[tptacek]

I think the effort put into securing computers is an inevitable dead-weight loss. Laws against pollution don't make everyone stop polluting; some polluters will just find creative ways to conceal what they're doing. Definitely doesn't mean I think pollution should be legal.

[dlitz]

Computer security, at least while attached to the Internet, doesn't work that way. When all it takes is one attacker anywhere in the world to write a worm that compromises everyone, everyone needs to secure their systems.

Some problems really are best solved using technical means. If we stop building systems that can be exploited by arbitrary outsiders (yes, this is possible, and probably not that expensive in the long run if we standardize a few good protocols), then we can should be able to reach a point where a certain baseline of security can just be taken for granted.

[tptacek]

The idea that abusing people's computers to disable their businesses or gain access to confidential information should be legal because "that problem is best solved using technical means" is so hostile to my perspective that there's probably little chance of us learning anything from each other by debating it.

[ScottBurson]

For the record, that was not my thrust. (Can't speak for dlitz.)

I was just surprised at your suggestion that better laws would reduce your workload at Matasano.

[dlitz]

You spoke for me well enough. If you reduce the number of computer criminals by 90%, it won't perceptibly change the amount of work that anyone has to put into writing secure programs, because the 10% of remaining criminals will still exploit everyone's vulnerabilities. If those laws impose friction on the rest of us (e.g. laws mandating wiretapping and/or filtering capability), then we all suffer huge aggregate costs for basically no gain.