kaiser@jaws.DEC (Pete Kaiser 225-5441 HLO2-1/N10) (12/16/84)
I've seen recently lots of netnews traffic about "security", "hackers", and computer crime. But if you were doing a performance analysis of where to apply your efforts in stopping the security leaks, misuse, and crime, you'd have to be aware of this: Study after study done by the nation's law-enforcement agencies shows that the greatest money losses from crime come from white-collar crime committed by trusted insiders. And I suspect most of us [reading this note] know that this is also true in our workplaces. People abuse their privileges (I'm ashamed to say that I did this once myself, although it wasn't criminal, but unethical -- I used UN*X root privilege to read someone else's mail in searching for some code) and misuse their resources in criminal ways. Some persons profit from this, deliberately. They are criminals. Most are never detected, much less caught, tried, or convicted of their crimes. If we absolutely stopped all irresponsible hacking (or "cracking", if you prefer the term), and completely plugged every conceivable technical hole in computer security, the amount of security gained, the amount of crime halted, would be a trivial part of the true total of computer crime and breaches of security and privacy. So we shouldn't let ourselves be seduced into thinking that "{h,cr}ackers" and technical holes in computer security are the biggest part of the problem. They aren't; they're just the most dramatic ("romantic"?) and visible parts. When we get serious about security and crime, we'll attack them at the roots ... but unfortunately, that will be much more difficult than anything we've done so far. Will someone please get in touch with me if there appear any signs that this may happen? ---Pete Kaiser%JAWS.DEC@decwrl.arpa, Kaiser%BELKER.DEC@decwrl.arpa {allegra|decvax|ihnp4|ucbvax}!decwrl!dec-rhea!dec-jaws!kaiser DEC, 77 Reed Road (HLO2-1/N10), Hudson MA 01749 617/568-5441