ISPs scan outbound IP packets to make sure the source IP is not spoofed

would go a long way in stopping net abuse. Without spoofed source IPs, it would

be a lot harder to hide one's tracks. Open relays should be eliminated, or at

least monitored to make sure that abuse is not taking place.

Computer crime is no different than any other kind of crime, except that it

inherently leaves a much bigger electronic paper trail. There is no reason to

restrict or license internet access more than access to gasoline, heating oil,

alcohol, knives, baseball bats, post offices (you can mail anything anywhere

there!), et cetera. Free citizens don't have to prove their fitness to access

things; laws that ban misconduct are enough. If someone violates the law, there

are ways of dealing with the transgressor.

[Guest guest]

Parrish S. Knight wrote:

> Here in 2004, you'd think that

> people would know better than to open unsolicited attachments or forward

> emails in hopes of getting a thousand dollars from Bill Gates, but a lot of

> people still do it, and they probably always [will]

So? If people want to participate in chain letters because they think that Bill

Gates will send them money, is that really such a problem that we would risk

having the government get involved?

Should we also require a license to allow people to send things in paper mail?

Chain letters were around a long time before email.

It is really scary to think that people would want the government regulating to

whom they can forward email, and under which conditions.

> unless and until we have some

> kind of stronger protections against it.

I do-- I call it " the delete key. " If I get one of those chain emails (and I

will add that I have gotten one from someone on this list, with an IQ more than

3 standard deviations above normal), I hit this key, and the problem disappears.

You cannot legislate against occasional bouts of stupidity. I once was fooled

by a radio talk show host that was also an impressionist-- his guests didn't

exist; he was talking to himself. He fooled me; I got angry and riled up... I

thought the guest was real. I would have called the station if I was not in the

car delivering newspapers.

I guess I would have lost my radio listener's license.

> I do recognize the dangers inherent

> in a " computer users' license " , but I also see the probably benefits.

There are benefits and detriments to everything. At the risk of taking it to

the absurd... there were benefits in Hitler's campaign to eradicate the

disabled. It would reduce the amount of social services needed, and reduce

taxes. That would, in turn, boost the economy, and in 1930s Germany, that meant

a whole lot to people.

The idea had benefits, but that does not make it an idea worthy of

consideration.

> It's

> an interesting subject for academic debate, if nothing else (and, in fact, a

> licensing system for computer users is almost certainly never going to

> happen, so it *is* essentially an academic debate).

How about this for an academic debate-- resolved: There should be a

Constitutional amendment prohibiting the government (at any level, from federal

to municipal) from issuing any licenses for anything to anybody.

That I could see. Licensing net access, I can't.

[Guest guest]

Thanks, . My sentiments exactly on all counts. Very well put.

[Guest guest]

wrote:

> Also, I have to comment that if your company network had gateway

> email scanning (possibly something that would delete all nontext

> attachments), or client-level scanning/attachment quarantine, this

> also would likely have been avoided.  You can't presume that every

I'm about to head out the door and don't have time to respond to everything else

right now, but I *have* to address this.

At that network, I had installed virus filtering at the gateway and antivirus

clients on each and every workstation. I had also set up both gateways and

workstations to update their signatures quite frequently (in the gateway's case,

once every four hours). However, even such measures are not 100% effective,

which is why I also sent out a memo every couple of months or so reviewing all

computer security measures and instructing all employees not to open any

unexpected attachments.

These measures (particularly the gateway) were about as rigorous as you can get

without actually *removing* attachments at the gateway (and I would have even

done that, too, if the budget had allowed for it). However, some virii spread

so quickly that they infect before signatures are updated, which is what

happened here.

Come on, . You should have thought of that.

--Parrish

[Guest guest]

> So?  If people want to participate in chain letters because they

> think that Bill Gates will send them money, is that really such a

> problem that we would risk having the government get involved?

Chain letters, probably not. Other things, maybe so.

> Should we also require a license to allow people to send things in

> paper mail? Chain letters were around a long time before email.

There's a bit of a difference. Postal mail costs the sender money. Email costs

the recipient money. Email is, essentially, mail sent postage due without the

option of declining receipt.

> It is really scary to think that people would want the government

> regulating to whom they can forward email, and under which

> conditions.

Like I said, I'm not crazy about the idea, either, but I'm getting really tired

of having the email accounts that I pay for rendered increasingly useless by

other people's malice and/or incompetence. Yes, there are spam filters and

rules and so on that I can use to bring everything under control, but the point

is, I shouldn't *have* to, any more than I should have to tolerate my neighbors'

cigarette smoke coming into the apartment that I pay for.

> I do-- I call it " the delete key. "  If I get one of those chain

> emails (and I will add that I have gotten one from someone on this

> list, with an IQ more than 3 standard deviations above normal), I

> hit this key, and the problem disappears.

That's the same argument that spammers use, that when you receive spam, you

should " just hit the delete key " . CAUCE did some math on this once... they said

that there are 24 million small business in the United States. If just one

percent of those businesses sent you just one piece of spam once a year, you'd

receive nearly 700 spams per day, every day. No, the problem will never be that

large with chain mails, but the principle is the same.

> I guess I would have lost my radio listener's license.

No one is proposing a radio listener's license, ... don't set up straw men,

you're too smart for that. ;-) Besides which, there's a difference: there's no

such thing as " irresponsible radio listening " that can cause tremendous harm to

others.

In any event, the only reason I'm even speculating about this -- because, as you

know, I'm not exactly crazy about governmental regulations/licensing, either --

is that uninformed users have come to pose such a problem for the Internet at

large that I'm really beginning to wonder how else to fix the problem. I hate

governmental regulation, too, but the fact is, safer computing needs to become

more widespread. It's almost 2005, and yet even today, two-thirds of home users

don't even use firewalls, and the average time it takes for an unfirewalled

Windows machine to get " owned " once it's connected to the 'Net is now down to

about *twenty minutes*. No wonder we're getting so much spam and worms and all

the rest of it.

There's an old saying that your right to swing your fist ends at my face...

well, in this case, I'd say that your right to be irresponsible with your

computer ends at my router.

> There are benefits and detriments to everything.  At the risk of

> taking it to the absurd... there were benefits in Hitler's campaign

> to eradicate the disabled.  It would reduce the amount of social

> services needed, and reduce taxes.  That would, in turn, boost the

> economy, and in 1930s Germany, that meant a whole lot to people.

>

> The idea had benefits, but that does not make it an idea worthy of

> consideration.

First a straw man, now Godwin's Law...? Come on, ... :-)

> How about this for an academic debate-- resolved: There should be a

> Constitutional amendment prohibiting the government (at any level,

> from federal to municipal) from issuing any licenses for anything

> to anybody.

That's pretty academic, all right. I'm sure you realize that it would never

pass.

> That I could see.  Licensing net access, I can't.

I find the idea distasteful, too, as I said, but the situation with the Internet

is bad, and it's just getting worse.

--

Homemade scented candles to bring warmth and fragrance to your home... Knight

Scents

http://www.knightscents.biz

[Guest guest]

Parrish S. Knight wrote:

>

>> So? If people want to participate in chain letters because they think that

>> Bill Gates will send them money, is that really such a problem that we

>> would risk having the government get involved?

>

> Chain letters, probably not. Other things, maybe so.

Have you seen many things that the government has improved when it got involved?

Have you seen the government pass up even a single opportunity to piss on the

principle of liberty if given the opportunity?

Do you trust the government to limit your free speech only in ways that are

beneficial to you?

>> Should we also require a license to allow people to send things in paper

>> mail? Chain letters were around a long time before email.

>

> There's a bit of a difference. Postal mail costs the sender money. Email

> costs the recipient money. Email is, essentially, mail sent postage due

> without the option of declining receipt.

Most of us don't pay for emails downloaded.

>> It is really scary to think that people would want the government

>> regulating to whom they can forward email, and under which conditions.

>

> Like I said, I'm not crazy about the idea, either, but I'm getting really

> tired of having the email accounts that I pay for rendered increasingly

> useless by other people's malice and/or incompetence.

I'm getting tired of having the government haul people off to jail for things

that are protected Constitutional rights. I think that trumps any inconvenience

over getting a few spams.

> Yes, there are spam

> filters and rules and so on that I can use to bring everything under control,

> but the point is, I shouldn't *have* to, any more than I should have to

> tolerate my neighbors' cigarette smoke coming into the apartment that I pay

> for.

You could justify all sorts of things under that logic. With eugenics, it was

that the able shouldn't *have* to deal with having economic non-contributors

consuming resources.

When you live in a free society, you do *have* to put up with things from

others. That's the way things work. I may think I shouldn't *have* to put up

with NTs all around me, but what are we going to do with them? What about those

of them that thinks they shouldn't *have* to put up with seeing us in public?

