> I concentrated on asking lawyers -- legislators, prosecutors, judges, and litigators -- to quit hurting harmless people.
Every person generally thinks they're doing good in the world. They certainly don't think they're hurting harmless people for fun, they honestly think they're protecting other people. You need to understand this if you want to have any hope of getting to root causes.
> If an owner of a Web site has some data they don't want spread around, then they should not put it on their Web site. Just don't do it.
See, this is the exact opposite of the truth - it's quite possible to publish data online and employ access methods to control who can access it. By arguing your case this way, you are undermining yourself - the reason we have a legal system with laws etc because things like murder/robbery/etc are impossible to prevent, so the only thing we can do is punish transgressors. Computers give us the ability to implement absolute restrictions formally. The push to implement ambient-authority retributive laws comes from management types who don't devote want to spend the effort to implement formalized restrictions, and want to cry foul after the fact.
> Every person generally thinks they're doing good in the world.
I think we mostly know who's harmless. We know for
kitty cats and puppy dogs: In my neighborhood,
cats are free to wander but dogs are not.
> See, this is the exact opposite of the truth - it's quite possible to publish data online and employ access methods to control who can access it.
Wrong, fundamentally technically and practically. I told
you it can't be done, and you just didn't believe me.
Once that toothpaste is out of the tube, it
can't be put back in.
Once a secret is out, can't pull it back.
Once some data is sent over the Internet,
the person who receives it has it, all of it,
and can technically can do essentially anything
with it. E.g., when a Web site sends a Web page,
it's gone, the whole thing, HTTP header lines,
HTML mark-up 'elements', CSS 'properties' and
values, software in JavaScript,
text, files in JPG, PNG, GIF, MP3, WAV,
etc. The computer receiving this data
is free to store it on hard disk, manipulate
it many ways, back it up, send it, etc.
Net, that data's gone, out'a there, out in
the public, beyond control, with no
self destruct mechanism, no time out
clock, no string to pull it back. Can't
track it; mostly can't trace it;
in practical terms can't say where it
came from, can't claim ownership of it,
in no practical terms can enforce
copyright for it. Etc.
Sure, can embed a secret 'watermark'
in a PNG file, but that doesn't do much good,
e.g., as the file passes from person
to person. Besides, such a watermark
might get lost if the image is resized.
Yes, can put some carefully constructed
errors in text and numerical data, but
maybe only parts of the data get used
or copied, and, again, after the data
passed through many hands tough to say
who originally 'stole' it, and for the
rest they had no knowledge that the
data was stolen.
Yes, can set up strong authentication
for users and use strong encryption
when sending the data, but eventually
some user gets the data as 'plain
text', that is, not encrypted, and now
can redistribute it to friends, family,
etc. It's just bits and can be
stored, copied, transmitted, modified,
etc. So, one 'authorized' user leaks
the data and it's gone and essentially
out to the public.
For a Web site trying to block a user,
it is essentially impossible to know
if the user returned -- with a different
IP address, MAC address, ISP, Web browser
string
HTTP_USER_AGENT, etc. Searching the
user's house or office also is unpromising
since the data could be on DVD
below the insulation on the floor of the
attic, stored in the cloud, etc.
Again, yet again, as a practical matter,
now and over the horizon, if a Web site
doesn't want their data out in the
public and usable by every Tom, Dick,
and Harry for whatever, then they should
just never have their Web site send that
data. And, really, there's nothing
laws or lawyers can do about this except
cause a lot of trouble.
Again, more generally, lawyers should just
f'get about the Internet.
Every person generally thinks they're doing good in the world. They certainly don't think they're hurting harmless people for fun, they honestly think they're protecting other people. You need to understand this if you want to have any hope of getting to root causes.
> If an owner of a Web site has some data they don't want spread around, then they should not put it on their Web site. Just don't do it.
See, this is the exact opposite of the truth - it's quite possible to publish data online and employ access methods to control who can access it. By arguing your case this way, you are undermining yourself - the reason we have a legal system with laws etc because things like murder/robbery/etc are impossible to prevent, so the only thing we can do is punish transgressors. Computers give us the ability to implement absolute restrictions formally. The push to implement ambient-authority retributive laws comes from management types who don't devote want to spend the effort to implement formalized restrictions, and want to cry foul after the fact.