Folks: From the battlefield trenches of dealing with the constant ebb and flow of residential customers compromised generally due to the expected holes in Microsoft products, I have yet to get myself or hear of a request from any entity (with the exception of legitimate, authorized government investigators) for forensic data analysis from their own "home" networks. In a recent posting here, I read an opinion that people should be prepared to provide this. This is absolutely abhorrent, and leads us all down the slippery slope of an Orwellian society. Customers, unless engaged in financial business or other business with regulatory requirements, should not be ever subjected to anything near a requirement to store their own data, or be prepared to provide historical data. At the surface, this violates privacy concerns. Deeper under the surface, it would make security professionals de-facto extensions of law enforcement in a very unregulated way. This immediately makes one think of government "strong-arming" a security professional into providing data, but this works the other way too - where a well-intentioned, but overzealous security engineer discloses confidential data improperly or commits a procedural error that leaves an employer exposed legally. This is why we have courts, judges, magistrates, search warrants, process, and procedure, to ensure that requests for confidential data and privacy intrusions are well-formed and within the bounds of current law. Stepping above the day-to-day techie mindset we're in, it's interesting to consider the question of : "Who owns a packet once it's off your network?". Current US law seems to view examining transit traffic like radio interception - a no-no, for the most part. There's also the huge issue of how to prove / maintain a chain-of-evidence, yet another slippery slope in the digital crime era. =( -T ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "...Far better is it to dare mighty things, to win glorious triumphs even though checkered by failure than to take rank with those poor spirits who neither enjoy much nor suffer much because they live in the gray twilight that knows neither victory nor defeat..." -Theodore Roosevelt, 1899. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jul 13 2001 - 15:24:53 PDT