Hacker News new | ask | show | jobs
by EricMausler 1013 days ago
Building codes analogy still supports my argument. You cannot just walk into a strangers home and inspect it for whether or not it is up to code.

I agree analogies are going to be imperfect, which is why it's important not to criticize an anology based on where it fails but to work with it on the point it is meant to express, and then yes if it doesn't actually convey the point then it could be a bad analogy.

I think it might help if we clarify WHY a lock keeps honest people out. If a house is locked, you MUST commit a crime to gain entry. So by nature of bypassing the lock, you are no longer acting honest. It is not about what type of person you are, it is about clearly delineating honest actions from criminal actions.

If the door is unlocked, then a person could walk in and then pretend they didn't know better if they get caught. This is assuming we say it's okay to walk through unlocked doors

However, since we acknowledge it as criminal behavior to even test whether or not a door is unlocked - the existence of locks in general and the common knowledge of where they should be expected to be found establishes a barrier honest people know not to cross.

With respect to cybersecurity, I am proposing we accept a similar relationship while also creating protected legal paths for honest people to conduct security research.

The thing we can all likely agree on is what cybersecurity is and where it applies. By nature of knowing where it should apply, we establish a barrier that honest people should not be crossing without permission.

I agree that there is a lot of foreign danger involved with the topic and botnets are a concern. However, progress there is not going to be made by random hobbyists testing websites for sql injections for fun. It's going to be made by cybersecurity professionals who can easily be educated to and comply with a regulation to declare their intent and get approval before poking around.

The rules for an approval process are a totally open book. It does not need to be restrictive or limiting to researchers