RE: Re: Ethics, morality, and mental retardation

["Marcus J. Ranum" <mjr () ranum com>]

Miha Vitorovic wrote:
> I see this point come up again and again throughout this thread. "Mitnik 
> should choose another line of work, for me, _the security expert_, to be 
> happy." Why?

Maybe it hasn't happened to you, or maybe you don't care,
but as a professional I can't count the number of times
I've told some dumb-!*!#$#! journalist I'm a security practitioner
and had them leer and ask me for stories about my hacking
past. "Uh, I never DID that kind of stuff!"  "Suuuuuuuure...."
One of the big problems with tolerating the presence of
criminal activity in a field is that it de-professionalizes it.
It's obviously just a matter of personal taste, but I prefer
to have my lines cleanly drawn; as a "good guy" I don't
like having to periodically defend my "good guy" credentials
just because there are so many "ex-bad guys" hovering
around in search of a quick buck.

> Why don't we all start selling cars? Because we don't want 
> to.

True; it's a matter of choice. Of course, I could quit this
field and get a job as a system administrator again.
If you've got a nice clean swimming pool with a lot of
people enjoying themselves there, and one character
decides to join the pool and start peeing in it - either
all the good people have to leave, or they ask the
distasteful newcomer to leave or stop. Eventually some
leave anyhow. I understand where you are going with
your argument but fundamentally the problem of individual
liberty is that there are few actions in a society that
can be totally individual.

> But Mitnik has to? Why? Yes, a criminal looses his rights when he is 
> in jail, but he gets them back when he does his time. Including the right 
> to have a job he likes, not a job someone else thinks he ought to have.

That's true.

And when a paedophile gets out of treatment, he should be
able to operate a day-care center if he wants to. And I'm
completely in favor of necrophiliac owned-and-operated
funeral homes. But, if you go that route, suddenly society
is destabilized. Suddenly everyone has to start asking
pointed questions of everyone else. The reason the journalists
ask security professionals about their "hacker pasts" is
because so (!*!$&!&! many "security professionals" are
the proverbial ex-arsonist on the fire truck. It's not a
simple issue, because - yes - the ex-whatever has rights,
but their presence damages everyone's credibility.

> And another thing I see in most of the letters is: "My security advice is 
> just as good as Mitnik's." Which to me, also means, "Well, obviously then, 
> his advice is just as good as yours.", but the authors somehow think that 
> theirs is better. And, some of them are right. But, all of them? Hmm...

Yes, that's a bad trap to fall into. Many of us have consistently
maintained that the skills required to break security systems
are a subset of the skills required to build them. That's a fairly
gentle put-down, of course. Really, what I mean to say is
"So what? He's a clueless ex-hacker. He couldn't even elude
the FBI for crying out loud. How smart is THAT? My horse
probably knows more about security than he does."  But
that doesn't sound very professional, either. :)  See? The
reason I want guys like him out of the industry where I work
is because I periodically have to waste my time explaining
the difference between a real security practitioner and a chump.
If the chumps would just be nice enough to get out of the
swimming pool and stop peeing in it, I'd be happier. I know
I'm selfish, but I like clean water.

> And, again and again, in the end it comes down to money. "Hey, he's making 
> money! Stop him! That's money I was supposed to make!"

I probably made more money in 1999 than Mitnick has made
in his entire life. Really. For me, it's not about the money.
Money is a way of keeping score, that's all. When someone
is willing to pay the guy who pees in the pool $5,000 to
say how he did it (wow! it was hard!) and pays the guy who
cleaned up after him $40 - it's a statement of the relative
value society (or whoever) places on that individual and
their contribution to society. In that light, yeah, it's annoying
to me that guys like Mitnick are rewarded for their former
crimes - because it's saying "thank you for peeing in our
pool! we appreciate it!"

> But, people with 
> money choose to give it to him. Again, it's their money, they can give it 
> to anyone they like.

Yes; you're adopting the childishly facile moral position of
ultimate personal liberty. I can't refute it, either, since I believe
a great deal in personal choice. However, I think that choice
should be made with responsibility.

> What I'm trying to say is, that so far, I haven't seen a single point that 
> would convince me that having Mitnik as a speaker is a bad thing. But I 
> have seen an awful lot of bruised egos.

I think you're probably projecting your own motives, then. Hopefully
my response has helped explain some of the motivation behind
at least a few of our views. Yes, the desire for respect fundamentally
boils down to egotism - but when you're talking about whether
an entire *industry* is respected, then it's more an issue of
efficiency. Imagine if every time you went to a restaurant, you
felt that you HAD to make sure the waiter hadn't spit in your
food. Imagine how much more complicated dining out would
be? At a certain point, the social contract breaks down when
untrustworthy people mingle too closely with trustworthy people.
Suddenly everything falls apart into doubt.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards