Feeds

MySpace case opens security can of worms

It's time to face reality

Security for virtualized datacentres

Opinion A fourteen-year old girl is suing MySpace for £30m after she was allegedly assaulted by a man she met on the popular teen hangout site.

Here's a great idea for all you harassed single-parent readers. Why not send the kids off to the pub? It's a social centre, with many intelligent, and also many interesting characters. And you can get on with some work, or sleep, or just catch up with your meditation!

It's easy to condemn anybody who took that advice as "loony" - because, well, it's a loony idea.

In the Texas girl's case, it's loonier than first glance makes it seem. Not only was she herself lying about her age, but the "predator" who "assaulted" her was only 19. The idea of a suit claiming $30m in damages for being caught snogging illicitly could probably only be taken seriously in America.

But the absurdity of this case doesn't mean the danger isn't real. MySpace is a great, exciting place for teens to hang out, because of, not in spite of, the danger. The danger requires parents to be aware of the risks, rather than treating chatrooms as somewhere kids are going to be safe.

Parents often think their teen is safe while using MySpace. It would be nice to see how long that argument lasted if your kids got into trouble in the local pub. The difference is that we know the pub is a dodgy place to be, and we don't let underage people go there unsupervised.

So why are people trying to use the internet as a baby-sitting service? There are a lot of places where it isn't safe to leave unsupervised kids. The TV isn't a babysitter, the pub isn't a creche, and the internet isn't a safe place where innocent and naive people can be allowed to operate unsupervised either. Why are we trying to pretend it can be?

It's been apparent to me that the internet is like the real world since the first online databases started up. It's full of educational stuff, and it's full of dangers, too. You can't let children roam the streets on their own; so why are we trying to be scandalised by the discovery that the net can't be sanitised?

The lesson is one that doesn't need a sermon about this week's MySpace scandal to drive home. The world is a dangerous place, and if you want your children to be safe you have to keep an eye on them.

Somehow, the seductive idea seems to have been accepted that the problem of dangerous criminals on the net can be solved by technology. A browser, people feel, can be programmed to ensure that innocent eyes see no naked skin - or at least, not skin covering certain parts of the body. Or a website can be programmed to check the birth certificates of people who claim to be 10 years old, and verify it.

Like most instinctive, intuitive approaches to computer security, this is insane.

What we know from studying security systems for large corporations is that a perimeter protection doesn't work. As soon as you have a stone wall you find yourself believing that everybody inside that stone wall is on your side.

In social terms, that leads to absurdities. Like America prohibiting journalists from overseas entering the country, while steadfastly giving freedom of access to secure government sites by illegal immigrants; or preventing children with Muslim names from visiting the Smithsonian, while local-grown terrorists are welcomed.

And we all remember the old days when strong encryption algorithms were being developed for American corporations in Cambridge, and after the software was sent to America for testing, it couldn't be sent back to Cambridge for debugging.

These days, we're seeing security people advocating security systems which assume that malware can penetrate the firewall. Instead of pretending that intrusion can be prevented, the system has to deal with penetration, and respond robustly.

This approach to social problems seems unthinkable.

In terms of protecting children from paedophiles, obviously the most effective thing society could do would be to take all babies away from their parents until they (the parents) had been positively vetted, since by far the majority of child abuse takes place in the home (by an order of magnitude). Since we obviously can't actually do that, we seem programmed to run around in helpless circles saying that we will kill the sexual predators; and that if we can't, then we have to make sure our children never meet them.

It can't be done. And paradoxically, the closer we get to systems that achieve a reasonable score in keeping evildoers out, the more vulnerable we are to attack from those evildoers who bypass our filters.

So when the Attorney General of a US State speaks of requiring MySpace to achieve giant strides, it's worth suggesting that he's not only being unreasonable; he may even be making things worse.

The simple argument is that if parents think MySpace is a safe place to leave their children alone, they are likely to leave them far more vulnerable to the predators who do break in, than if they recognise the reality of the situation.

That reality is that predators will break in. The way to deal with it is to supervise and monitor, so that people know they are being watched - exactly the same way you stop fights in the school playground. It's not rocket science. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.