RE: Castles and Security (fwd)

["Marcus J. Ranum" <mjr () nfr com>]

Stiennon,Richard wrote:
> And, speaking of paradigms gone wrong, I advice against thinking that arms
> control ever stopped terrorists.  The thought that network tools of any sort
> can be regulated effectively or is even justifiable is one that has to be
> stopped now before our legislators get led down that path. 

I (carefully) wrote in the posting he was responding to:

> It's the latter point that got me on my recent train of thought that hacking
> tools/cyberweapons will eventually become regulated: they have to be
> because possession of cyberweapons is one of the few targeting indicators
> that might identify an enemy.

There's a lot of subtlety that I think many people miss when they approach
the issue of weapons/cyberweapons regulation. There's some possible
utility in trying to restrict tools at a surface level, but the real utility comes
from improving targeting. I know that sooner or later the 2nd amendment
debate will get dragged into this (and if it goes too far, I'll exercise moderator's
rights) but the gun lobby's "if guns are outlawed, only outlaws will have guns"
slogan really makes the point: never mind the details, you've now reduced
the situation into clear black and white rather than shades of gray. Whether
or not restrictions work, removing the shades of gray is utterly critical to making
any progress. This is the targeting problem.

Right now, we're working in an environment where it's nearly impossible to tell
a "good guy" from a "bad guy".  In fact, a bad guy could probably mount a
credible defense for a while by merely claiming to be a good guy. That's not
possible if the target definition is a bit crisper.

mjr.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards