|
|
|
| Authored by: Wol on Saturday, May 04 2013 @ 09:27 AM EDT |
You then have the problem of what to do if you find a door unlocked when it
should be locked!
Intent surely matters here. If I try a door, discover it's open, and then try
and find the owner to tell them, is that a criminal offence? Seems like, in the
computer world, it most definitely IS!
Cheers,
Wol[ Reply to This | Parent | # ]
|
| |
| Authored by: Anonymous on Saturday, May 04 2013 @ 12:14 PM EDT |
I see a major cultural problem here:
The law seems to think that the magic computer with any kind of lock on it is as
secure as a good safe and that anyone who breaks such locks must have criminal
intent.
And yes, intent *has* to be part of the equation. Maybe that's *MY* money or
information behind that lock I just tried to break.
The problem is, the locks vary all over the place in quality...from cheap
plastic toys that fall apart in your hands, to things like bathroom stall door
locks that pop open if you bump them, to decently secure things like PGP, or
out-of-band authentication.
If the lock fell apart when I leaned on the door while walking down the street,
and when I investigated slightly, a few gold pieces fell out, which I attempted
to return to the owner, noone would think it was a crime. We have a man in jail
for something precisely analagous to breaking a cheap plastic lock...when the
owner wouldn't take action on the information, he went to a journalist with his
story and showed him some of the things that fell out.
So, there has to be a *good faith* exception...maybe it should work like a DMCA
takedown notice, with a standard that says if you have confidential information
on the internet, you also have a "security@domain" type address
reasonably well advertised, with an obligation to respond within a deadline.
That response buys the owner of the broken lock a limited period of
confidentiality from the researcher, after which the researcher is free to
publicise his results absent a court order. The purpose of the court order is
to balance the interests of publicising the problem (cheap plastic locks being
sold as secure are a problem) against that of the owner(s) of the data and the
general public(who is often described in the data).
There is a presumption that the court hearing for the order is in the locale of
the researcher, who, among other things, has the right to make his case for both
complete and partial disclosure to the wider public of his findings in the
particular case. If the owner of the lock cannot secure a hearing within a set
deadline, then free publication would be the default.
Now, we need to work on the definition of "secure" lock....since, next
year, locks that were impractical to break may become quite practical to break
because I now have twice as many MIPs for my thousand dollar consumer-grade
compute setup.
(Christenson)
[ Reply to This | Parent | # ]
|
| |
| Authored by: Anonymous on Saturday, May 04 2013 @ 04:50 PM EDT |
In one case the system asks the user:
Where is your key? Can I authorize you?
In the other case the user gets in first saying:
Here is my key. I am authorised.
Both times it's the same key, and the same lock.
Good fodder for semantic analysis.
[ Reply to This | Parent | # ]
|
| |
| Authored by: Anonymous on Saturday, May 04 2013 @ 07:14 PM EDT |
I think people are missing the point.
If you want a locked door on the internet, then set up a page where you have to
login.
If you can send a plain text sequence that allows you to view something then it
is already open to the world.
Away from the internet a lock of any type requires you to stop and do something
else.
I'm repeating myself.
If you want a locked door on the internet, then set up a page where you have to
login.
Be good peeps :)[ Reply to This | Parent | # ]
|
|
|
|
|