> That's the same argument that spammers use, that when you receive spam, you

> should " just hit the delete key " . CAUCE did some math on this once... they

> said that there are 24 million small business in the United States. If just

> one percent of those businesses sent you just one piece of spam once a year,

> you'd receive nearly 700 spams per day, every day. No, the problem will

> never be that large with chain mails, but the principle is the same.

I would rather have 700 spams per day than have the government get involved.

Spams don't kill people in cold blood in Waco, TX, Ruby Ridge, ID, or any other

place. Spams don't make such a technical array of laws that everyone is a de

facto criminal if the government decides to " get " you. The government does

that.

>> I guess I would have lost my radio listener's license.

>

> No one is proposing a radio listener's license, ... don't set up straw

> men, you're too smart for that. ;-)

Until yesterday, I thought you were too smart to even ponder the idea of

advocating more government regulation of free speech. I stand corrected.

If you support regulating free speech, what difference is there between

licensing one form and another?

> Besides which, there's a difference:

> there's no such thing as " irresponsible radio listening " that can cause

> tremendous harm to others.

Getting a few spams is " tremendous harm? "

How about " irresponsible " dissemination of information that the government deems

harmful? Say the Bush administration decided that it was " irresponsible " to

have a web site/ newspaper editorial/ et cetera advocating the next president be

a Democrat, and as a response, began requiring licenses before one was allowed

to exercise free speech, lest it cause " tremendous harm " to others? I am sure

you will find quite a few Republicans that will tell you that having a Democrat

in the White House will do " tremendous harm " to others. Should we let them (the

party in power at this time) pick and choose which parties may express

themselves?

> In any event, the only reason I'm even speculating about this -- because, as

> you know, I'm not exactly crazy about governmental regulations/licensing,

> either -- is that uninformed users have come to pose such a problem for the

> Internet at large that I'm really beginning to wonder how else to fix the

> problem.

Don't fix it. That's the solution. There is no solution that is not a hell of

a lot worse than the problem.

> I hate governmental regulation, too, but the fact is, safer

> computing needs to become more widespread. It's almost 2005, and yet even

> today, two-thirds of home users don't even use firewalls, and the average

> time it takes for an unfirewalled Windows machine to get " owned " once it's

> connected to the 'Net is now down to about *twenty minutes*. No wonder we're

> getting so much spam and worms and all the rest of it.

So what if they don't? Shit happens. Is that any different than people not

having steel-core doors, home alarms (or large dogs), and other security

measures? Bad guys break in and steal things; they can use them directly to

commit crimes (guns, weapons, cars) or they can sell them, which provides a

direct financial benefit for burglary. Should we punish the victims of crime

for not securing their homes well enough? Or (how about this) should we

actually blame the criminals instead?

> There's an old saying that your right to swing your fist ends at my face...

> well, in this case, I'd say that your right to be irresponsible with your

> computer ends at my router.

Unless I am the one attacking you, then I am blameless. We have this notion

that the criminal is responsible for his crime, not those people that made it

easy to victimize them. Your logic is not unlike that idea that women who dress

provocatively and walk alone at night are responsible for being raped. If you

are going to blame the victim of the criminal for not making it hard enough,

might as well be consistent.

> First a straw man, now Godwin's Law...? Come on, ... :-)

I am making valid analogies, and you are using the horse laugh fallacy to avoid

addressing them.

>> How about this for an academic debate-- resolved: There should be a

>> Constitutional amendment prohibiting the government (at any level, from

>> federal to municipal) from issuing any licenses for anything to anybody.

>

> That's pretty academic, all right. I'm sure you realize that it would never

> pass.

It should. Of course it won't pass-- the government is interested in having

total power, not in liberty.

> I find the idea distasteful, too, as I said, but the situation with the

> Internet is bad, and it's just getting worse.

The situation on the net is a trifling irritation compared to what the

government would do.

Besides, you fail to address the fact that is just as easily to launch an attack

from .ru as it is from the US... and nothing can stop the people in other

countries from not meeting the Parrish Knight standard for being secure enough

to deserve net access.

[Guest guest]

> People have the liberty to open any attachment they like.  It is

> not for you, nor anyone else, to try to restrict their access to

> what has become a primary conduit for free expression, regardless

> of how they score on some arbitrary test of how well they can

> regurgitate to you the answers you wish to hear.

They have the right to open any attachment they like, but they do not have the

right to have the consequences of their actions jeopardize *my* computing

experience -- or, indeed, to even bring down large sections of the Internet

itself with the resulting flood of garbage, which has happened a few times in

the past.

> Driver's licenses have nothing to do with penalties for breaking

> driving laws. There are no licenses required to own handguns in

> Arizona, but I can assure you that if someone here were to misuse

> one, he would be penalized.

Hmm... yes and no. Generally speaking, if you commit a moving violation, you're

subject to a more severe penalty if you don't have a driver's license. I do see

your point, though.

> Ignorance of law is no excuse, so the mere existence of laws is all

> that is required for a presumption that the person knows those

> laws.

That's the theory, yes. In practice, two factors:

1) Lots of people are stupid.

2) More pertinently: there are far, far too many laws for anyone to be informed

of all of them, and the fact is, we probably all break laws all the time without

even knowing it. (And before you can say it, yes, I know that's not the way

things should be, but it's the way they are.)

> If a person commits misconduct in a car, he should be

> penalized, but requiring a license is a prior restraint on the

> exercising of one form of a natural right-- the right to move about

> freely.

A driver's license simply indicates that the person has a basic understanding of

the rules of the road and is familiar with the operation of a motor vehicle. I

can't fathom eliminating them. Hell, here in the DC area, the drivers are

already irresponsible maniacs, and that's the ones who *have* gotten licenses.

I can't imagine how much worse the roads would be without them.

> The idea of " needing " to restrict freedom for

> some expedient purpose has long been the tool of tyrants.

Not just them.

> As Ayn

> Rand pointed out, the only thing a government can do is crack down

> on criminals.

Government does a lot more than crack down on criminals.

> All they need to do is define the laws in such a way

> that you are the criminal, and they can crack down on you if the

> mood strikes.  Once people get used to living in a police state,

> they will be so accustomed to such abuses of liberty that they will

> never stop to wonder what the end result of all of the cracking

> down will be.  We are already far down that slippery slope.

This much I certainly won't disagree with. As I said above, the laws in this

nation are such that we're all breaking laws all the time, often without even

knowing it.

> It was your job.  Maybe you should have thanked her, and people

> like her, for providing job security.

It was only a small part of my job, and my job security did not rely on it.

>> In such a

>>

>> case, at the very least, if we had computer operators' licenses,

>> she could have been fined or had her license revoked, as we do

>> with drivers who don't obey traffic laws.

>

> Oh, sure-- taking away a driver's license prevents the person from

> driving, right?

Actually, most people who don't have driver's license *will* refrain from

driving.

> If we decide that a certain driving action is illegal, why would a

> license be needed to make that person answerable for that crime?

It doesn't, of course -- but a license can be suspended or revoked.

> If a cop sees someone driving drunk, and he pulls the person over,

> only to find that the person has never had a driver's license, do

> you think that the state is then powerless to enforce the law

> against drunk driving?

Of course not. That wasn't my point.

> Someone sent her an email, and she had _every right_ to open it as

> far as the law is concerned (and rightfully so).

Actually, in this case, no, she did not. For starters, she had instructions on

how email was and was not to be used. Furthermore, she was on the company

premises, during company time, using company equipment, to perform company

duties. Finally, that email wasn't even hers -- it was company property. She

had absolutely no right to open it at all.

> Now, certainly,

> since she was on a company network, the company she worked for had

> every right to fire her for doing that, or to sanction her as they

> see fit, just as they would have the right to fire her for wearing

> blue on Monday, for making personal phone calls on company time

This is true.

> (should we have a license to use the phone too?)

No.

> The network was not hers to use as she pleased.  She caused a

> problem for the company through her actions.  She cost them time

> and money.  That's a civil matter, not a criminal matter, and the

> company had the perfect right to fire her, suspend her, demote her,

> or what have you, if they saw fit.

What if she had infected the network deliberately rather than out of ignorance?

That would make it a criminal matter, wouldn't it? Seems to me that you're

saying that the difference between a civil matter and a criminal matter is only

your intent, regardless of the results of your actions.

> Now, if she wants to open email attachments on her own time, on her

> own computer, that is her right too.

Of course it is. But her right to open attachments does not extend as far as

harming other users' computing experience in any way. If she wants to infect

her own computer at home, fine; but in practice, infections like that are almost

never isolated.

