Penalties For Security Negligence?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Penalties For Security Negligence?

  1. #1
    Senior Member
    Join Date
    Feb 2002
    Posts
    856

    Penalties For Security Negligence?

    Discussion in another thread gave me the idea for this thread.

    Do you think individuals who fail to take reasonable measures to secure their computers should face civil (liable to lawsuits) or even criminal penalties? Compromised computers are used to send spam (which beyond being a general nuisance can cause a loss of productivity because of the time required to deal with it); they can be utilized by crackers as vehicles for attacks on other systems, and they can be used in DDOS attacks which can cost companies money when customers can't access their sites.

    Possible topics for discussion:
    1) What is the definition of "reasonable security measures."
    2) What penalties would be levied? Criminal (Jail time? Fines?) Civil (Restitution for lost revenues?)
    3) Should liabilty extend to software companies or just computer owners?
    4) Do you think the whole thing would be a bad idea?
    5) Do you think it will happen? Why or why not?
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  2. #2
    Senior Member
    Join Date
    Mar 2005
    Posts
    400
    Do you think individuals who fail to take reasonable measures to secure their computers should face civil (liable to lawsuits) or even criminal penalties?
    The jails aren't big enough to hold all the people to which this would apply and you think the court rooms are clogged now??


    But if you are starting an offshoot of an old industry or perhaps a new one, I want to be on the ground floor.

    [Dreams about looking down while using my sleeve to shine my freshly new "Computer Cop" badge]

    Enters music from Dragnet, "Da Da DA....Da Da DA Da Da.... Just the fact's, Maam!"
    ZT3000
    Beta tester of "0"s and "1"s"

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    Yes, but people would start taking security seriously
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    This would open up a can of worms, IMHO.

    1) What is the definition of "reasonable security measures."
    You'll never see such a definition from an industry that can't even agree on file formats. And lawmakers are clueless.

    2) What penalties would be levied? Criminal (Jail time? Fines?) Civil (Restitution for lost revenues?)
    Anything could happen. Look at enforcement of child porn laws; anyone with an image of a naked child on their computer is generally prosecuted in federal court. Even if you saved a screenshot for law enforcement officials (almost happened to me).

    3) Should liabilty extend to software companies or just computer owners?
    You certainly see some court ruling on the validity of EULA's. I'm surprised we haven't seen them already.

    4) Do you think the whole thing would be a bad idea?
    Criminalizing computer security issues would certainly make life more complicated. Yes, I think it is a bad idea.

    5) Do you think it will happen? Why or why not?
    I think eventually the internet will be regulated as a public utility, with common security issues being resolved on a network level, at the ISP's, and higher. It wouldn't surprise me at all to see nat'l firewalls, similar to what the Chinese run, within 5 years time here in the States.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #5
    In a corporate environment, yes there should be strict and immediate consequences for lax security.

    Unfortunately, in a home user environment, complete ignorance is to blame. Not negligence.


    Until we educate the majority, we cannot punish them. This is not something that can be done overnight.

  6. #6
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    Until we educate the majority, we cannot punish them. This is not something that can be done overnight.
    True. You can't expect to get grandma and grandpa to know firewalling/anti-malware/encryption, etc... I would like them to, but it is unreasonable to expect all (or sometimes even most) home users to know the stuff. So I say no in a home network. But in a corporate network, there really is no excuse. Everything is cenralized on a domain. And if good precautions were taken and enforced (as they would be when people had to fear something), this kind of stuff wouldn't happen.
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  7. #7
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    With corporations this is in place... certain requirements must be met... and this is to be expected...

    However, computers are evolving and changing and for that reason... you can't hold the end user responsible... the laws would become to complicated..

    Computers and the software that drive them is ever evolving and changing... new vulns and holes are found on a daily basis... You can't hold someone responsible for being rooted with a 0day and having their machine attack others..

    A better idea is computer licensing (which I've supported in the past) similar to a drivers license.. or a gun license... however again.. computers don't kill people like guns and cars (don't give me that random if someone hacks a hospital and kills their computer systems.. yada yada yada.. safeguards should be in place)... So computer licensing fails as well...

    There's no way to legally control computer security at the end user level.... it's not feasible.... they may attempt it but attempts would fail miserably and bring cries of outrage from many... These are problems that for the mean time we have to live with... unless someone wants to volunteer to go door to door and freely secure everyone's computer and even then, they don't have to agree to it..

    or you could lock the computer down to the point where it's impossible for it to be violated but then it'd be too complex for your average joe to utilize and unfortunately the computer is now a tool... and like any other tool... a Hammer or a screwdriver it can be used for good or bad... it's in the hand of the user... and like those tools, the law isn'tenough to keep everyone from using it improperly.. Saying people should be held responsible if their PC is part of a botnet, is like saying you should be held responsible if someone steals your hammer and uses it to kill someone else.... It just doesn't work.

    Peace,
    HT

    [Edit]
    As an after thought... we should also focus on problems much larger than this before even worrying about it.. Murderers, rapists, pedophiles, even muggers and theives... as long as they exist a botnet is the least of our concern.... It may cause a company to lose some money, but it will seldom cause people to die.
    [/Edit]
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Keep politicians out of computers and technology...

    They already screw up everything they touch regarding computers.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I could only accept that kind of "law" if you allowed me unfettered access to any weapon that I desired, and the authority to use it as I chose fit

    I do not think that we want to revert to the "Wild West"?????????????

    HT~ is quite correct with the corporate angle, that is "sort of" covered.

    I think that the biggest stumbling block to this otherwise quite reasonable proposal, is that you could never implement it. The internet is "international"...................so far only stuff like genocide seems to be PARTIALLY accepted as an international crime?..............child pornography and the rest, do not even get a look in

    Anyways, wouldn't it be just another case of punishing the victim rather than the criminal?...........in a "proper" society, I should be free to leave my door open and not get robbed or murdered?

    As it is Easter Sunday here I will leave a little quiz.........................

    "And Simon Peter drew his sword and struck off the right ear of Malachi, the High Priest's servant"

    So.................

    1. What social status really was Simon Peter?
    2. Was he left or right handed?
    3. What was Malachi wearing at the time?

    You are allowed to use any other part of the New Testament in your analysis, should you so choose
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Easter Sunday quiz:

    1) What social status really was Simon Peter?

    Simon Peter was from a wealthy family. Landowners, I believe. Recently, his house was dug up and a church built over it up in Gallilee.

    2) Was he left or right handed?

    Lopping off Malachi's right ear logically has Peter as a leftie, if they were face-to-face. On the other hand, if Peter came up behind Malachi, or the stroke of his sword was a crossover move, he could easily have been right-handed.

    3) What was Malachi wearing at the time?

    Probably a S.W.A.T. team uniform. Gotta be careful with those religious types...

    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •