Feeds

MySpace case opens security can of worms

It's time to face reality

Internet Security Threat Report 2014

Opinion A fourteen-year old girl is suing MySpace for £30m after she was allegedly assaulted by a man she met on the popular teen hangout site.

Here's a great idea for all you harassed single-parent readers. Why not send the kids off to the pub? It's a social centre, with many intelligent, and also many interesting characters. And you can get on with some work, or sleep, or just catch up with your meditation!

It's easy to condemn anybody who took that advice as "loony" - because, well, it's a loony idea.

In the Texas girl's case, it's loonier than first glance makes it seem. Not only was she herself lying about her age, but the "predator" who "assaulted" her was only 19. The idea of a suit claiming $30m in damages for being caught snogging illicitly could probably only be taken seriously in America.

But the absurdity of this case doesn't mean the danger isn't real. MySpace is a great, exciting place for teens to hang out, because of, not in spite of, the danger. The danger requires parents to be aware of the risks, rather than treating chatrooms as somewhere kids are going to be safe.

Parents often think their teen is safe while using MySpace. It would be nice to see how long that argument lasted if your kids got into trouble in the local pub. The difference is that we know the pub is a dodgy place to be, and we don't let underage people go there unsupervised.

So why are people trying to use the internet as a baby-sitting service? There are a lot of places where it isn't safe to leave unsupervised kids. The TV isn't a babysitter, the pub isn't a creche, and the internet isn't a safe place where innocent and naive people can be allowed to operate unsupervised either. Why are we trying to pretend it can be?

It's been apparent to me that the internet is like the real world since the first online databases started up. It's full of educational stuff, and it's full of dangers, too. You can't let children roam the streets on their own; so why are we trying to be scandalised by the discovery that the net can't be sanitised?

The lesson is one that doesn't need a sermon about this week's MySpace scandal to drive home. The world is a dangerous place, and if you want your children to be safe you have to keep an eye on them.

Somehow, the seductive idea seems to have been accepted that the problem of dangerous criminals on the net can be solved by technology. A browser, people feel, can be programmed to ensure that innocent eyes see no naked skin - or at least, not skin covering certain parts of the body. Or a website can be programmed to check the birth certificates of people who claim to be 10 years old, and verify it.

Like most instinctive, intuitive approaches to computer security, this is insane.

What we know from studying security systems for large corporations is that a perimeter protection doesn't work. As soon as you have a stone wall you find yourself believing that everybody inside that stone wall is on your side.

In social terms, that leads to absurdities. Like America prohibiting journalists from overseas entering the country, while steadfastly giving freedom of access to secure government sites by illegal immigrants; or preventing children with Muslim names from visiting the Smithsonian, while local-grown terrorists are welcomed.

And we all remember the old days when strong encryption algorithms were being developed for American corporations in Cambridge, and after the software was sent to America for testing, it couldn't be sent back to Cambridge for debugging.

These days, we're seeing security people advocating security systems which assume that malware can penetrate the firewall. Instead of pretending that intrusion can be prevented, the system has to deal with penetration, and respond robustly.

This approach to social problems seems unthinkable.

In terms of protecting children from paedophiles, obviously the most effective thing society could do would be to take all babies away from their parents until they (the parents) had been positively vetted, since by far the majority of child abuse takes place in the home (by an order of magnitude). Since we obviously can't actually do that, we seem programmed to run around in helpless circles saying that we will kill the sexual predators; and that if we can't, then we have to make sure our children never meet them.

It can't be done. And paradoxically, the closer we get to systems that achieve a reasonable score in keeping evildoers out, the more vulnerable we are to attack from those evildoers who bypass our filters.

So when the Attorney General of a US State speaks of requiring MySpace to achieve giant strides, it's worth suggesting that he's not only being unreasonable; he may even be making things worse.

The simple argument is that if parents think MySpace is a safe place to leave their children alone, they are likely to leave them far more vulnerable to the predators who do break in, than if they recognise the reality of the situation.

That reality is that predators will break in. The way to deal with it is to supervise and monitor, so that people know they are being watched - exactly the same way you stop fights in the school playground. It's not rocket science. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.