RE: Bruce Schneier talks cyber law

[InfoSec News <isn () c4i org>]

Forwarded from: Jeff Berner <JBerner () infinitycomp com>

        Over the last few months I have heard Mr. Schneier say some
interesting things that deserve merit but his recent comments on
hurricane relief and now this have made me wary of anything he might say
in the future. Making the ISP liable for virus traffic is like making
New York City liable for a mugger in Central Park.  
        It isn't possible to protect every avenue, alley and jogging
path from neer-do-wells and the same goes for the Internet.  I would
think a mathematical genius like Schneier would know the legislation he
is asking for would stifle innovation especially for areas that don't
even have Internet yet like many rural counties in the US much less any
other third world country. Making it more expensive to provide to sparse
areas doesn't help anyone. Maybe mathematical genius doesn't translate
in to economic and social common sense sometimes?
        The idea is a nice dream and sounds good but in practice
legislation to make the ISP liable is about as useful as the other types
of cyber legislations that he blasts.  Companies will offer "Clean Pipe"
types of technology to everyone on their own to attract customers.
Those that don't will over time disappear as they are not offering a
'better' service than their competitor. Some large ISP's in the US
already do this for their home users.
        Please Mr. Schneier, Don't make the legal world any more of a
mess than it already is, let capitalism eliminate the businesses that
don't want to innovate.  Don't encourage our legislatures to write
superfluous laws that penalize the ISP when they only provide the means
to connect.  The real criminals are the folks that write the cyber
vermin that you want to stop, not the ISP.  
        God forbid you ever hit a deer with your car Mr. Schneier. I
fear the County, City and State you do that in will be required to
either remove their roads or eradicate all the deer.  


Commentary by Jeff Berner

-----Original Message-----
From: isn-bounces () attrition org [mailto:isn-bounces () attrition org] On
Behalf Of InfoSec News
Sent: Thursday, October 20, 2005 2:05 AM
To: isn () attrition org
Subject: [ISN] Bruce Schneier talks cyber law 

http://www.theregister.co.uk/2005/10/19/schneier_talks_law/

By John Oates in Vienna
19th October 2005

RSA Europe 2005 ISPs must be made liable for viruses and other bad
network traffic, Bruce Schneier, security guru and founder and CTO of
Counterpane Internet Security, told The Register yesterday.

He said: "It's about externalities - like a chemical company polluting
a river - they don't live downstream and they don't care what happens.  
You need regulation to make it bad business for them not to care. You
need to raise the cost of doing it wrong." Schneier said there was a
parallel with the success of the environmental movement - protests and
court cases made it too expensive to keep polluting and made it better
business to be greener.

Schneier said ISPs should offer consumers "clean pipe" services:  
"Corporate ISPs do it, why don't they offer it to my Mum? We'd all be
safer and it's in our interests to pay.

"This will happen, there's no other possibility."

He said there was no reason why legislators do such a bad job of
drafting technology laws. Schneier said short-sighted lobbyists were
partly to blame. He said much cyber crime legislation was unnecessary
because it should be covered by existing laws - "theft is theft and
trespass is still trespass".

But Schneier conceded that getting international agreements in place
would be very difficult and that we remain at risk from the country
with the weakest laws - in the same way we remain at risk from the
least well-protected computer on the network. (r)



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org