[tlug] System security and public policy [was: Anyone seen this gizmo yet?]

["Stephen J. Turnbull" <stephen@example.com>]

Sotaro Kobayashi writes:

 > Ahh... Thanks for comments.
 > People should be more informed about securty vulnerabilty all over the 
 > world :-(

No, they shouldn't, any more than they should need to be informed
about bicycle lock technology.  Systems should be constructed to be
reasonably secure, and vendors made financially responsible for
negligence leading to damage.

For "financial responsibility", existing tort law in the U.S. is
probably "sufficient but too expensive to actually use", and other
jurisdictions probably require legislation anyway, so legislation is
probably needed.

"Reasonably secure" would have to be defined.  In Europe this would
probably be accomplished by the concerned regulator; in the U.S. I
would prefer an NPO, like Consumers Union.  I don't know who I'd trust
in Japan; the consumers union here has historically been headed by a
retired executive of one of the big kaden vendors or a MITI amakudari,
which tells you what they're really representing.  METI is not to be
trusted, either.

Wouldn't it be cool if Windows boxes were required to come with a
sticker like this

+------------------------------------------------------------------+
| Ministry of Telecommunications WARNING:  This product contains   |
| Microsoft Windows, which has been determined to be hazardous to  |
| your network's health.  Households with children and anybody who |
| communicates with friends by email are especially at risk.       |
| http://windows-exploits.tcom.gov/                                |
+------------------------------------------------------------------+

right next to the "Intel Inside" and "Windows Installed" stickers?