I just want to post and save a link to a discussion/essay that RSnake has written. In it, he talks about increasing the penalties for digital crime, maybe to an exaggerated level. It is worth a good read along with the comments.
Like security, I’m of a mind that there is no “solving” of digital crime in general. It is a fact of life and we have to find a moral equalibrium, just like any law enforcement category.
Sadly, I think the only way RSnake’s approach will work is if we remove one of the fundamental drivers of what makes many of us even use the Internet: the privacy. To achieve better punishments for more criminals, we absolutely must remove the anonymity, privacy, and transparent digital borders between nations.
This all goes back to what your “security religion” is. Are you a glass half empty kind of guy? Are you a “It’s not secure unless it is absolutely secure? sort of guy?” Or are you a glass half full person who sees value in partial security or incremental steps towards a goal that doesn’t need to be absolutely attainable? This is not just fundamental to a consistent approach to security solutions, but also fundamental for our attitude in our career.
I agree. Almost all other crime is still on the rise no matter what, so I can’t imagine that digital crime will be any different. Making the penalties harsher may deter the low level criminals but those making the real cash will just assess and mitigate the risk in the same way as the defenders do.
In my opinion most people don’t want security to get in the way of life and are unwilling to really compromise. For example, I remembers the days when using a cashpoint was something that people did and guarded the pin, these days (in the UK at least) you have to enter you pin in every shop and people just do it so matter-of-factly that they seem to have stopped being bothered wo sees the pin number. People will choose convenience over security 9 times out of 10.
Sorry for the rant.
Lee
Rants are always welcome! Good points! I especially tend to forget about the convenience over security point quite often.