RE: A reminder that security is not inherently solvable with tech nology

[Ranjeet Shetye <ranjeet.shetye2 () zultys com>]

On Tue, 2003-10-28 at 03:01, Jack Solomon wrote:
> On Fri, 2003-10-24 at 19:02, Hagen, Eric wrote:
> > The fact is that in the US, an individual would likely be arrested for even
> > threatening to release this information.  The problem with the countries
> > overseas is that US laws, especially the privacy laws, are virtually
> > unenforcable.  While the activity of releasing that information it illegal
> > in the US, it is not usually illegal in another country, therefore, even if
> > the individual released that information while residing in his native
> > country, his actions would be entirely lawfull, and even under extradition
> > treaties, the US would have little or no recourse in sequestering that
> > information, which is a huge problem.
> >
> > Just my 2c.
> >
> > Eric
>
> My 2 pennies...
>
> I find it interesting that you consider unenforceability of US laws across 
> the rest of the world a problem.  Whether North America grasps it or not, it 
> is part of a larger community.  Over here in the UK we have a very good 
> legal system.  We've got legislation too, including the Data Protection Act 
> and the Computer Misuse Act.  It is illegal to disclose private information 
> in the UK and this is regularly enforced, both through civil actions and 
> criminal prosecutions.
>
> Believe it or not, the world outside of the US is not comprised of backward 
> third-world countries.  Of course, it is not a good idea to outsource your 
> banking operation to fraud-centres like India, but don't loose sight of the 
> fact that when the US does business with the rest of the world, its citizens 
> and their businesses are protected by something invented in Europe about a 
> thousand years ago, International Law.

Couldn't let this idle chatter just pass by.

Why do you think it is NOT a good idea to outsource fraud-centres to
India ?? Any concrete evidence ?

In fact w.r.t fraud/corruption, let me see...

http://www.expressindia.com/ie/daily/20001011/ina11004.html

Former Indian Prime Minister is sentenced to jail (under Prevention of
Corruption Act) for bribery and fraud. (and this was NOT a political
vendetta - before you come up with excuses like that). On the other
hand, Nixon was given a pardon. Why ?

Please show me Clinton doing jail time for perjury, or Cheney doing jail
time for the on-going Haliburton-Iraq multi-billion dollar charade. Or
Reagan in the slammer for Iran-Contra.

What about someone from the White House going to jail for unveiling the
CIA operative ? Or Bush's daughters doing time for repetitively using
false IDs to obtain alcohol illegally ?
(http://www.sptimes.com/News/060501/Floridian/One_press_secretary__.shtml  to see how the White House stonewalled all 
queries)

Heck forget all this. Just put Henry Kissinger on trial for his various
genocidal schemes (The Trial of Henry Kissinger by Christopher Hitchins)
and I'll consider that fraud/corruption at the high echelons gets
tackled in the West. Or extradite Union Carbide ex-CEO Warren Anderson
for his criminal behaviour in the Bhopal gas tragedy - the world's
largest industrial disaster.

Or consider the case of top management in Enron and SCO profitting on
their worthless stock. Or what about Martha Stewart or O.J. Simpson
actually serving time ?

You've got your own prejudices about western governments/corporations
being less corrupt and less stupid. That's quite true at the lower
government/corporate levels but not necessarily at the higher levels.



Coming back to fraud from the technical perspective:

If you mention an unstable electricity infrastructure as a reason to
avoid outsourcing, that's very valid. But you haven't given any reason
to back your claim that fraud centres should not be based out of India.

In fact, if you really want to quantify technical excellence, 44 of the
world's 60 SEI level 5 centres are in India. To the point where Huawei
(a Chinese router company) has its only SEI level 5 centre based in
India.

So in terms of pure merit, skills, and capability, I dont see why one
should not base a technology centre in India. And if fraud-analysis /
cyber-forensics is one of those technologies, so be it.

$0.02,

> Regards
>
> Jack
>
> _________________________________________________________________
> It's fast, it's easy and it's free. Get MSN Messenger today! 
> http://www.msn.co.uk/messenger
>
>
> ---------------------------------------------------------------------------
> Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
> The Presidio integrates PGP data encryption and XML Web Services security to 
> simplify the management and deployment of PGP and reduce overall PGP costs 
> by up to 80%.
> FREE WHITEPAPER & 30 Day Trial - 
> http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
> ----------------------------------------------------------------------------
-- 

Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.



---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------