Microsoft XP SP2 (was Re: Lazy network operators - NOT)

Mon Apr 19 16:57:07 UTC 2004


> Firstly, who enforces it? The reason it "works" with cars is that
> the state
> (or province for those of us north of the border) effectively says "you
> can't drive a car without this lovely piece of paper/plastic that
> we'll give
> you" and "if we find you driving a car without the lovely piece of
> paper/plastic, you're going to be in serious trouble". Are you proposing
> that each jurisdiction that currently licences drivers also
> licence Internet
> users and tell ISPs "sorry, but if they don't give their licence,
> you can't
> give them an account"?

	That's not a problem. The state licenses drivers but it also owns the
roads.

> Secondly, HOW do you enforce it? Motor vehicles only require a
> licence to be
> operated on public roads in all jurisdictions I'm aware of. IANAL, but if
> some 14 year old kid without a licence wants to drive around on
> his parents'
> private property, that is not illegal.

	So? If you want to mess around on your private network, I don't care
either.

> Now, the instant that
> vehicle leaves
> the private property, it's another story (assuming, of course, cops around
> to check licences. In some jurisdictions, this is more true than
> in others).

	Exactly. You want to go on someone else's roads, you do so only by their
rules.

> My point is, driving is ONLY regulated when it is done in public view, for
> obvious reasons. Computer use is an inherently private activity, so how do
> you propose to verify that the person using a computer is in fact
> licenced?
> Mandatory webcams? :P

	So you can drive however you want on *my* driveway? That's not public view,
is it? If there only private roads, I'll bet you that private road owners
would have come up with a licensing system quite similar to what we have
today, for liability reasons if nothing else. You might also notice that you
can't get liability insurance without a license even though that insurance
is issued privately, and there aren'y many road owners who let you drive on
their roads without insurance.

> Thirdly, WHO do you enforce it against? It's pretty difficult
> (and illegal)
> for $RANDOM_JOE (or $RANDOM_KID, etc) to just go out and drive
> someone's car
> without their explicit knowledge and permission. (Okay, so you
> can hotwire a
> car, but...) It's very easy for someone other than the computer
> owner or ISP
> contractholder to have access to it and abuse it and stuff.

	I'm not sure I understand why you think this is so. My kids know that my
computer is off-limits to them just like they know my car is off-limits to
them. They are physically capable of obtaining access to either without my
permission.

> So what do you
> propose? Mandatory cardreaders on all computers? Fingerprint scanners
> integrated into keyboards? How else can you avoid Mom logging online, and
> then letting the unlicenced kids roam free online, allegedly to
> do "research
> for school"? Do you want to fine/jail/etc Mom if the kids
> download a trojan
> somewhere?

	I would presume that a license would include the rights to allow others to
use your access under appropriate supervision or with appropriately
restrictive software.

> Fourthly, as someone pointed out, the first generation always complains. I
> hate to show how young I probably am compared to many on this list, but my
> jurisdiction introduced graduated driver's licencing a few years before I
> was old enough to get a driver's licence, and it angers me that the random
> guy who's out on the road driving like a moron had to go through way less
> bureaucracy, road tests, etc than me simply because he was born ten years
> before me. That said, if no reforms are made to make this system stricter,
> I'm sure the next generation won't see this system as an outrage simply
> because they won't remember an era when the bureaucracy.
> Currently, people can buy computers/Internet access/etc unregulated at the
> random store down the street. You're proposing that some regulatory
> authority require licencing... Why should these voters accept it?

	Because their failure to cooperate will result in ostracism. That's how the
Internet has always worked.

> Especially
> since, unlike with cars, the damage done by poorly-operated computers is
> rather hard to explain to a technologically-unskilled person. Most would
> respond something like "well, it's not my fault some criminal wrote a
> virus/exploit/whatever. Put that person in jail, and let me mind my own
> business." Good luck educating them on the fallacies in that statement.

	The point is, you don't have to. You just have to not let them on your
roads. If they think the things they have to do to get on your roads are
worth the value of those roads, they'll do them. If not, not. You don't care
why people comply with your rules. People don't get driver's licenses
because they think the piece of paper makes them a better driver, they do it
because that is what's required for them to get insurance and avoid tickets
and even jail.

> Fact is, until home computer security issues result in a pile of bloody
> bodies to show on CNN, no one in the general public and/or the legislative
> branches of government has any incentive to care...

	They don't have to. It's the road owners who decide who gets to drive on
their roads. All it would take is a certificate infrastructure and companies
issuing certificates to people who demonstrate competence. Then sites could
start restricting traffic to certificate holders immediately.

	I think this is actually a bad idea. But none of the arguments you've made
are the reasons why. Once you pretty much had to be a mechanic to drive a
car.

	DS