Re: Re: Ethics, morality and the industry

["Paul D. Robertson" <paul () compuwar net>]

On Fri, 29 Oct 2004, Paul Foster wrote:

> > To my mind the issue is that he's still *profiting* from  his crimes.
> > That doesn't do justice to the victims, nor does it send the right message
> > IMO.  Crime should not pay.
>
> How so?  He talks about how he would exploit security systems, and this
> is his area of expertise.  The guy spent many enjoyable years in jail
> (on his knees?) which does not sound like 'crime pays' to me.

It's also his area  of criminality.  That's not a good message- there are
*plenty* of good guys who have the same expertise who haven't created
victims who can give out the same information.

It worries me socially that the royal we tend to put these folks on
pedestals when they're nothing more than confidence tricksters who have no
special information or skills.

> > I think that the fettering should include profiting from whatever badness
> > the person did- hey, if he was lecturing on IPv6 security, then I don't
> > see as much of an issue.
>
> Perhaps he doesn't know squat about IPv6.  If we prevent him from
> legally earning a buck on issues he does know, we could inadvertently be
> encouraging use of those skills illegally.

IMO, society would be better served if we *really* rehabilitated them.
Having them stand up in front of people and proclaim how great they were
when they were doing illegal activities seems to run counter-productive
to that to me.

He doesn't know squat about IPv6 because we're letting him cruise on
notoriety rather than making him go get a real job that doesn't profit
from his criminality.  And yes, if he's so bent on doing wrong than on
doing the right thing, then let's let him commit more crime, and lock him
up again- because that means he's not reformed and shouldn't be out of
jail.

> > I hope that in the future, CSI chooses its keynote speakers more
> > carefully.
>
> Should we bury our heads in the sand and not learn from people like this?

You can learn all there is to learn without paying them princely sums and
celebrating notoriety.  There's both more value in what Howard Schmidt and
Bill Murray say than in what Abignale and Mitnick say, and a better
overall message for the industry and society to send by using them.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards