Feeds

MySpace case opens security can of worms

It's time to face reality

3 Big data security analytics techniques

Opinion A fourteen-year old girl is suing MySpace for £30m after she was allegedly assaulted by a man she met on the popular teen hangout site.

Here's a great idea for all you harassed single-parent readers. Why not send the kids off to the pub? It's a social centre, with many intelligent, and also many interesting characters. And you can get on with some work, or sleep, or just catch up with your meditation!

It's easy to condemn anybody who took that advice as "loony" - because, well, it's a loony idea.

In the Texas girl's case, it's loonier than first glance makes it seem. Not only was she herself lying about her age, but the "predator" who "assaulted" her was only 19. The idea of a suit claiming $30m in damages for being caught snogging illicitly could probably only be taken seriously in America.

But the absurdity of this case doesn't mean the danger isn't real. MySpace is a great, exciting place for teens to hang out, because of, not in spite of, the danger. The danger requires parents to be aware of the risks, rather than treating chatrooms as somewhere kids are going to be safe.

Parents often think their teen is safe while using MySpace. It would be nice to see how long that argument lasted if your kids got into trouble in the local pub. The difference is that we know the pub is a dodgy place to be, and we don't let underage people go there unsupervised.

So why are people trying to use the internet as a baby-sitting service? There are a lot of places where it isn't safe to leave unsupervised kids. The TV isn't a babysitter, the pub isn't a creche, and the internet isn't a safe place where innocent and naive people can be allowed to operate unsupervised either. Why are we trying to pretend it can be?

It's been apparent to me that the internet is like the real world since the first online databases started up. It's full of educational stuff, and it's full of dangers, too. You can't let children roam the streets on their own; so why are we trying to be scandalised by the discovery that the net can't be sanitised?

The lesson is one that doesn't need a sermon about this week's MySpace scandal to drive home. The world is a dangerous place, and if you want your children to be safe you have to keep an eye on them.

Somehow, the seductive idea seems to have been accepted that the problem of dangerous criminals on the net can be solved by technology. A browser, people feel, can be programmed to ensure that innocent eyes see no naked skin - or at least, not skin covering certain parts of the body. Or a website can be programmed to check the birth certificates of people who claim to be 10 years old, and verify it.

Like most instinctive, intuitive approaches to computer security, this is insane.

What we know from studying security systems for large corporations is that a perimeter protection doesn't work. As soon as you have a stone wall you find yourself believing that everybody inside that stone wall is on your side.

In social terms, that leads to absurdities. Like America prohibiting journalists from overseas entering the country, while steadfastly giving freedom of access to secure government sites by illegal immigrants; or preventing children with Muslim names from visiting the Smithsonian, while local-grown terrorists are welcomed.

And we all remember the old days when strong encryption algorithms were being developed for American corporations in Cambridge, and after the software was sent to America for testing, it couldn't be sent back to Cambridge for debugging.

These days, we're seeing security people advocating security systems which assume that malware can penetrate the firewall. Instead of pretending that intrusion can be prevented, the system has to deal with penetration, and respond robustly.

This approach to social problems seems unthinkable.

In terms of protecting children from paedophiles, obviously the most effective thing society could do would be to take all babies away from their parents until they (the parents) had been positively vetted, since by far the majority of child abuse takes place in the home (by an order of magnitude). Since we obviously can't actually do that, we seem programmed to run around in helpless circles saying that we will kill the sexual predators; and that if we can't, then we have to make sure our children never meet them.

It can't be done. And paradoxically, the closer we get to systems that achieve a reasonable score in keeping evildoers out, the more vulnerable we are to attack from those evildoers who bypass our filters.

So when the Attorney General of a US State speaks of requiring MySpace to achieve giant strides, it's worth suggesting that he's not only being unreasonable; he may even be making things worse.

The simple argument is that if parents think MySpace is a safe place to leave their children alone, they are likely to leave them far more vulnerable to the predators who do break in, than if they recognise the reality of the situation.

That reality is that predators will break in. The way to deal with it is to supervise and monitor, so that people know they are being watched - exactly the same way you stop fights in the school playground. It's not rocket science. ®

High performance access to file storage

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.