> Having the government involved in micromanaging yet another aspect

> of our lives, and taking a dump on another one of our

> Constitutional rights with this prior restraint, is not the answer.

> In this case, the cure is several thousand orders of magnitude

> worse than the disease.  Having the government licensing free

> speech is a lot worse than anything it would prevent.

It might be. As I said in my other email, I don't like the idea much myself,

but the situation is getting so bad that I'm beginning to wonder.

> (And it

> would certainly do nothing to stop eastern-bloc hackers/crackers,

> which are some of the most active at this point in time).

Point conceded.

> There is no authority granted to the US federal government to

> restrict the internet.  Therefore, it would be _at best_ a state

> matter.

Oh, right, I forgot. The federal government *never* violates the Tenth

Amendment. *rolls eyes*

>> The two are not mutually exclusive.  I'm saying we should do both.

>

> The very same thing has been said about people that " abuse " their

> rights to free speech by mentioning ideas that are offensive to the

> regime in power.  Such ideas are branded as harmful to the

> collective, too dangerous to be discussed, and the person is deemed

> to be unworthy of the right to speak his mind.

>

> This is EXACTLY the same thing, since the internet is the one place

> where an ordinary person can have his ideas just as available for

> the world to read as any corporation or government entity (until

> you start licensing internet access, of course-- then all the

> government has to do is change the requirements to get this

> internet license.  And it would be perfectly within its power to do

> so, since it will have been established by then that accessing the

> internet, like other forms of free expression, is not a right, but

> a privilege that is enjoyed at the pleasure of the government.

>

> All the government need do is establish a really innocuous internet

> testing standard, one that virtually everyone can pass... and in a

> few years, having to have a license to use the net will be the norm

> to most people.  Then all the government need do is incrementally

> change the requirements to get the license, again and again, each

> one accompanied by claims of being a " reasonable measure " that is

> necessary for the greater good, and before you know it, only the

>  " right " kind of people will be able to access the net, at the whim

> of the government. This is how every encroachment of vital freedoms

> has taken place in this country.

I'm not even talking about anything like that, ... I'm talking about a

licensing/education system that would teach people some fundamentals about the

Internet and show them that when they open that damn attachment, they're taking

a risk that doesn't just affect themselves, it affects everyone else connected

to the Internet. This is a very different matter from saying that anyone

visiting the home page of the Republic Party will have his license revoked.

> What is needed is for people to realize that we don't live in a

> Pollyanna-esque world, where everything is safe and everyone is

> good.

I don't think anyone believes that.

> There are a lot of things that a government

> unconcerned with liberty could do to increase safety, but all of

> them would mean unacceptable limitations of liberty.

*All* of them...?

> Living in a free society requires some risk.

Of course it does.

> Trying to legislate

> the risk out

> of life, one " reasonable " law at a time, at the risk of a " little "

> liberty

> (which will never be regained), is a strategy doomed to fail

I'm not talking about legislating the risk out of life; I'm talking about

legislating one area where the risk is quite large and could mostly be

eliminated with some fairly basic education. Hackers, viruses, and worms are

all a serious headache, but safe computing eliminates virtually all the danger.

We are clearly at a point, now, where users have demonstrated that they either

can't or won't learn about safe computing on their own, and they don't

understand that their ignorance has any impact at all on anyone else, let alone

to the degree that it does. I'll say it again: I don't like the idea of a

computing license, either, but I'm really beginning to wonder how else to fix

the problem.

--

Homemade scented candles to bring warmth and fragrance to your home... Knight

Scents

http://www.knightscents.biz

[Guest guest]

Parrish S. Knight wrote:

>

>> People have the liberty to open any attachment they like. It is not for

>> you, nor anyone else, to try to restrict their access to what has become a

>> primary conduit for free expression, regardless of how they score on some

>> arbitrary test of how well they can regurgitate to you the answers you wish

>> to hear.

>

> They have the right to open any attachment they like, but they do not have

> the right to have the consequences of their actions jeopardize *my* computing

> experience -- or, indeed, to even bring down large sections of the Internet

> itself with the resulting flood of garbage, which has happened a few times in

> the past.

Fascinating that you blame the hapless victim of the virus, not the person that

wrote it and spread it.

One would wonder-- what standard of internet protection would be enough for you?

Would someone that has a software firewall that is easily compromised still

be liable? Or one that has not been updated? Should a person be required to

apply all patches from the publisher of his OS and security software, on pain of

law?

Is a person that has only a software firewall doing enough?

Does the person that has his computer behind a NAT router with no software

firewall doing enough?

Does the person that uses no antivirus software (like me) become liable (even

though I have never had a virus)?

In fact, does a person that runs Windows automatically become liable, since he

could be running Linux or MacOS instead?

How much protection does an innocent victim have to put up before we begin to

blame the virus coder and the people that spread the virus, rather than blaming

the victims for not doing enough to stop that virus?

>> Ignorance of law is no excuse, so the mere existence of laws is all that is

>> required for a presumption that the person knows those laws.

>

> That's the theory, yes. In practice, two factors: 1) Lots of people are

> stupid. 2) More pertinently: there are far, far too many laws for anyone to

> be informed of all of them, and the fact is, we probably all break laws all

> the time without even knowing it. (And before you can say it, yes, I know

> that's not the way things should be, but it's the way they are.)

So, with this in mind, you advocate MORE laws, MORE government bureaucracy, MORE

prosecutions, MORE intricate laws that are impossible even for lawyers to know

if you are following?

As Reagan said, government is not the solution, it's the problem.

> A driver's license simply indicates that the person has a basic understanding

> of the rules of the road and is familiar with the operation of a motor

> vehicle. I can't fathom eliminating them. Hell, here in the DC area, the

> drivers are already irresponsible maniacs, and that's the ones who *have*

> gotten licenses. I can't imagine how much worse the roads would be without

> them.

I don't think it would change much of anything. Obviously, the licensing

requirements do nothing to ensure compliance.

>> The idea of " needing " to restrict freedom for some expedient purpose has

>> long been the tool of tyrants.

>

> Not just them.

There are also despots, dictators, and all sorts of variations, but I included

those all under " tyrants. "

>> As Ayn Rand pointed out, the only thing a government can do is crack down

>> on criminals.

>

> Government does a lot more than crack down on criminals.

Everything they do breaks down to that. Taxation is making it illegal to not

pay money, and they crack down on you if you don't. Regulation of anything is

making it illegal not to do things their way, and the enforcement of that is

cracking down on criminals.

Put another way: Imagine that no government agent had any authority to arrest,

try, incarcerate, fine, or otherwise penalize anyone for anything. Would it be

doing anything at all if that were the case?

>> All they need to do is define the laws in such a way that you are the

>> criminal, and they can crack down on you if the mood strikes. Once people

>> get used to living in a police state, they will be so accustomed to such

>> abuses of liberty that they will never stop to wonder what the end result

>> of all of the cracking down will be. We are already far down that slippery

>> slope.

>

> This much I certainly won't disagree with. As I said above, the laws in this

> nation are such that we're all breaking laws all the time, often without even

> knowing it.

And this is precisely why we need to oppose government regulation of every

single aspect of our lives. The government is a much bigger threat than email

trying to sell you Viagra or with a virus attached.

>>> In such a

>>>

>>> case, at the very least, if we had computer operators' licenses, she

>>> could have been fined or had her license revoked, as we do with drivers

>>> who don't obey traffic laws.

>>

>> Oh, sure-- taking away a driver's license prevents the person from driving,

>> right?

>

> Actually, most people who don't have driver's license *will* refrain from

> driving.

Not those that have had their licenses taken away for disregarding traffic laws

already. The requirement for the license is just one more law.

>> Someone sent her an email, and she had _every right_ to open it as far as

>> the law is concerned (and rightfully so).

>

> Actually, in this case, no, she did not. For starters, she had instructions

> on how email was and was not to be used. Furthermore, she was on the company

> premises, during company time, using company equipment, to perform company

> duties. Finally, that email wasn't even hers -- it was company property.

> She had absolutely no right to open it at all.

As far as the law is concerned, she did. She should not be sanctioned by the

law (the government) for doing that.

>> Now, certainly, since she was on a company network, the company she worked

>> for had every right to fire her for doing that, or to sanction her as they

>> see fit, just as they would have the right to fire her for wearing blue on

>> Monday, for making personal phone calls on company time

>

> This is true.

So a law proscribing a penalty would not be just or necessary. This is a matter

between her and the company. If the company wanted, they could sue her for

damages, and they could see if a judge or jury agreed that she was liable. No

licensing or government regulation is necessary.

>> (should we have a license to use the phone too?)

>

> No.

Why not? I could use my phone irresponsibly-- I could call the manager of

Yankee stadium and call in a bomb threat. I could call the police out for false

reasons, thus preventing them from responding to a real call. I could make

direct threats on the phone. I could harass people in that way, or just by

calling them at odd hours of the night.

