[flocial]

If you leave your wallet on the street in a bad neighborhood and come back, you'll probably never see it again.

The problem with such protection laws is that it doesn't take into account the ignorance or incompetence of service providers. It also holds back innovation and we end up with less security. Even if these vulnerable companies don't have the expertise they can hire a reputable security company to audit their system to plug the gaping holes.

Do we need to pass laws for companies to do security audits? Maybe for listed companies or companies that have services of a certain size, since they'll try to skimp on costs or executives don't understand IT needs.

Trying to criminalize the intent of developers even if they create tools solely for cracking is a slippery slope. While we're at it we should make defense contractors liable for war damages and execute the engineers responsible for creating weapons.

In Japan a closed source p2p software called Winny caused a lot of disorder with viruses and lots of government information and embarrassing private pictures leaked onto the net due to security issues. Unfortunately, the developer was busy fighting a trial based on whether he had intentions of violating copyright with his software (he was finally acquitted on appeal to a higher district court). If he at any point publicly endorsed copyright violations, he'd probably be locked up for a long time even if he didn't violent a single bit of copyrighted content. Needless to say the project is abandoned and full of holes. Good for the anti-virus industry though.

http://en.wikipedia.org/wiki/Winny