Aside from sections of wire and other hardware owned by government agencies, the Internet is entirely private property. A rather loose coalition of folks connected by cables and such have decided upon a common set of protocols allowing shared data. It’s that old World of Ends business. And while that is shifting somewhat as time goes by, the nature of the beast yet remains pretty much the same. This is one of the few accommodations in communication which cannot be wholly owned and controlled by any single party.
So a couple of interesting tidbits in computer security caught my attention today, by way of Sunbelt Software’s blog. In the first, a botnet is taken down. This looks on the surface like cooperative vigilantism, which is not inherently sinful in itself, but this is the Internet we are talking about. You are allowed to connect by common assent, not by rights. There is no inherent right to connect. So if you can’t make your systems behave by commonly assented rules, you don’t get to play. So this sort of activism is probably a good thing, in the long run. It’s not just trashing the commons, but trashing someone else’s private property when registrars and major providers refuse to play by the agreed rules.
Second is open publication of security flaws in commonly used software. For quite some time, there has been a debate about what researchers should do when they find a security flaw. Economic rights would suggest they ought to coordinate with the folks who wrote the software, and give them a reasonable chance to fix it first. It would appear most still do that. Sadly, far too many software making companies are unresponsive, not fixing the software. Some are downright hateful in attacking those who are actually helping them by finding problems which could adversely affect the paying customers.
There is the rub. What about the economic rights of the paying customers? If the manufacturer refuses to do what’s right, what recourse do you have? Security flaws leave these customers exposed to attacks. If a white-hat security guy can find it, surely there is at least one black-hat security guy who can find it, too. Given most software houses flatly deny any fiduciary liability for their products, the only choice you might have is migrate away. If you bought a lot of their stuff, that’s no small task. All the more so if there are overlapping dependencies between multiple products.
In the long run, I agree with the rather mercenary exposure of flaws. As more and more software makers appear to be hostile to the notion of correcting flaws, it makes sense to look for a stick to hit back against someone who clearly has the upper hand. While there are major software companies known for doing the right thing, I’m not sure a mere handful of folks are in the position to assess the reputation of everyone, since quite a few have an undeserved good one. The corporate world is notorious for inflexibility simply because it’s convenient for the folks at the top. Anyone with more power and money than you is a potential threat, and that fact scales quickly, even exponentially. Don’t trust them unless they have earned it.
I suppose I could easily add some caveats, or defensive first strikes on some arguments raised in the past. Would the Net be so large if bloodthirsty commerce were not so deeply invested? Obviously not. That’s not the point. Money and power do not give one the right to bludgeon the little people — something God Himself made clear too many times. Given the merchant culture is so utterly without morals, it becomes necessary to instill some fear and respect. So for those who respect the Laws of Noah, this open release of exploits is a good thing, given the context. And every effort to lobby government for more corporate control should result in some form of harsh reprisal.
Of course, we know it is corporations who own most of the Net. Oddly, those corporations seem to know, despite propaganda to the contrary, they can’t really win control because there is no practical means for bringing all the owners together in a more formalized agreement. There is one fundamental reason why: The people who make it work will refuse to do it. Corporations are forced to employ the genius hackers, most of whom will not under any circumstances allow the fundamental nature of the Net to change. If that ever changes, look out!