Feeds

MySpace case opens security can of worms

It's time to face reality

Secure remote control for conventional and virtual desktops

Opinion A fourteen-year old girl is suing MySpace for £30m after she was allegedly assaulted by a man she met on the popular teen hangout site.

Here's a great idea for all you harassed single-parent readers. Why not send the kids off to the pub? It's a social centre, with many intelligent, and also many interesting characters. And you can get on with some work, or sleep, or just catch up with your meditation!

It's easy to condemn anybody who took that advice as "loony" - because, well, it's a loony idea.

In the Texas girl's case, it's loonier than first glance makes it seem. Not only was she herself lying about her age, but the "predator" who "assaulted" her was only 19. The idea of a suit claiming $30m in damages for being caught snogging illicitly could probably only be taken seriously in America.

But the absurdity of this case doesn't mean the danger isn't real. MySpace is a great, exciting place for teens to hang out, because of, not in spite of, the danger. The danger requires parents to be aware of the risks, rather than treating chatrooms as somewhere kids are going to be safe.

Parents often think their teen is safe while using MySpace. It would be nice to see how long that argument lasted if your kids got into trouble in the local pub. The difference is that we know the pub is a dodgy place to be, and we don't let underage people go there unsupervised.

So why are people trying to use the internet as a baby-sitting service? There are a lot of places where it isn't safe to leave unsupervised kids. The TV isn't a babysitter, the pub isn't a creche, and the internet isn't a safe place where innocent and naive people can be allowed to operate unsupervised either. Why are we trying to pretend it can be?

It's been apparent to me that the internet is like the real world since the first online databases started up. It's full of educational stuff, and it's full of dangers, too. You can't let children roam the streets on their own; so why are we trying to be scandalised by the discovery that the net can't be sanitised?

The lesson is one that doesn't need a sermon about this week's MySpace scandal to drive home. The world is a dangerous place, and if you want your children to be safe you have to keep an eye on them.

Somehow, the seductive idea seems to have been accepted that the problem of dangerous criminals on the net can be solved by technology. A browser, people feel, can be programmed to ensure that innocent eyes see no naked skin - or at least, not skin covering certain parts of the body. Or a website can be programmed to check the birth certificates of people who claim to be 10 years old, and verify it.

Like most instinctive, intuitive approaches to computer security, this is insane.

What we know from studying security systems for large corporations is that a perimeter protection doesn't work. As soon as you have a stone wall you find yourself believing that everybody inside that stone wall is on your side.

In social terms, that leads to absurdities. Like America prohibiting journalists from overseas entering the country, while steadfastly giving freedom of access to secure government sites by illegal immigrants; or preventing children with Muslim names from visiting the Smithsonian, while local-grown terrorists are welcomed.

And we all remember the old days when strong encryption algorithms were being developed for American corporations in Cambridge, and after the software was sent to America for testing, it couldn't be sent back to Cambridge for debugging.

These days, we're seeing security people advocating security systems which assume that malware can penetrate the firewall. Instead of pretending that intrusion can be prevented, the system has to deal with penetration, and respond robustly.

This approach to social problems seems unthinkable.

In terms of protecting children from paedophiles, obviously the most effective thing society could do would be to take all babies away from their parents until they (the parents) had been positively vetted, since by far the majority of child abuse takes place in the home (by an order of magnitude). Since we obviously can't actually do that, we seem programmed to run around in helpless circles saying that we will kill the sexual predators; and that if we can't, then we have to make sure our children never meet them.

It can't be done. And paradoxically, the closer we get to systems that achieve a reasonable score in keeping evildoers out, the more vulnerable we are to attack from those evildoers who bypass our filters.

So when the Attorney General of a US State speaks of requiring MySpace to achieve giant strides, it's worth suggesting that he's not only being unreasonable; he may even be making things worse.

The simple argument is that if parents think MySpace is a safe place to leave their children alone, they are likely to leave them far more vulnerable to the predators who do break in, than if they recognise the reality of the situation.

That reality is that predators will break in. The way to deal with it is to supervise and monitor, so that people know they are being watched - exactly the same way you stop fights in the school playground. It's not rocket science. ®

The essential guide to IT transformation

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer quits Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.