On 2/12/07, <b class="gmail_sendername">Per Heldal</b> &lt;<a href="mailto:heldal@eml.cc">heldal@eml.cc</a>&gt; wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>On Mon, 2007-02-12 at 09:06 -0500, Edward Lewis wrote:<br>&gt; I&#39;ve worked in security for some time, not that it makes me an expert<br>&gt; but I have seen how it is promoted/advertised.<br>&gt;<br>&gt; On Feb/12/07, someone wrote:
<br>&gt;<br>&gt; &gt;Consumers are cheap and lazy.<br>&gt;<br>&gt; I think that is the wrong place to start.&nbsp;&nbsp;It isn&#39;t the consumer&#39;s<br>&gt; fault that they have a device more dangerous than they think.&nbsp;&nbsp;Look<br>
&gt; at what the are being sold - a device to store memories, a device to<br>&gt; entertain them, a device to connect with people they want to talk to.<br>&gt;<br>&gt; Everyone economizes on what they think is unimportant.&nbsp;&nbsp;A consumer
<br>&gt; doesn&#39;t care for the software, they care for the person on the other<br>&gt; side of the connection.&nbsp;&nbsp;They care about the colors in the office,<br>&gt; the taste of the food, etc.&nbsp;&nbsp;So it may appear they &quot;low-ball&quot; that
<br>&gt; part of the computer equation.<br>&gt;<br>&gt; My point is that it is convenient to blame this on the consumers when<br>&gt; the problem is that the technology is still just half-baked.<br>&gt;<br>&gt; &gt;What they need is a serious incentive to care about security.
<br>&gt;<br>&gt; I find this to be a particularly revolting thought with regards to<br>&gt; security.&nbsp;&nbsp;Security is never something I should want, it is always<br>&gt; something I have to have.&nbsp;&nbsp;Not &quot;need&quot; but something I am resigned to
<br>&gt; have to have.&nbsp;&nbsp;This is like saying &quot;folks will have to die before a<br>&gt; traffic signal is put here&quot; or &quot;more planes will have to be taken by<br>&gt; hijackers before the TSA is given the funding it needs.&quot;&nbsp;&nbsp;Security
<br>&gt; shouldn&#39;t wait for a disaster to promote it - you might as well be<br>&gt; chasing ambulances.&nbsp;&nbsp;Security has to resign itself to being<br>&gt; second-class in the hearts and minds of society.&nbsp;&nbsp;Security has to be
<br>&gt; provided in response to it&#39;s environment and not complain about it&#39;s<br>&gt; lot in life.<br>&gt;<br>&gt; (I realize that this post doesn&#39;t say anything about people &quot;dying&quot; -<br>&gt; I&#39;ve heard that in other contexts.)
<br>&gt;<br><br>You&#39;re missing the point. My suggestion lies along the lines of &quot;follow<br>the money-trail&quot;. I want consumers held responsible so that they in turn<br>can move the focus to where it belongs; IT vendors.
<br><br><br>&gt; &gt;Society holds individuals accountable for many forms of irresponsible<br>&gt; &gt;behaviour.<br>&gt;<br>&gt; This is true, but individuals are not held entirely accountable.&nbsp;&nbsp;A<br>&gt; reckless driver can cause a multi-car accident on an exit ramps and
<br>&gt; cause a tie up for the entire morning rush.&nbsp;&nbsp;Are the &quot;victims&quot; of<br>&gt; this compensated?&nbsp;&nbsp;What about the person who loses a job offer<br>&gt; because of a missed interview and suffers fallout from that?
<br><br>The system isn&#39;t perfect but does that mean we should ditch all attempts<br>at regulation. If the no-touch approach towards IT was applied to<br>traffic and the automotive industry we could just as well drop all
<br>regulation of traffic. No rules, no offences.</blockquote><div><br>If you take the driver = computer operator&nbsp; argument as valid (pretty close); then here perhaps is the meat of the matter.<br><br>A driver is someone that has to pass a test and pay for a license to be able to operate a potentially lethal vehicle. Now while in theory a computer can be lethal, in general it is not.
<br><br>With the above said in regards to lethality, regarding the costs potentially involved in incorrect operation a computer can be near a car.<br><br>Accepting this analogy as true would imply that we should start licensing computer users.
<br><br>Howerver, given the general non-lethality of a computer coupled with the idea that a computer license could potentially stifle our industry and limit innovation/education. (That kid whose parents might just barely be able to afford a PC might not be able to operate it without a license - two fold problem sales and familiarity) So, in regards to not hurting our collective industry (fiscally or in regards to talent to hire down the line) via regulation and/or financial restrictions like insurance, perhaps we should lobby for a tax break from the federal government for computer use training classes. Make it not-OS-specific, as long as you have taken a class that covers an industry body&#39;s recommendation for material you get X dollars back from the federal government.
<br><br>Tax breaks, IMO, have been proven to be a great incentive for consumers and corporations alike in regards to influencing the public good. Whereas regulation has generally be a stifling influence on innovation and leads to government bloat and overhead.
<br><br>Thoughts?<br><br>JB<br></div></div>