[extropy-chat] forwarded comments on security systems

spike spike66 at comcast.net
Sun Dec 4 03:51:58 UTC 2005


Former ExI poster Mike Lorrey wrote:


All of the huffing and puffing about this topic demonstrates a poor
understanding of the whole purpose of realistic security. I think Harvey
will agree with me that it is just impossible to make anything 100% secure,
but it is also unrealistic to go by the absurd demands that hackers make of
system security. 

Traditional lock picking and safe cracking have demonstrated that security
technology is really only good at keeping honest people honest. This doesn't
mean you shouldn't put locks or security cameras on your home. This is
because the real point of security technology is to create such a barrier to
entry that those who are intent on breaking through them have to engage in
such overt and intentional acts that they leave a sufficient evidence trail
that will lead to their capture and convince a jury of the need to convict.
Honest people do not intentionally break through security systems in the
real world unless they are hired to do so by their owner, or as part of
their vocational training for careers in security, in an educational
setting.

Security systems are of minor use in deterring dishonest folk from criminal
enterprise. They tend to try to find was around or through them without
getting caught.

No security system is a substitute for a .45 caliber at deterring those
intent on no good. Of course, you can't shoot bullets over a computer
network... or can you? Few people have noticed that the powers that be have
essentially imposed total victim disarmament on the internet. They do not
allow a 2nd Amendment when it comes to the internet. You may not fry,
defensively, the systems of an intruder, with viruses, trojans, worms, etc.
without commiting a crime to do so.

Is it any wonder, then, that the net is rife with spam, viruses, trojans,
worms, dos attacks, spyware, malware, and many thousands of technology
crimes every day? No, it isn't, because very few of the perpetrators are
ever caught. We saw a Russian spammer beaten to death in his apartment
earlier this year, but that was as likely done by a competitor of his. Once
in a while a hacker is arrested. A malware perp is busted. Sony comes under
investigation, but if a person exercises their right of affirmative defense
against hackers, he commits a crime in the eyes of the 'law'.

That being said, back to the topic at hand: copy protection systems.
Just because internet logging and dongles can be gotten around is no reason
not to implement. They keep the vast majority of people honest.
The pirating problem will not be solved so long as China, and other
governments, refuse to live up to their obligations regarding IP protection.
It is a political problem. 

Moreover, you should expect pirating if your software is any good.
Pilferage is the greatest flattery for a developer. You can choose to not
pursue prosecution of pirates, merely make them pay the true cost through
the technical support system by having multiple tiers of
service: free or low cost support for fully paid licensees, and high cost
paid support for pirates. They may not pay you for a license, but they will
pay you for your support of what is really still your own product, and
through that you can recoup the original license fees anyways, thus through
the market, you make a deterrent against piracy of your product, if the
users wind up paying more in the end to use pirated software than licensed
software.

Mike Lorrey
Founder, Constitution Park Foundation:
http://constitutionpark.blogspot.com
Personal/political blog: http://intlib.blogspot.com





More information about the extropy-chat mailing list