Tuesday, November 9, 2010

The cyber privateer minefield

Author Paco Hope (Web Security Testing Cookbook) has a dissenting view on my cyber privateer idea, and it deserves a fair hearing. Furthermore, I don't want to dismiss his concerns out of hand, because Paco has earned his stripes in the security area. Below is his email to me in it's entirety:

I'm amused. I have skimmed a few of the entries, and I think I've got the gist. I might contribute something small, but only if you accept dissenting views. :)

I have a few concerns about the ramifications of vigilante justice. Although pirate hunters with letters of marque may have had some beneficial effects during the revolutionary war, they weren't all saints. There were well-documented abuses by privateers who were little more than pirates themselves. Then you have the phone call that I dread: my grandmother's computer is unfortunately infected by a virus and becomes part of a botnet. Acting under a botherder's orders, her computer does some stuff to some French guy's computer. Unable to find the actual Russian botherder, an inept French privateer attacks my grandmother's computer, doing all kinds of crazy damage to it and her. Now, here I am in London and my grandmother calls me from the US saying that horrible things have happened to her computer and bank accounts as a result of some French privateer brandishing a letter of marque from the French government. What do I do? What law or authority can make restitution?

I agree i principle that laws have failed to keep pace with technology. They're out of date and don't address the threats we really face.

Vigilante justice doesn't strike me as the way to address it. Here's vigilante justice:

How do you make reparations for someone who has died? Virtual actions have real-world consequences.

No, I don't support vigilante justice online.


Thank you Paco for your note. Clearly, in order for my cyber privateer idea to become more than a subplot for my novel, the above concerns must be adequately addressed. Should your (or anyone else's) grandmother get her bank account wiped out because some Russian botherder used her computer in his nefarious scheme and "an inept French privateer" swoops in (great title for a comedy book, by the way: The Inept French Privateer), this would be a tripwire for shutting down the whole cyber privateer program. Similarly, I agree that "vigilante justice" is abhorrent. 

For what it's worth, I don't think a congressional Letter of Marque and Reprisal should be easy for just any yahoo to obtain. The privateer organization would need enough critical mass (gravitas) to be legitimate in the eyes of the world. There would have to be an independently chartered bonding authority to oversee abuses. If your grandmother loses her bank account, such bonding authority would have to work quickly and make reparations equivalent to the poor woman's winning the lottery. Isaac Asimov coined the famous "five rules of robotics" in his fictional world, and my cyber privateers would have to be bound by some fairly strict rules of engagement. Hey, they had a "Pirate Code" in the Johnny Depp movie! Now we need The Cyber Privateer Code.

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?