Re: Ethics, morality, and mental retardation

["Marcus J. Ranum" <mjr () ranum com>]

J. Oquendo wrote:
> You're quite right Mr. Ranum, I say sentence everyone for the rest of
> their lives to rot in a prison at your taxpayer expense. Why not there is
> no such thing as reform.

Oh, my, this must be sophisticated sarcasm, indeed. It took a while
for me to "get it."

Reform and forgiveness are interesting concepts and take us into
the realm of moral philosophy - an area people have historically
disagreed about more than they've agreed. You seem to think I
do not believe in reform; you are wrong. I think that an essential
component of reform and forgiveness is showing remorse; admitting
publicly that one made a mistake, and committing to better
onself. This is one reason why judges are often less sympathetic
in sentencing toward criminals who "throw themselves upon the
mercy of the court" recognize they have done wrong, and vow
not to repeat it. It's also why judges throw the book at those
same criminals if they show up in the courtroom for the same
crime. Mitnick had plenty of chances and warnings, judging
by what I've bothered to read about him. He's also not been
particularly remorseful - last time I shared a CNN spot with him,
he trotted out the usual hacquer self-justifying "I was just curious"
and "hackers help improve the system by testing it" nonsense.
(I call it nonsense because uninvited "help" is welcome, and
by choosing to not ask he placed himself on the wrong side
of an important line). Has he reformed? He doesn't sound like
it, to me.

> Punish EVERYONE to a lifetime sentence.

Oh, grow up.

> You seem to
> forget without a criminally malicious "hacker" you would have no career,
> nor business for that matter.

If I had a dollar for every time some narrow-minded moron has
made that argument, I'd be retired someplace to a mansion, sipping
mint juleps while I watched the servants spit-shine my row of
pick-up trucks. Unfortunately, I'm not so lucky.

You know what's wrong with that argument? Simply put: as a
useful, positively creative person, I'D HAVE A CAREER NO
MATTER WHAT. If there were no hackers, I'd be making a good living as
a network manager doing what I originally started out interested
in, building kick-ass distributed systems, solving problems,
making money, and pushing the world forward one iota at a
time. Unlike the useless, punk hackers, who are a drain on
society (how many millions of dollars did Mitnick's "curiousity"
cost Digital Equipment Corp, AT&T, and the US Taxpayers?)
productive people will always find something interesting and
useful to do. Indeed, if most of us security practitioners took
5 years off and sat on the couch drinking beer, we'd do less
damage to society (as well as improving the financial picture
for zymurgists!) than a single hacker does by penetrating a
single system.

One of the fundamental skills of a security analyst, systems
analyst, and products builder is creative problem-solving.
People who have that skill can live happy lives doing just
about any technically challenging task. I'd happily trade my
career as a security geek TOMORROW for a career as a
diesel mechanic (engines are COOL!) if it'd make all the
punk-ass hackers dry up and blow away. People who
know how to solve problems and think analytically can
do everything from renovate ziggurats to build firewalls
or wrench on diesel engines if they want to. That's part
of why I have so little patience for the hacker punks who
obviously have some technical skills and are OK at
system engineering - and have chosen to waste their
skills by being a drain on humanity. Better they sit on
the couch and smoke dope; at least it doesn't drag the
rest of us down.

We're sitting in the middle of a $6 billion/year industry that
exists solely because of useless friction. Unlike the friction
in physical systems, which is an unavoidable consequence
of macroscopic reality (as we understand it) hacking,
malcode, viruses, worms, all that garbage - is completely
unneccessary. We are forced to fight this hard battle against
unnecessary friction - for what? Not by choice. I'd just as
soon leave my computers insecure. I used to. How do you
think I got into security? Some punk-boy penetrated one
of my computers and wasted my time - and so I got
enlisted in this stupid war. I bet most of the people on this
list would be perfectly happy doing something else cool
and fun with computers, instead of having to try to get
stupid users to comply with commonsense policies, or
not to leave their firewalls down, etc, etc.

> Did you ever consider that most of the black/greyhat community
> keeps the security world on its toes with discoveries that put food on
> your table?

Maybe you have an idea how insulting you've just been, and
maybe you do not. If you still don't get it, maybe you can
look me up at a conference someday and I will be happy to
argue about it over beers.

> Has it occurred to you that via someone's dabbling with the unthinkable
> they've perhaps prevented something even more unthinkable?

Thinking about the unthinkable is what most good security
analysts do for a living. So you can counter it. But you do not
have to become part of the problem before you can be part of
the solution.

> Money isn't
> everything in this world. There are a lot of people who have paid their
> dues in society whether you realize it or not, so your view of
> sentencing someone to a lifetime of punishment is flawed, and ridiculous.

You inferred that I was sentencing people to lifetime punishments.
Don't call words you put in my mouth "flawed and ridiculous" - they're
your words, not mine.

> Have you not seen recent stats? You know the one that shows 1 in every 37
> Americans has at some point gone through the "machines" of justice. Or did
> that elude you in your quest to punish people forever?

As I said before, it's all about admitting you made a mistake and
going on and doing something else. Mitnick's obviously a smart
guy who could probably do good work in some field other than
one he pollutes with his presence.

I bet you didn't know that I have a criminal record. :) Fortunately,
it's quite minor, and it has nothing to do with my professional field,
so it doesn't call my professionalism or ethics into doubt, so far
as I can tell. I apologized, swore I wouldn't do it again and meant
it, and there were smiles all around. Societies are infinitely
adaptable about such things, it turns out - what they don't tend
to forgive is criminals who repeatedly return to the same crimes
and don't appear to get the point that society is trying to
make - about how it might be a good idea to stop. Hacking is
interesting - Donn Parker's studies show that hacking is almost
an obsessive/compulsive sociopathy - it's self-reinforcing and
the rate of recidivism is ridiculously high (but not as bad as
pedophilia)  Don't glorify it, don't reward it - get over it.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards