Originally published at: https://boingboing.net/2009/06/26/abstinence-doesnt-wo.html
…
“Once you get to earth orbit, you’re halfway to anywhere in the solar system.”
— Robert A. Heinlein
“Once you get information in a computer, it’s halfway to everywhere on the Internet.”
So, basically, “just the tip”?
Are you saying that it’s impossible to have a machine that’s not connected to the Internet?
(OK, maybe I should read the article first >.>)
Nonsense. Not the same thing at all.
Telling teenagers not to have sex is telling them to ignore or completely suppress powerful biological urges run by a suite of chemicals perfected by a billion years of pitiless evolution to drive them the screw. Telling companies to do due diligence in their design process and not be stupid and lazy is very different and much easier to enforce. Just make it hurt the bottom line and hurt really, really hard.
I’d argue that the analogy is stronger than you give it credit for:
Sex evolved to be a thing humans are interested in because gene transfer for sexual reproduction turns out to be a strategy adaptive enough to be worth its myriad risks for a great many organisms.
In an analogous way, a great many computers are set to jobs that are either impossible or vastly less useful if they don’t engage in data transfer with at least some peers; whether it’s results and logs out, config and software updates in, or some mixture of the two.
There are some fully closed applications, where you can let your little silicon monad hum merrily along until it dies; but they certainly aren’t the rule; especially for systems that people care about having hacked.
Like sexual reproduction, data transfer is such a useful capability that there’s an intense drive to include it.
None of this excuses sloppy practice: one must be very careful in handling Xeno data, minimize unnecessary connections, etc; but “don’t leave your DRAC on the public internet” being good advice doesn’t change the fact that a lot of ‘air gapped’ or aggressively firewalled systems aren’t actually isolated, just waiting for a tech to load the wrong USB fob full of diagnostic tools. Like DNA, malicious data tends toward lateral movement even when you try to block vertical transmission.
People at companies love being stupid and lazy and always will, and will actively lobby for the right to be stupid and lazy, even in those cases where it is ultimately is worse for their bottom line. Some companies might choose to be “smart”, but on a curve that still leaves a lot of companies cutting corners until the company tanks. I can totally see that just telling them to “follow best practices” is a lot like telling people to “just keep your knees together until marriage.”
Nah. You can up liability for companies that don’t and remove protections.
For kids, well, Just Say No doesn’t work. Comprehensive sex education, access to contraception, and Gardrasil do.
Easy as pie.
Just make companies liable and they won’t do bad stuff. Because companies never work against their best interests.
Except they’re already liable, bad practices already expose them to financial harm, they’ve already been shown and told of the risks, and Cory’s article is about the fact that they still act like the equivalent of horny teenagers because best practices require more work and thought, and people (at companies!) always assume someone else will get caught, no matter how high the financial penalty.
As the piece says,
Users will always prioritise getting their job done over honouring your network policy,
The main point remains that any computer is likely to be on the net at some point, and just telling people not to allow that (by threatening after-the-fact financial harm or whatever) is never going to stop people from risking it, no matter how high the penalty.
We live in an era of regulatory capture and, more to the point, one where tech companies have been given a free pass to do pretty much whatever they want to . That can be changed. So can the practice of routinely sealing the records in civil and criminal cases so that bad acts and unsafe practices never see the light of day. It isn’t complicated, but it does take political will.
This topic was automatically closed after 5 days. New replies are no longer allowed.