I Hate Security
May 31, 2007
Growing up, I walked to school by myself, walked into the unlocked and unguarded school building without passing through metal detectors, and spent less than 10 minutes at the security check-in when flying on vacation with my parents. When I first started playing around with the Internet, hackers were a good thing, spam was a type of meat no one wanted to eat, and everyone used telnet. (Of course, back then, the Web didn’t exist either, but we had Gopher and we liked it!)
Now days, everyone uses SSH, anything sensitive is encrypted, and every server farm has a firewall. In fact, often you’ll see a data center where every box has its own firewall. Encrypting passwords with “crypt” is no longer good enough. And email? Spam Assassin, UCE blockers, Pyzor, Razor, DCC, Courier Authentication, PAM, SSL encrypted tunnels for reading email remotely, and ClamAV; and this is only on my personal mail server in my garage.
I hate security. The fact that I feel compelled to spend time securing systems that have virtually no value to anyone in the world except me makes me angry. It angers me that I have to lock my door at night despite living in a very nice neighborhood in a quiet nook in the Puget Sound.
Why do we have to deal with all this security? Because there are bad people out there in the world, people who will do anything for money. However, there’s now one less bad person doing bad things on the Internet. Robert Soloway has for quite a while been spamming the universe, but today he’s behind bars, hopefully where he will stay for a long time. Once he’s let out, I hope the judge puts a Mitnick gag on him preventing him from even thinking about touching a computer. We’ll see.
Soloway is a very bad man, one of the top spammers in the world. He’s been indicted for mail fraud, wire fraud, e-mail fraud, aggravated identity theft, and money laundering. Microsoft sued him for $7 million and won. An ISP in Oklahoma sued him for $10 million and won. But both these judgments didn’t stop Soloway. What stopped him, and this is depressing, was government annoyance. His illegal spam got so bad that it caused some government agencies to spend thousands per week to fight back the tidal wave. It took that along with hundreds of other complaints for authorities to go after the guy.
Now, keep in mind, this guy had already lost two civil suits, was breaking anti-spam law, and was engaging in fraud and identity theft. Still, authorities did little. It was only after hundreds of complaints that authorities began their investigation.
If you want to really make this world a better place, the solution isn’t security. Security helps stop bad people from doing certain bad things. The real solution is to remove the freedom of bad people to do bad things by putting them in jail. Do that enough, and bad people who aren’t in jail and have half a brain will think twice about doing bad things. And the bad people who don’t have half a brain are usually distracted by pretty colors.
