lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Nov 2005 17:32:43 -0500
From: Eliah Kagan <degeneracypressure@...il.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Re: Your One-Stop Site For Sony Lawsuit Info


Anonymous Squirrel wrote:
> At the risk of this discussion running far afield, I think Jason and Paul
> may be talking past each other.  My understanding is that Jason has a point
> -- corporations can't suffer the same punishment as individuals.  They
> aren't deprived of their freedom in prisons.  The most common corporate
> punishment is a fine.
>
> Paul's point is SOX, GLBA, and HIPAA hold individuals accountable for their
> acts at corporations.
>
> Those two opinions are both correct, and do not contradict each other.

This is true, and important. Nonetheless, Jason seems to be almost
calling for mob justice, when he says:

> The only option available to the people is mob justice. Corporations can
> be ruined and they can be burned to the ground, but they can't be
> touched in a meaningful way through mechanisms of law. Corporate persons
> are truly first-class citizens, rising above the rest of us natural
> persons in importance and worth to society.

Paul Schmehl is pointing out that this is false--the law can be used
against corporations, to regulate the acts of corporations by making
the persons who constitute their leadership personally liable in
criminal court.

I strongly doubt that vigilantism is an appropriate or even useful
response to corporations victimizing their customers with spyware. I
think that we need to start prosecuting people, and work with the law
as much as we can. Vigilantism is, in this case, precisely the
problem. Sony execs are pissed off at their customers violating their
copyright, so they're taking the law into their own hands. This is
unacceptable. Ideally, they, and anyone who fools users into
installing rootkits on their systems, should be put in jail. Even if
we cannot put them in jail now, because the law is to ambiguous to
convict beyond reasonable doubt, the solution is to alter the law so
that it can be used in this way, by passing laws to make spyware
authors and execs ordering the creation and distribution of spyware
more criminally liable.

Sony and other companies that profit from hurting their customers want
us to believe that the only way to stop them is to break the law. That
defines them as legitimate and their opponents as illegitimate. When
did consumer privacy advocates and activists become rebels? Society
has established norms about how people are to treat one another.
Executives and computer programmers at Sony have violated those norms.
They are the "rebel scum," and we must use the law to stop, deter, and
punish them. This, along with efforts to educate the public about
social, legal, and technical measures for self-defense, will be by far
the most pragmatically effective way to protect the privacy and
security of "the rest of us natural persons."

-Eliah
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists