Security Incidents mailing list archives
Security Event / Customer Reporting
From: "Tyrannis Von Nettesheim" <tyrannis () wwc com>
Date: Fri, 13 Jul 2001 11:57:40 -0400
Folks:
From the battlefield trenches of dealing with the constant ebb and flow of
residential customers compromised generally due to the expected holes in Microsoft products, I have yet to get myself or hear of a request from any entity (with the exception of legitimate, authorized government investigators) for forensic data analysis from their own "home" networks. In a recent posting here, I read an opinion that people should be prepared to provide this. This is absolutely abhorrent, and leads us all down the slippery slope of an Orwellian society. Customers, unless engaged in financial business or other business with regulatory requirements, should not be ever subjected to anything near a requirement to store their own data, or be prepared to provide historical data. At the surface, this violates privacy concerns. Deeper under the surface, it would make security professionals de-facto extensions of law enforcement in a very unregulated way. This immediately makes one think of government "strong-arming" a security professional into providing data, but this works the other way too - where a well-intentioned, but overzealous security engineer discloses confidential data improperly or commits a procedural error that leaves an employer exposed legally. This is why we have courts, judges, magistrates, search warrants, process, and procedure, to ensure that requests for confidential data and privacy intrusions are well-formed and within the bounds of current law. Stepping above the day-to-day techie mindset we're in, it's interesting to consider the question of : "Who owns a packet once it's off your network?". Current US law seems to view examining transit traffic like radio interception - a no-no, for the most part. There's also the huge issue of how to prove / maintain a chain-of-evidence, yet another slippery slope in the digital crime era. =( -T ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "...Far better is it to dare mighty things, to win glorious triumphs even though checkered by failure than to take rank with those poor spirits who neither enjoy much nor suffer much because they live in the gray twilight that knows neither victory nor defeat..." -Theodore Roosevelt, 1899. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Security Event / Customer Reporting Tyrannis Von Nettesheim (Jul 13)
- Re: Security Event / Customer Reporting Nick FitzGerald (Jul 13)
- Re: Security Event / Customer Reporting Aaron Silver (Jul 16)
- <Possible follow-ups>
- Re: Security Event / Customer Reporting ethan preston (Jul 16)
- Re: Security Event / Customer Reporting JohnNicholson (Jul 16)