[IP] Re: Another way of making money using the net?

[David Farber <dave@farber.net>]

________________________________________
From: jsq@internetperils.com [jsq@internetperils.com] On Behalf Of John S. Quarterman [jsq@quarterman.org]
Sent: Monday, January 21, 2008 7:40 AM
To: David Farber
Cc: John S. Quarterman; ip
Subject: Re: [IP] Re: Another way of making money using the net?

Dave, for IP:

> From: Eugene H. Spafford [spaf@mac.com]
> Sent: Sunday, January 20, 2008 11:51 AM
> To: David Farber; ip
> Cc: Valdis Kletnieks
> Subject: Re: [IP] Re:    Another way of making money using the net?
>
> On Jan 20, 2008, at 9:20 AM, Valdis.Kletnieks wrote:
>
> >> Hackers literally turned out the lights in multiple cities after
> >> breakin=
> >
> > The most telling part of the article:
> >
> > "Donahue did not specify what countries were affected, when the
> > outages occurred or how long the outages lasted."
> >
> > In other words, "trust us it happened, we won't give you anything
> > verifiable, and you'll have to take our word that we're not fear-mongering.
>
> I'll respond to this as an example of a class of replies, and not
> intended to single out Valdis.
>
> Why do people automatically distrust statements that are actually
> quite reasonable?   Many of us who work in security know that SCADA is
> vulnerable.  We also know that the criminal element is operating
> online basically unchecked.   So why react as if this is some form of
> government manipulation?   That Tom said as much as he did in the
> venue where he did is, in many senses, surprising for its openness.

Because Congress is currently debating retroactive telco immunity
for warrantless wiretapping, in which AT&T passed a full feed of everything
to the feds, and meanwhile AT&T is simultaneously proposing to filter
all traffic for copyright violations?

> That's why we should carefully consider the sources, the issues, and
> the ground truths we (think) we know.  That we have been lied to in
> the past is a given.   That we will be lied to in the future is a
> given.  But that does NOT mean that we should conclude that every
> statement made to us by someone working for the government is a half-
> truth or intended to be sinister.

This would be the same administration that is proposing to get Congress
to pardon itself for war crimes:

 http://www.blogfordemocracy.org/2008/01/pardon_me.html

The same one that is still trying to lie us into a war in Iran.

This administration should bear the burden of proof that it is not lying.

>   Personally, my experience has been
> to give careful thought to anything said by any political appointee or
> elected official, but to give the benefit of the doubt to regular
> employees when something plausible is stated.

Please point at any department or agency of the U.S. government
that is not completely controlled by political appointees of the
current administration, well beyond the political control exerted
by previous administrations.

> In this case, ask yourself what is the downside to trusting that the
> statement is true, or is close to the truth?  We harden our SCADA and
> digital control systems against outside interference and maybe invest
> in some improvements to our cyber investigation capabilities.   Gee,
> that's an awful alternative, isn't it?   I guess we should disbelieve
> the account, and leave our power grid wide open for attack -- that'll
> show those lying government types!

Would that hardening SCADA would be the result.

The more likely result, unfortunately, would be legalization of
filtering of everything that goes over the Internet, looking for
bad guys about as effectively as airport security, and with
even more dampening effect on free speech and innovation.

People should be watching what goes into any FISA bill very closely.

-jsq

-------------------------------------------