Clearly, inappropriate use of the phone can cause harm to others. Why shouldn't

it be licensed, if net access should?

>> The network was not hers to use as she pleased. She caused a problem for

>> the company through her actions. She cost them time and money. That's a

>> civil matter, not a criminal matter, and the company had the perfect right

>> to fire her, suspend her, demote her, or what have you, if they saw fit.

>

> What if she had infected the network deliberately rather than out of

> ignorance? That would make it a criminal matter, wouldn't it? Seems to me

> that you're saying that the difference between a civil matter and a criminal

> matter is only your intent, regardless of the results of your actions.

That is a lot of it. You don't get arrested for having a traffic accident, but

if you intentionally rammed another car, you may be tried for attempted murder.

>> Now, if she wants to open email attachments on her own time, on her own

>> computer, that is her right too.

>

> Of course it is. But her right to open attachments does not extend as far as

> harming other users' computing experience in any way.

Absolutely wrong. If you think you have the freedom to not be negatively

impacted by others, you would be better off in a world with a population of one.

I am negatively impacted when I see bumper stickers on cars that annoy me. I

am negatively impacted when I hear disagreeable ideas on the radio. I am

negatively impacted when I see a house that is painted a garish color. I am

negatively impacted when a lot of things happen. Do I really have the right to

never have my (whatever) experience negatively impacted by others?

> If she wants to infect

> her own computer at home, fine; but in practice, infections like that are

> almost never isolated.

Have you ever gone to work sick?

If so, you may have spread the infectious disease to someone else. Don't they

have a right to not be infected?

This right to not be negatively impacted doesn't exist.

\>> Having the government involved in micromanaging yet another aspect of our

>> lives, and taking a dump on another one of our Constitutional rights with

>> this prior restraint, is not the answer. In this case, the cure is several

>> thousand orders of magnitude worse than the disease. Having the government

>> licensing free speech is a lot worse than anything it would prevent.

>

> It might be. As I said in my other email, I don't like the idea much myself,

> but the situation is getting so bad that I'm beginning to wonder.

I am on the same net as you, and I read a lot of stuff. I have had

acquaintances who have been hit by hackers, and had virus infections that have

wiped out all of their data. I have read of the DoS attacks, and been annoyed

when DoS, virus infection of Microsoft IIS servers, or traffic from Welchi

clogged parts of the internet or some large LANs. It does not even come close

to what I would think would justify government action.

>> There is no authority granted to the US federal government to restrict the

>> internet. Therefore, it would be _at best_ a state matter.

>

> Oh, right, I forgot. The federal government *never* violates the Tenth

> Amendment. *rolls eyes*

As a matter of law, it would be illegal to do such a federal law.

So you are saying that you advocate violating the Constitution when the law is

something that you like? If so, you just justified every unconstitutional

federal law on the books, because every one of them is liked by someone that

also thinks that it is okay to ignore the Constitution when they like the law.

> I'm not even talking about anything like that, ... I'm talking about a

> licensing/education system that would teach people some fundamentals about

> the Internet and show them that when they open that damn attachment, they're

> taking a risk that doesn't just affect themselves, it affects everyone else

> connected to the Internet. This is a very different matter from saying that

> anyone visiting the home page of the Republic Party will have his license

> revoked.

And once you establish that this right is really a privilege, to be had if and

when the government decides you may, what is to stop them from changing the

rules?

Remember that gun control in the US started as a way of keeping newly liberated

blacks from having arms, which would prevent them from being lynched. Everyone

knew that the whites would never have trouble getting arms; that was not what

the " reasonable need " laws were about.

Not yet, anyway. The government's view of who the " wrong " people changed. Once

it was established that people could be denied arms (despite what the

Constitution says) whenever the government said so, all that was required was a

simple change in the definition of the " right " people. They didn't have to

draft an outright ban, which would have caused enough opposition to be prevented

from ever becoming law.

These days, legislation by regulatory agency is a very big problem. The

legislators write a law that is exceedingly vague, and leave it to some agency,

like the EPA, to define. So then the EPA has de facto legislative power, even

though there is no direct oversight of the EPA, nor is anyone in that

organization answerable to voters. They can quietly change the rules with no

discussion and no legislative decision.

This little tragedy was an invention of FDR-- one of many contributions to

tyranny that he made... under the blanket justification of " need, " which was

easy in a time of war. The similarity between that and the call by Tenet for

more security of the internet during this war on terror is nearly impossible to

miss.

>> There are a lot of things that a government unconcerned with liberty could

>> do to increase safety, but all of them would mean unacceptable limitations

>> of liberty.

>

> *All* of them...?

It would be quite a feat to prove otherwise to me.

If we keep in mind that our government poses a far graver danger to our freedom,

our way of life, and our lives themselves, than any terrorist, street criminal,

foreign power, or hacker, then the gravity of what you are advocating becomes

clear.

>> Trying to legislate the risk out of life, one " reasonable " law at a time,

>> at the risk of a " little " liberty (which will never be regained), is a

>> strategy doomed to fail

>

> I'm not talking about legislating the risk out of life; I'm talking about

> legislating one area where the risk is quite large and could mostly be

> eliminated with some fairly basic education.

But any law that requires education can easily be amended to require more and

more... higher and higher standards, until it is an insurmountable obstacle.

All that is required for that is to first allow a right to be turned into a

privilege. Once that is done, the things that must be done to earn that

privilege can easily be changed-- and remember that the grantor of any privilege

has the full power to change the requirements of that privilege at any time.

Once you make a right into a privilege, it is as good as gone as soon as the

government finds it expedient to ban that action. The time to fight the

encroachment of tyranny upon liberty is when rights are turned to privileges, no

matter how reasonable the requirements may be at first. Once the right is a

privilege, the game is 3/4 over before you even start.

> Hackers, viruses, and worms are

> all a serious headache, but safe computing eliminates virtually all the

> danger.

Well, there you go. Those people that do not want to live with the danger, like

you and me, can protect ourselves. The rest can labor on in their ignorance.

> We are clearly at a point, now, where users have demonstrated that

> they either can't or won't learn about safe computing on their own, and they

> don't understand that their ignorance has any impact at all on anyone else,

> let alone to the degree that it does. I'll say it again: I don't like the

> idea of a computing license, either, but I'm really beginning to wonder how

> else to fix the problem.

The easiest solution is " don't fix it. " Deal with it as it is. Not every

problem can be fixed without creating problems that are far worse.

Second, remember that virii do not evolve on their own, nor are hacker attempts

naturally occurring. Someone writes them; someone inoculates the internet with

them. Those are the people that should be gone after, not the " useful idiots "

that spread the virus through their ignorance.

[Guest guest]

> Most of us don't pay for emails downloaded.

True. It's only developing countries and countries where the government

exercises an iron hand over their citizen's telecommunications that the

citizens have to pay per bit.

Of course aren't places like that places where the internet would be great

to have?

My prediction is that by the end of the year, any dial-up will be

unusable unless the ISP filters all traffic not initiated by the dial-up

user. Why? Because some new worm will appear, and stick around, adding

to the traffic of the thousands of worms already around on the internet.

One or two SYN packets a minute aren't a big deal on dial-up. 30 or 40

certainly are.

The only solution I see, and one I advocate, is ISPs voluntarily blocking

all traffic that doesn't represent an outbound connection already

initiated by the user. But of course that will break countless brain-dead

apps (P2P and games can work when two users have firewalls blocking all

inbound connections between them - IF the application is written

properly). Honestly, I hope AOL adopts this - they are the only ISP with

the leverage to get the software makers to fix their apps.

--

[Guest guest]

> Fascinating that you blame the hapless victim of the virus, not the

> person that wrote it and spread it.

I blame both, but my point was simply this: if all computer users were properly

educated about email attachments, no one would be writing viruses in the first

place because they wouldn't be able to spread.

> One would wonder-- what standard of internet protection would be

> enough for you?

{snip}

I actually haven't thought about the idea that deeply -- mainly because, as I

said, I've got mixed feelings about it for quite a few reasons. One of them is,

as you said, that government doesn't do much of anything very well. Another one

is that Internet issues (unlike automotive issues) change so rapidly that the

requirements for an Internet usage license would change too quickly for

legislation to keep up. There are other reasons as well.

>> That's the theory, yes.  In practice, two factors: 1)  Lots of

>> people are stupid. 2)  More pertinently: there are far, far too

>> many laws for anyone to be informed of all of them, and the fact

>> is, we probably all break laws all the time without even knowing

>> it.  (And before you can say it, yes, I know that's not the way

>> things should be, but it's the way they are.)

>

> So, with this in mind, you advocate MORE laws, MORE government

> bureaucracy, MORE prosecutions, MORE intricate laws that are

> impossible even for lawyers to know if you are following?

>

> As Reagan said, government is not the solution, it's the

> problem.

, please take it easy. I've said this several times now, but apparently

it's not penetrating, so I'll say it again: I'm not really advocating this idea.

I'm mostly just speculating.

> I don't think it would change much of anything.  Obviously, the

> licensing requirements do nothing to ensure compliance.

No, but they at least make the person *aware* that they're supposed to pull over

for emergency vehicles that are flashing their lights. Awareness of

requirements like that does ensure compliance with *some* people. (Admittedly

not all.)

>> Government does a lot more than crack down on criminals.

>

> Everything they do breaks down to that.

Interesting viewpoint. Can you explain how it's " cracking down on criminals "

for the government to send you your disability check? (I'm not trolling, here,

I'm honestly curious what your thoughts are.)

>> Actually, most people who don't have driver's license *will*

>> refrain from driving.

>

> Not those that have had their licenses taken away for disregarding

> traffic laws already.  The requirement for the license is just one

> more law.

Source, please. :-)

>> Actually, in this case, no, she did not.  For starters, she had

>> instructions on how email was and was not to be used.

>> Furthermore, she was on the company premises, during company

>> time, using company equipment, to perform company duties.

>> Finally, that email wasn't even hers -- it was company property.

>> She had absolutely no right to open it at all.

>

> As far as the law is concerned, she did.  She should not be

> sanctioned by the law (the government) for doing that.

No, she did not. No one has " rights " when it comes to someone else's property,

only the property owner does.

> So a law proscribing a penalty would not be just or necessary.

> This is a matter between her and the company.  If the company

> wanted, they could sue her for damages, and they could see if a

> judge or jury agreed that she was liable.  No licensing or

> government regulation is necessary.

OK, maybe... although what she did could also cause legal liability to the

company as well (e.g., other companies infected could sue for damages). I'm not

entirely sure I agree with you here, but I'm also not concerned to argue the

point.

>>> (should we have a license to use the phone too?)

>>>

>> No.

>>

>

> Why not?  I could use my phone irresponsibly

That's true, but I don't see any way that you could use your phone in such an

irresponsible manner that you brought down the entire telephone network and make

it impossible for anyone on the planet to make a phone call. Things like that

have been known to happen on the Internet. Not quite to that degree, but

definitely *big*.

>> What if she had infected the network deliberately rather than out

>> of ignorance?  That would make it a criminal matter, wouldn't it?

>>  Seems to me that you're saying that the difference between a

>> civil matter and a criminal matter is only your intent,

>> regardless of the results of your actions.

>

> That is a lot of it.  You don't get arrested for having a traffic

> accident, but if you intentionally rammed another car, you may be

> tried for attempted murder.

OK, that sounds reasonable, and while Constitutional law is a perseveration of

mine, I'm also not a lawyer, so I'll concede this point as well.

>> Of course it is.  But her right to open attachments does not

>> extend as far as harming other users' computing experience in any

>> way.

>

> Absolutely wrong.  If you think you have the freedom to not be

> negatively impacted by others, you would be better off in a world

> with a population of one. I am negatively impacted when I see

> bumper stickers on cars that annoy me.  I am negatively impacted

> when I hear disagreeable ideas on the radio.  I am negatively

> impacted when I see a house that is painted a garish color.  I am

> negatively impacted when a lot of things happen.  Do I really have

> the right to never have my (whatever) experience negatively

> impacted by others?

To some degree, you do. Bumper stickers are one thing, but if I can't get to my

bank's web site or something because too many people are opening the wrong email

attachments, I'm entitled to speak up.

> I am on the same net as you, and I read a lot of stuff.  I have had

> acquaintances who have been hit by hackers, and had virus

> infections that have wiped out all of their data.  I have read of

> the DoS attacks, and been annoyed when DoS, virus infection of

> Microsoft IIS servers, or traffic from Welchi clogged parts of the

> internet or some large LANs.  It does not even come close to what I

> would think would justify government action.

OK.

>>> There is no authority granted to the US federal government to

>>> restrict the internet.  Therefore, it would be _at best_ a

>>> state matter.

>>

>> Oh, right, I forgot.  The federal government *never* violates the

>> Tenth Amendment.  *rolls eyes*

>

> As a matter of law, it would be illegal to do such a federal law.

I'm actually not sure that it would. Virus infections and the like can flood

the Internet with so much traffic that it makes it impossible to get to your

bank's web site or the like. It seems to me that this comes under the commerce

clause.

> So you are saying that you advocate violating the Constitution when

> the law is something that you like?

No.

> And once you establish that this right is really a privilege, to be

> had if and when the government decides you may, what is to stop

> them from changing the rules?

An informed electorate acting responsibly. No, it will probably never happen,

but that was the original theory behind the Constitution.

> These days, legislation by regulatory agency is a very big problem.

>  The legislators write a law that is exceedingly vague, and leave

> it to some agency, like the EPA, to define.  So then the EPA has de

> facto legislative power, even though there is no direct oversight

> of the EPA, nor is anyone in that organization answerable to

> voters.  They can quietly change the rules with no discussion and

> no legislative decision.

I know that. ATFE does the same thing. It's definitely not a good situation,

and it is, in fact, one of the reasons that I'm not really enthusiastic about a

computer users' license.

> If we keep in mind that our government poses a far graver danger to

> our freedom, our way of life, and our lives themselves, than any

> terrorist, street criminal, foreign power, or hacker, then the

> gravity of what you are advocating becomes clear.

It's a pretty huge leap to say that we are in more danger from our own

government than we are from criminals or terrorists. Would you really rather

walk down a street in Baghdad or the Gaza Strip, or even in Algiers, carrying an

American flag, for example, than you would anywhere in the U.S.?

> But any law that requires education can easily be amended to

> require more and more... higher and higher standards, until it is

> an insurmountable obstacle.

I don't think the slippery slope argument applies to a computer users' license.

>> Hackers, viruses, and worms are

>> all a serious headache, but safe computing eliminates virtually

>> all the danger.

>

> Well, there you go.  Those people that do not want to live with the

> danger, like you and me, can protect ourselves.  The rest can labor

> on in their ignorance.

Their ignorance impacts us, though -- that's my point. If they just wanted to

foul up their own computers, that would be fine with me, but when they do, I end

up getting their viruses and spam.

It reminds me of the debate about requiring seat belt use. Opponents of it

argued that it was their own right to decide whether to wear a seat belt in

their own car, and if all that happened was that the driver went out and got

himself killed that way, I wouldn't care. The problem is that when that schmuck

goes out and gets killed because he didn't wear a seat belt, it makes *my*

insurance premiums go up -- especially if he happens to be the same age and sex

as I am.

> The easiest solution is " don't fix it. "  Deal with it as it is.

> Not every problem can be fixed without creating problems that are

> far worse.

*sigh* Maybe so... I disagree with a fair amount of what you're saying, but

OTOH, I also agree with a lot of it as well.

> Second, remember that virii do not evolve on their own, nor are

> hacker attempts naturally occurring.  Someone writes them; someone

> inoculates the internet with them.  Those are the people that

> should be gone after, not the " useful idiots " that spread the virus

> through their ignorance.

How about we prosecute the people who write the damn things and educate the

" useful idiots " so that they're not " useful idiots " anymore?

> Have you seen many things that the government has improved when it

> got involved?

No, not many, but as flawed as it is, I'd still say that our government is among

the best in the world. There are, what, about 250 countries in the world today,

and I can think of only about ten or fifteen other than the United States that

I'd even consider living in.

> Have you seen the government pass up even a single opportunity to

> piss on the principle of liberty if given the opportunity?

The flag amendment has been defeated several times.

> Do you trust the government to limit your free speech only in ways

> that are beneficial to you?

No. That's why we have organizations like the ACLU -- the government needs to

be kept in check (primarily thru lawsuits). It cannot be trusted to behave

itself if left to its own devices.

> Most of us don't pay for emails downloaded.

Actually, we all do. It's part of your ISP's monthly bill. You probably don't

actually pay for each individual email, but overall, the " traffic " that you pay

your ISP to provide is included in your bill.

> I'm getting tired of having the government haul people off to jail

> for things that are protected Constitutional rights.  I think that trumps

> any inconvenience over getting a few spams.

I'm not sure whether you realize this or not, but courts have ruled that spam is

actually not Constitutionally protected speech, because it is paid for by the

recipient (as opposed to the junk mail you receive in your snail mail, which is

paid for by the sender and therefore is protected by the First Amendment).

Spammers do not have a First Amendment right to spam.

>> Yes, there are spam

>> filters and rules and so on that I can use to bring everything

>> under control,

>> but the point is, I shouldn't *have* to, any more than I should

>> have to

>> tolerate my neighbors' cigarette smoke coming into the apartment

>> that I pay

>> for.

>

> You could justify all sorts of things under that logic.  With

> eugenics, it was

> that the able shouldn't *have* to deal with having economic non-

> contributors

> consuming resources.

> When you live in a free society, you do *have* to put up with

> things from

> others.  That's the way things work.  I may think I shouldn't *have*

>  to put up

> with NTs all around me, but what are we going to do with them?  

> What about those

> of them that thinks they shouldn't *have* to put up with seeing us

> in public?

I'm not talking about things in public. I'm talking about private property

rights. I own my computer, and I pay for my Internet access, therefore, it is

my right to decide how it is and isn't used. I pay rent on this apartment,

therefore, I have the right to declare (for example) " No Bibles are allowed in

my home; if you bring a Bible into my home, you will be instructed to leave, and

if you don't, I will charge you with trespassing. " First Amendment religious

protections don't apply in such a case -- my private property rights override

the religionists freedom of religion.

> Getting a few spams is " tremendous harm? "

Not a few, no -- but spam is becoming such a serious problem that some industry

analysts are even going so far as to say that email will become useless within

the next few years or so because of the clogging of server space and consumption

of bandwidth. (I'd have to look it up to get exact figures and dates, but I

think some of them are saying that email is going to be about 97% spam within

about three years.) Personally, I *live* in email, and I know other autistics

do as well. If my email becomes useless, then yes, I am harmed.

> How about " irresponsible " dissemination of information that the

> government deems

> harmful?

I'm not even talking about that. I'm just talking about getting computer users

educated enough so that the risk of their computers being infected with worms or

turned into open relays for spammers is reduced.

> Don't fix it.  That's the solution.  There is no solution that is

> not a hell of a lot worse than the problem.

You may be right.

>> I hate governmental regulation, too, but the fact is, safer

>> computing needs to become more widespread.  It's almost 2005, and

>> yet even

>> today, two-thirds of home users don't even use firewalls, and the

>> average

>> time it takes for an unfirewalled Windows machine to get " owned "

>> once it's

>> connected to the 'Net is now down to about *twenty minutes*.  No

>> wonder we're

>> getting so much spam and worms and all the rest of it.

>

> So what if they don't?  Shit happens.  Is that any different than

> people not

> having steel-core doors, home alarms (or large dogs), and other

> security

> measures?

Yes, because if someone else gets robbed, that doesn't have an impact on my own

apartment.

>> There's an old saying that your right to swing your fist ends at

>> my face...

>> well, in this case, I'd say that your right to be irresponsible

>> with your

>> computer ends at my router.

>

> Unless I am the one attacking you, then I am blameless.

A user *is* attacking me (however inadvertently) if he allows his computer to

get owned and try to infect mine.

> The situation on the net is a trifling irritation compared to what

> the government would do.

It may be a trifling irritation now, but it's getting worse.

> Besides, you fail to address the fact that is just as easily to

> launch an attack from .ru as it is from the US...

In fact, I'm quite aware of that. The point is that if most computer users were

to practice safe computing, attacks would be a lot harder to pull off.

> and nothing can stop the people

> in other

> countries from not meeting the Parrish Knight standard for being

> secure enough

> to deserve net access.

Yes, that's another problem with the concept.

In any event, I shouldn't be spending time on this... I'm about to become

homeless (or worse), so I've got to keep my priorities straight. If you want to

post a reply and have the last word, please feel free to do so -- I'd actually

like to continue this discussion, but I can't.

--

Homemade scented candles to bring warmth and fragrance to your home... Knight

Scents

http://www.knightscents.biz

[Guest guest]

How do you " control " the internet? I don't think that's possible. The

idea suggested by Tenet is not too plausible.

[Guest guest]

> How do you " control " the internet? I don't think that's possible. The

> idea suggested by Tenet is not too plausible.

What do you think the idea suggested is?

His idea is that people should secure business and government computer

networks. That's plenty possible. Sure, not possible to completely

secure *every* network, just as it is not possible to ensure every door to

a sensitive government office is locked (SOMEONE will forget to lock *ONE*

door!), but it is possible to make it a lot harder for people to

compromise business and government systems.

I did not see anything in Tenent's remarks that indicated he was

particularly concerned that Aunt Betty's computer doesn't have anti-virus,

that he is going to force Betty off the internet, or other such stuff.

If he actually gets even some business and government to fix their messes,

it is a good thing.

--

[Guest guest]

>

> > How do you " control " the internet? I don't think that's possible.

The

> > idea suggested by Tenet is not too plausible.

>

> What do you think the idea suggested is?

>

> His idea is that people should secure business and government

computer

> networks. That's plenty possible. Sure, not possible to completely

> secure *every* network, just as it is not possible to ensure every

door to

> a sensitive government office is locked (SOMEONE will forget to

lock *ONE*

> door!), but it is possible to make it a lot harder for people to

> compromise business and government systems.

>

> I did not see anything in Tenent's remarks that indicated he was

> particularly concerned that Aunt Betty's computer doesn't have anti-

virus,

> that he is going to force Betty off the internet, or other such

stuff.

> If he actually gets even some business and government to fix their

messes,

> it is a good thing.

>

> --

>

[Guest guest]

Parrish S. Knight wrote:

>

>> Fascinating that you blame the hapless victim of the virus, not the person

>> that wrote it and spread it.

>

> I blame both, but my point was simply this: if all computer users were

> properly educated about email attachments, no one would be writing viruses in

> the first place because they wouldn't be able to spread.

So once again, it is the fault of the victim for not doing enough to stop the

virus, not the person who wrote it.

> , please take it easy. I've said this several times now, but apparently

> it's not penetrating, so I'll say it again: I'm not really advocating this

> idea. I'm mostly just speculating.

You said it would not be a bad idea. I happen to think that all limitations of

free speech are bad ideas.

>> I don't think it would change much of anything. Obviously, the licensing

>> requirements do nothing to ensure compliance.

>

> No, but they at least make the person *aware* that they're supposed to pull

> over for emergency vehicles that are flashing their lights. Awareness of

> requirements like that does ensure compliance with *some* people.

> (Admittedly not all.)

What a person knows is not the issue-- only behaviors matter. If a person fails

to pull over, he can be cited if he is seen by the police.

>>> Government does a lot more than crack down on criminals.

>>

>> Everything they do breaks down to that.

>

> Interesting viewpoint. Can you explain how it's " cracking down on criminals "

> for the government to send you your disability check? (I'm not trolling,

> here, I'm honestly curious what your thoughts are.)

My parents, who paid the taxes into the Social Security fund, would have been

cracked down upon if they had refused to pay. The Social Security people would

have been cracked down upon if they failed to obey the law that says that I have

to be paid a certain amount each month.

>>> Actually, most people who don't have driver's license *will* refrain from

>>> driving.

>>

>> Not those that have had their licenses taken away for disregarding traffic

>> laws already. The requirement for the license is just one more law.

>

> Source, please. :-)

Logic.

>> As far as the law is concerned, she did. She should not be sanctioned by

>> the law (the government) for doing that.

>

> No, she did not. No one has " rights " when it comes to someone else's

> property, only the property owner does.

Really? So if I go to a Wal-Mart store and announce that I think Bush

sucks, I can go to jail? I still have the right of free speech, which is the

right to be free from government action on the basis of what I say.

> OK, maybe... although what she did could also cause legal liability to the

> company as well (e.g., other companies infected could sue for damages). I'm

> not entirely sure I agree with you here, but I'm also not concerned to argue

> the point.

That is still a civil matter, and it shows that there is no need for even more

laws and even more government interference to allow the company to have

recourse.

>> Why not? I could use my phone irresponsibly

>

> That's true, but I don't see any way that you could use your phone in such an

> irresponsible manner that you brought down the entire telephone network and

> make it impossible for anyone on the planet to make a phone call. Things

> like that have been known to happen on the Internet. Not quite to that

> degree, but definitely *big*.

Ok, so causing 40,000 people to be evacuated from a baseball stadium is not big

enough to warrant a license, but sending out spam, inadvertently transmitting

viruses, etc., is?

> OK, that sounds reasonable, and while Constitutional law is a perseveration

> of mine, I'm also not a lawyer, so I'll concede this point as well.

Then how can you even begin to consider supporting a law that is

unconstitutional on three separate issues? (First Amendment, Tenth Amendment,

Prior Restraint)?

> To some degree, you do. Bumper stickers are one thing, but if I can't get to

> my bank's web site or something because too many people are opening the wrong

> email attachments, I'm entitled to speak up.

Sure, just as you are entitled to speak up because you don't the colors of their

web site. That's the First Amendment. You have a right to speak up, but not a

right to be heard. And if the bank loses customers or suffers other losses in

revenue because of careless net usage, that is a tort, and there are already

means for dealing with torts on the books. You do not need to criminalize each

and every tort in order for there to be recourse.

>> As a matter of law, it would be illegal to do such a federal law.

>

> I'm actually not sure that it would. Virus infections and the like can flood

> the Internet with so much traffic that it makes it impossible to get to your

> bank's web site or the like. It seems to me that this comes under the

> commerce clause.

The commerce clause has been stretched so far over the years by various tyrants

that it is barely recognizable. Federal gun control legislation is based on the

commerce clause, under the justification that guns affect interstate commerce.

It is clearly not what the framers had in mind with regard to the interstate

commerce clause. Having a loose connection to interstate commerce does not mean

that it is an issue of interstate commerce.

Not to mention, of course, the right to free speech and expression, and the

prohibition of prior restraints upon the exercise of rights.

>> So you are saying that you advocate violating the Constitution when the law

>> is something that you like?

>

> No.

So then this law that you have said might be a good idea is really one that you

think is a bad idea?

>> And once you establish that this right is really a privilege, to be had if

>> and when the government decides you may, what is to stop them from changing

>> the rules?

>

> An informed electorate acting responsibly. No, it will probably never

> happen, but that was the original theory behind the Constitution.

If we had an informed electorate acting responsibly, this idea would never be

implemented, and neither would the vast majority of laws out there.

> I know that. ATFE does the same thing. It's definitely not a good

> situation, and it is, in fact, one of the reasons that I'm not really

> enthusiastic about a computer users' license.

Now we need to get you to the point that it is so repugnant to you that it makes

you sick to the stomach to hear about it.

> It's a pretty huge leap to say that we are in more danger from our own

> government than we are from criminals or terrorists. Would you really rather

> walk down a street in Baghdad or the Gaza Strip, or even in Algiers, carrying

> an American flag, for example, than you would anywhere in the U.S.?

Oh please. I am not IN Gaza-- what risks I would face there have nothing to do

with the risks I face here.

I am far more afraid of my own government than I am from any terrorist or street

criminal.

>> But any law that requires education can easily be amended to require more

>> and more... higher and higher standards, until it is an insurmountable

>> obstacle.

>

> I don't think the slippery slope argument applies to a computer users'

> license.

Of course it does. The government has seldom missed an opportunity to abuse its

authority to abuse the privileges it grants. If you think that the government

has no interest in limiting the First Amendment, I can refer you to a whole host

of recent laws, including McCain-Feingold " campaign finance " reform, the

Communications Decency Act (which is now defunct), the Digital Millennium

Copyright act, and a host of others. The First Amendment is under assault too,

and the internet is one outpost of free speech that is accessible to people that

are not in the media establishment (which sometimes acts as the fourth branch of

government).

> Their ignorance impacts us, though -- that's my point. If they just wanted

> to foul up their own computers, that would be fine with me, but when they do,

> I end up getting their viruses and spam.

The ignorance of the people that voted for Bill Clinton impacted me too. (I

used Bush as an example before, so now I will use this one).

\> It reminds me of the debate about requiring seat belt use. Opponents of it

> argued that it was their own right to decide whether to wear a seat belt in

> their own car, and if all that happened was that the driver went out and got

> himself killed that way, I wouldn't care. The problem is that when that

> schmuck goes out and gets killed because he didn't wear a seat belt, it makes

> *my* insurance premiums go up -- especially if he happens to be the same age

> and sex as I am.

That is totally irrelevant. A person has a right to ride a motorcycle,

helmetless or not. He has the right to drive a car without airbags. He has the

right not to wear a seat belt. He has a right to drive a car without anti-lock

brakes. Your insurance going up is not justification to regulate his freedoms.

He should not be forced to wear a seat belt to lower YOUR premiums. What

gives yout the right to tell him that he should?

People have sovereignty over their bodies and their properties

>> The easiest solution is " don't fix it. " Deal with it as it is. Not every

>> problem can be fixed without creating problems that are far worse.

>

> *sigh* Maybe so... I disagree with a fair amount of what you're saying, but

> OTOH, I also agree with a lot of it as well.

Oh well-- being 100% correct on this issue is a cross I will have to bear alone,

then

>> Second, remember that virii do not evolve on their own, nor are hacker

>> attempts naturally occurring. Someone writes them; someone inoculates the

>> internet with them. Those are the people that should be gone after, not

>> the " useful idiots " that spread the virus through their ignorance.

>

> How about we prosecute the people who write the damn things and educate the

> " useful idiots " so that they're not " useful idiots " anymore?

Not by getting the government involved in making more laws. We have laws on the

books that are sufficient to get the people that misuse the internet... we don't

need more. (Sound like something that your RKBA compatriots have said? They're

right. The answer is more prosecutions of the bad guys, not criminalizing more

things). The US government can put pressure on the other countries to crack

down on computer criminals in other countries. Authorities in the Czech

Republic and Russia have just been in the news for cracking down on the 29A

hacker group for vx coding.

As for computer security-- educating Microsoft will go a long way, and it has.

Sally Schmoe can't be expected to know that her computer is at risk when she

signs onto the internet with her machine equipped with Windows 98, and billed as

" internet ready. " But Microsoft should have known that their OS was

horrendously insecure, and that a compromised machine can be used for anything

from spreading worms to running a bot used in a DDoS attack against a third

party. Now that internet security has become a real problem, social pressure

has caused Microsoft to begin taking security seriously-- now the XP firewall is

on by default in Windows XP, and the reminders all over the place to make sure

it is enabled are as annoying as hell to those of us that use solutions that are

far better than the rudimentary firewall MS uses.

The MS firewall has to be basic and limited, because most users won't take

security seriously enough to deal with alerts from a firewall. My brother

infected his computer with a keylogger trojan not long ago, and he should have

known better. If he had not told me that he had, with 3 other online friends,

downloaded an .exe from a questionable source and executed it, only to find that

2 of them lost hundreds of dollars worth of electronic items in an online game

(which the trojan targeted), he might never have known there was a trojan until

it was too late.

I told him, he found it, and since then, he has gotten more serious about

internet security. He installed a firewall with outbound filtering. His wife,

though, does just as Microsoft found people do when firewalls pop up alerts--

she says YES to everything.

So, under your plan, she would not be allowed to use her online games, do her

email, et cetera, because she does not take security seriously. But, since you

raised the " I shouldn't have to " argument before: Why should SHE have to? She

is not malicious-- the people that write malware are. Why should the millions

of people that use computers on the internet for good purposes be penalized for

not doing enough to stop the bad guys? I don't have the government's

prosecutorial power or investigative power-- why should I be the one that is

required by law to stop them?

>> Have you seen many things that the government has improved when it got

>> involved?

>

> No, not many, but as flawed as it is, I'd still say that our government is

> among the best in the world. There are, what, about 250 countries in the

> world today, and I can think of only about ten or fifteen other than the

> United States that I'd even consider living in.

I can't even think of another one. Every government I know of pisses on the

concept of liberty even worse than ours does. That does not mean that we should

ever forget that governments are inherently evil things whose only purpose is to

remove freedoms.

>> Have you seen the government pass up even a single opportunity to piss on

>> the principle of liberty if given the opportunity?

>

> The flag amendment has been defeated several times.

That wasn't really an opportunity, as the left has been adamant about that one.

Look at what we do have-- the USA Patriot act... a law that was designed under

the same kind of circumstances you write of here. " It's a huge problem, and we

have to do SOMETHING. " That is essentially what you have said regarding the

internet problem. So the legislators did something.

> No. That's why we have organizations like the ACLU -- the government needs

> to be kept in check (primarily thru lawsuits). It cannot be trusted to

> behave itself if left to its own devices.

And, knowing this, we should never be quick to entertain the idea of promoting

government regulation of anything.

>> Most of us don't pay for emails downloaded.

>

> Actually, we all do. It's part of your ISP's monthly bill. You probably

> don't actually pay for each individual email, but overall, the " traffic " that

> you pay your ISP to provide is included in your bill.

I don't pay any more whether I get no email or a thousand of them. And if my

ISP finds that the spam is costing them money, they certainly can sue the

spammers-- if they can find them, if they are even in the US. And if they are

not, some law we make would not have stopped them anyway.

>> I'm getting tired of having the government haul people off to jail for

>> things that are protected Constitutional rights. I think that trumps any

>> inconvenience over getting a few spams.

