Originally posted by J'Pol+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (J'Pol)</td></tr><tr><td id='QUOTE'>The point is that the punishments should be more severe to
a, take offenders out of the system for a protracted period.
b, deter others from following suit.
As long as the victims are being partially blamed for the crime then this is used in mitigation. The defence of - if he had taken sensible precautions then my crime would not have worked.
It is time to put all on the blame on the perpetrators and leave the victims alone. What happened to them was not in any way shape or form their fault.
No-one is suggesting that people should not lock their car. The suggestion is that we should have the expectation that our property will not be attacked. When it is we have the right to expect that the law will prosecute them and punish them in an appropriate matter. The suggestion is that we Should be able to leave our property unlocked, not that we can.
Oh and are you suggesting that someone's data being destroyed by a virus or worm is not a cause of stress. Your use of "hand wringing" and such phrases does not make the point made any less true.[/b]
You are speaking exclusively from a legal view point. I am talking about a practical viewpoint.
The administrator of a computer system has taken on a job and agreed that in return for money he will protect our infrastructure. He is not your average victim of crime. His failure to do his job has no bearing on the responsibility or guilt of the offender, but it does have a serious bearing on how much damage these inevitable attacks cause.
Recognising that an administrator is incompetent does not detract from the offenders guilt or provide the offender with any defence. To my mind the two issues are completely separate. If the legal system cannot grasp that, then that is the legal systems problem. I don't see why we should have to ignore an important issue that needs to be dealt with, because the legal system lacks common sense on this issue.
What if the perpetrator was not a civilian, what if it was a foreign Gvt or terrorists? What good will the niceties and principles of the legal system do us then? By ignoring these rogue administrators completely, as we have done for far too long, we are putting critical systems at risk. You cannot deny that is the case.
You seem to be arguing that we should focus on one area of the problem alone, out of principle. I'm saying that we need to tackle both these problems to come up with a practical solution.
Putting "all the blame on the perpetrators" as the sole solution will get us nowhere fast in terms of practical solutions although it might make us feel all warm and fuzzy...
If you have incompetent and grossly negligent security guards you sack them and get decent ones. Why on Earth should cyberspace be any different to real life in this respect? Why does the latter break some important principle when the former does not?
PS
My "hand wringing" phrase referred to the fact that some individuals will label land mines and slavery as "puppy dog and kittens" issues and then promptly get all serious about malicious code. People need to put things in perspective.
<!--QuoteBegin-JP Fugley
see, i come from the E.U. where we have a human rights thing. it says that all people are entitled to enjoy their privacy and their property and that other people can't take it away from them. so if somebody does it is a bad thing.
so when someone takes my things away, they are 100% to blame no matter what precautions i did, or did not take.
this is a principle rather than a practicality.
the law and punishment should reflect that and not apportion the blame between the perpetrator and the victim. that sounds like ooer missus you were wearing a sexy frock, you were asking for it a wee bit. [/quote]
Sacking an incompetent security guard or administrator who cannot do the job they're paid for is nothing like blaming a rape victim for the way she is dressed.
Sacking an incompetent security guard or administrator who cannot do the job they're paid for does not remove guilt from the offender or weaken the principle that people are entitled to enjoy their privacy and their property.
Sacking an incompetent security guard or administrator who cannot do the job they're paid for will lessen the impact of these inevitable attacks and will increase security.
What is the problem?
Bookmarks