RE: [fw-wiz] Re: Ethics, morality, and mental retardation

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 11/03/04

  • Next message: Gwendolynn ferch Elydyr: "Re: [fw-wiz] [Administrivia] Additional Moderator" 
    To: Miha Vitorovic <mvitorovic@nil.si>, firewall-wizards@honor.icsalabs.com, firewall-wizards-admin@honor.icsalabs.com
Date: Wed, 03 Nov 2004 09:28:33 -0500

    Miha Vitorovic wrote:
    >I see this point come up again and again throughout this thread. "Mitnik
    >should choose another line of work, for me, _the security expert_, to be
    >happy." Why?

    Maybe it hasn't happened to you, or maybe you don't care,
    but as a professional I can't count the number of times
    I've told some dumb-!*!#$#! journalist I'm a security practitioner
    and had them leer and ask me for stories about my hacking
    past. "Uh, I never DID that kind of stuff!" "Suuuuuuuure...."
    One of the big problems with tolerating the presence of
    criminal activity in a field is that it de-professionalizes it.
    It's obviously just a matter of personal taste, but I prefer
    to have my lines cleanly drawn; as a "good guy" I don't
    like having to periodically defend my "good guy" credentials
    just because there are so many "ex-bad guys" hovering
    around in search of a quick buck.

    >Why don't we all start selling cars? Because we don't want
    >to.

    True; it's a matter of choice. Of course, I could quit this
    field and get a job as a system administrator again.
    If you've got a nice clean swimming pool with a lot of
    people enjoying themselves there, and one character
    decides to join the pool and start peeing in it - either
    all the good people have to leave, or they ask the
    distasteful newcomer to leave or stop. Eventually some
    leave anyhow. I understand where you are going with
    your argument but fundamentally the problem of individual
    liberty is that there are few actions in a society that
    can be totally individual.

    >But Mitnik has to? Why? Yes, a criminal looses his rights when he is
    >in jail, but he gets them back when he does his time. Including the right
    >to have a job he likes, not a job someone else thinks he ought to have.

    That's true.

    And when a paedophile gets out of treatment, he should be
    able to operate a day-care center if he wants to. And I'm
    completely in favor of necrophiliac owned-and-operated
    funeral homes. But, if you go that route, suddenly society
    is destabilized. Suddenly everyone has to start asking
    pointed questions of everyone else. The reason the journalists
    ask security professionals about their "hacker pasts" is
    because so (!*!$&!&! many "security professionals" are
    the proverbial ex-arsonist on the fire truck. It's not a
    simple issue, because - yes - the ex-whatever has rights,
    but their presence damages everyone's credibility.

    >And another thing I see in most of the letters is: "My security advice is
    >just as good as Mitnik's." Which to me, also means, "Well, obviously then,
    >his advice is just as good as yours.", but the authors somehow think that
    >theirs is better. And, some of them are right. But, all of them? Hmm...

    Yes, that's a bad trap to fall into. Many of us have consistently
    maintained that the skills required to break security systems
    are a subset of the skills required to build them. That's a fairly
    gentle put-down, of course. Really, what I mean to say is
    "So what? He's a clueless ex-hacker. He couldn't even elude
    the FBI for crying out loud. How smart is THAT? My horse
    probably knows more about security than he does." But
    that doesn't sound very professional, either. :) See? The
    reason I want guys like him out of the industry where I work
    is because I periodically have to waste my time explaining
    the difference between a real security practitioner and a chump.
    If the chumps would just be nice enough to get out of the
    swimming pool and stop peeing in it, I'd be happier. I know
    I'm selfish, but I like clean water.

    >And, again and again, in the end it comes down to money. "Hey, he's making
    >money! Stop him! That's money I was supposed to make!"

    I probably made more money in 1999 than Mitnick has made
    in his entire life. Really. For me, it's not about the money.
    Money is a way of keeping score, that's all. When someone
    is willing to pay the guy who pees in the pool $5,000 to
    say how he did it (wow! it was hard!) and pays the guy who
    cleaned up after him $40 - it's a statement of the relative
    value society (or whoever) places on that individual and
    their contribution to society. In that light, yeah, it's annoying
    to me that guys like Mitnick are rewarded for their former
    crimes - because it's saying "thank you for peeing in our
    pool! we appreciate it!"

    > But, people with
    >money choose to give it to him. Again, it's their money, they can give it
    >to anyone they like.

    Yes; you're adopting the childishly facile moral position of
    ultimate personal liberty. I can't refute it, either, since I believe
    a great deal in personal choice. However, I think that choice
    should be made with responsibility.

    >What I'm trying to say is, that so far, I haven't seen a single point that
    >would convince me that having Mitnik as a speaker is a bad thing. But I
    >have seen an awful lot of bruised egos.

    I think you're probably projecting your own motives, then. Hopefully
    my response has helped explain some of the motivation behind
    at least a few of our views. Yes, the desire for respect fundamentally
    boils down to egotism - but when you're talking about whether
    an entire *industry* is respected, then it's more an issue of
    efficiency. Imagine if every time you went to a restaurant, you
    felt that you HAD to make sure the waiter hadn't spit in your
    food. Imagine how much more complicated dining out would
    be? At a certain point, the social contract breaks down when
    untrustworthy people mingle too closely with trustworthy people.
    Suddenly everything falls apart into doubt.

    mjr.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Gwendolynn ferch Elydyr: "Re: [fw-wiz] [Administrivia] Additional Moderator"

    Relevant Pages