>

> I'm not sure whether you realize this or not, but courts have ruled that spam

> is actually not Constitutionally protected speech, because it is paid for by

> the recipient (as opposed to the junk mail you receive in your snail mail,

> which is paid for by the sender and therefore is protected by the First

> Amendment). Spammers do not have a First Amendment right to spam.

Well, this is a tangent, but the courts have made a lot of errors. Roe v. Wade

was one. Although I am fiercely pro-choice, and am in favor of the maximum

extent of abortion rights, it is obvious to me that Roe v. Wade was a horrible

abomination. There is NO Constitutional right to abortion.

And, yes, I am in favor of the court decision that spam is not constitutionally

protected speech. This means that ISPs and corporations (and end users) have

the legal grounds to sue spammers. There is no doubt that spam uses up

bandwidth, and bandwidth is not free. All this means is that a weak defense by

the spammers has been defeated-- spamming is, and always has been, a tort.

> I'm not talking about things in public. I'm talking about private property

> rights. I own my computer, and I pay for my Internet access, therefore, it

> is my right to decide how it is and isn't used. I pay rent on this

> apartment, therefore, I have the right to declare (for example) " No Bibles

> are allowed in my home; if you bring a Bible into my home, you will be

> instructed to leave, and if you don't, I will charge you with trespassing. "

> First Amendment religious protections don't apply in such a case -- my

> private property rights override the religionists freedom of religion.

Right-- but asking people to leave is a civil matter. You do NOT have the right

to fine someone or send them to jail if they bring a Bible into your house.

Private property rights like that are civil matters.

>> Getting a few spams is " tremendous harm? "

>

> Not a few, no -- but spam is becoming such a serious problem that some

> industry analysts are even going so far as to say that email will become

> useless within the next few years or so because of the clogging of server

> space and consumption of bandwidth.

Experts have said a lot of things, of course... look at the things Ivar Lovaas

said (there are many today that would regard him as an expert). However, even

if if that is true, that does not justify laws that violate the Constitution,

especially those that won't work. A lot of spammers have already moved

offshore; our laws can't reach them. We have to devise a better solution than

licensing internet access.

> (I'd have to look it up to get exact

> figures and dates, but I think some of them are saying that email is going to

> be about 97% spam within about three years.) Personally, I *live* in email,

> and I know other autistics do as well. If my email becomes useless, then

> yes, I am harmed.

Then you can certainly sue the spammers, or you can put pressure on your ISP to

do so.

>> How about " irresponsible " dissemination of information that the government

>> deems harmful?

>

> I'm not even talking about that. I'm just talking about getting computer

> users educated enough so that the risk of their computers being infected with

> worms or turned into open relays for spammers is reduced.

If you licensed internet use in the US, and if we presume that spamming were

effectively stopped (which is a big assumption), and we further presume that

unprotected users outside of the US cease to exist, you would be providing that

much more incentive for crackers to find exploits in protected systems. Surely

you know that when it comes to a commercial firewall installed by an average

user vs. a skilled cracker, the cracker wins. Firewalls work pretty well now

because the miscreants can just move on to a more easily compromised system.

But that is not that pertinent, really, because nothing is going to stop the

spammers, vx spreaders, etc., from compromising the computers outside of the

reach of US laws.

>> So what if they don't? Shit happens. Is that any different than people

>> not having steel-core doors, home alarms (or large dogs), and other

>> security measures?

>

> Yes, because if someone else gets robbed, that doesn't have an impact on my

> own apartment.

Sure it does. It reinforces the idea, in the mind of the criminal, that what he

has chosen for a career is a viable and workable solution. That is one reason I

have decried the policies of passivity that many governments proscribe when

people are confronted with violent crime. People in the UK are being told to

" walk on by " if they see a violent crime taking place. They are virtually

prohibited from self-defense there, and they can be charged with carrying an

offensive weapon even if they never had any inkling to use an item in their

possession as a weapon until they were attacked. Is it any wonder that their

violent crime rate is more than twice what ours is?

>>> There's an old saying that your right to swing your fist ends at my

>>> face... well, in this case, I'd say that your right to be irresponsible

>>> with your computer ends at my router.

>>

>> Unless I am the one attacking you, then I am blameless.

>

> A user *is* attacking me (however inadvertently) if he allows his computer to

> get owned and try to infect mine.

Attacking someone requires intent.

> In fact, I'm quite aware of that [referring to the existence of non-US

attackers].

> The point is that if most computer users

> were to practice safe computing, attacks would be a lot harder to pull off.

Well, since there will be lots of easily compromised computers around the world

even if such a law were successful, you can't claim that the law would be

justified on the basis that net security protects everyone from what can be done

with compromised computers. Even if every computer in the US were as hardened

as mine (and I can assure you that mine would be a difficult target), nothing

would stop spammers from using non-US computers as email relays, DDoS bots (for

some reason, people in the security industry sometimes call these zombies), or

from spreading worms or other malware using non-US machines. In fact, it could

be that very little would change, since the port scans of random IP blocks would

still turn up all of the computers that were not dropping the incoming probe

packets (ie, those without firewalls).

So, the only remaining basis for such a law would be to protect the enduser

himself, and his own computer, from the malware/hacking threat... and protecting

someone from his own ignorance is not a valid basis for a law.

All is not lost, though, without a law. People are becoming more aware. Just

two years ago, I myself ran Win9x with no firewall, with my Client for Microsoft

Networks bound to TCP/IP even though I had no network. I was computer savvy in

most ways, but I didn't know how vulnerable an unprotected computer could be. I

heard hype on the net about hackers and such, but I hear so much hype on the net

that the warnings of an unprotected computer did not rise above the background

noise level.

I knew that someone could not just log into my IP and begin using my computer

remotely... there has to be some code on my end to give the miscreant control or

access to my information, and even people that were more savvy than I (and I did

ask) could not tell me exactly how my computer could be compromised.

It sounded to me like so much more overblown hype and paranoia, which is

certainly in no short supply on the internet. What changed all of this was me

stumbling onto the grc.com web page. While many security pros laugh at Steve

Gibson, he was the first one I know of to write about the risks of unprotected

computers in a way that is designed to be understood by security novices (as I

was then), but that gave some specifics of how my computer could be compromised.

The elusive code on my end that would effectively act as a server for the bad

guy was indicated-- client for MS networks, the TCP/IP stack itself, among

others. It made sense, finally.

I installed Kerio PFW 2.1.4 that day, and I have tried every enduser-oriented

software firewall on the market since then. Now I have a multilayered

hardware/software defense, with multiple layers of software protection as well.

My software firewall is probably the most complex and difficult one to get set

up, but I've got it set really " tight, " and I am confident in it.

Increasing awareness of endusers is one way to address the problem, and unlike

legislation, that effort reaches people all over the world. Having Microsoft

take security seriously is another way to address it. Nearly all PCs sold now

come with the Windows XP firewall enabled by default-- not the best firewall,

but certainly a whole lot better than Windows 98 with no firewall at all. Win

9x is obsolete, although tons of people still use it... but just as Win 3.1

eventually dropped into virtually total disuse, so will Win 9x. XP without a

firewall can be even worse, as it has TCP raw socket capability, but in time,

the percentage of those that are defenseless will decline as well.

ISPs are in the unique position of being able to educate their users. A warning

of some sort, given when the customer signs up for service, will likely be taken

more seriously than the general internet hype. They can usually send emails on

topics like that to their users without it being considered spam. If anyone is

in the position to educate users, it is the ISPs. It is in their own best

interest to do so.

Home networks are growing in popularity, especially the wireless variety.

Adding a NAT router to the average computer adds a significant layer of security

(although too many routers still respond to packets sent to IDENT/113). If we

could get more people to delete Outlook Express, including the Windows Address

book, and to block Internet Explorer from accessing the net, that would help

too.

Another way to work on the problem is to convince ISPs to do their part. If

they filtered outbound packets to make sure that the IP address they say they

are from is accurate, a lot of the problem would go away. ISPs could use

heuristics to determine if a given connection is possibly being used to send

spam, and they can investigate and act to stop it (since most ISPs have ToS that

ban spam).

> In any event, I shouldn't be spending time on this... I'm about to become

> homeless (or worse), so I've got to keep my priorities straight. If you want

> to post a reply and have the last word, please feel free to do so -- I'd

> actually like to continue this discussion, but I can't.

I would too, as I find it interesting to mix two perseverations-- my libertarian

ethos and computers

[Guest guest]

wrote:

> I did not see anything in Tenent's remarks that indicated he was

> particularly concerned that Aunt Betty's computer doesn't have anti-virus,

> that he is going to force Betty off the internet, or other such stuff.

> If he actually gets even some business and government to fix their messes,

> it is a good thing.

" Access to networks like the World Wide Web might need to be limited

to those who can show they take security seriously, he said. "