Original URL: http://www.theregister.co.uk/2006/06/28/myspace_opinion/
MySpace case opens security can of worms
It's time to face reality
Opinion A fourteen-year old girl is suing MySpace for £30m after she was allegedly assaulted by a man she met on the popular teen hangout site.
Here's a great idea for all you harassed single-parent readers. Why not send the kids off to the pub? It's a social centre, with many intelligent, and also many interesting characters. And you can get on with some work, or sleep, or just catch up with your meditation!
It's easy to condemn anybody who took that advice as "loony" - because, well, it's a loony idea.
In the Texas girl's case, it's loonier than first glance makes it seem. Not only was she herself lying about her age, but the "predator" who "assaulted" her was only 19. The idea of a suit claiming $30m in damages for being caught snogging illicitly could probably only be taken seriously in America.
But the absurdity of this case doesn't mean the danger isn't real. MySpace is a great, exciting place for teens to hang out, because of, not in spite of, the danger. The danger requires parents to be aware of the risks, rather than treating chatrooms as somewhere kids are going to be safe.
Parents often think their teen is safe while using MySpace. It would be nice to see how long that argument lasted if your kids got into trouble in the local pub. The difference is that we know the pub is a dodgy place to be, and we don't let underage people go there unsupervised.
So why are people trying to use the internet as a baby-sitting service? There are a lot of places where it isn't safe to leave unsupervised kids. The TV isn't a babysitter, the pub isn't a creche, and the internet isn't a safe place where innocent and naive people can be allowed to operate unsupervised either. Why are we trying to pretend it can be?
It's been apparent to me that the internet is like the real world since the first online databases started up. It's full of educational stuff, and it's full of dangers, too. You can't let children roam the streets on their own; so why are we trying to be scandalised by the discovery that the net can't be sanitised?
The lesson is one that doesn't need a sermon about this week's MySpace scandal to drive home. The world is a dangerous place, and if you want your children to be safe you have to keep an eye on them.
Somehow, the seductive idea seems to have been accepted that the problem of dangerous criminals on the net can be solved by technology. A browser, people feel, can be programmed to ensure that innocent eyes see no naked skin - or at least, not skin covering certain parts of the body. Or a website can be programmed to check the birth certificates of people who claim to be 10 years old, and verify it.
Like most instinctive, intuitive approaches to computer security, this is insane.
What we know from studying security systems for large corporations is that a perimeter protection doesn't work. As soon as you have a stone wall you find yourself believing that everybody inside that stone wall is on your side.
In social terms, that leads to absurdities. Like America prohibiting journalists from overseas entering the country, while steadfastly giving freedom of access to secure government sites by illegal immigrants; or preventing children with Muslim names from visiting the Smithsonian, while local-grown terrorists are welcomed.
And we all remember the old days when strong encryption algorithms were being developed for American corporations in Cambridge, and after the software was sent to America for testing, it couldn't be sent back to Cambridge for debugging.
These days, we're seeing security people advocating security systems which assume that malware can penetrate the firewall. Instead of pretending that intrusion can be prevented, the system has to deal with penetration, and respond robustly.
This approach to social problems seems unthinkable.
In terms of protecting children from paedophiles, obviously the most effective thing society could do would be to take all babies away from their parents until they (the parents) had been positively vetted, since by far the majority of child abuse takes place in the home (by an order of magnitude). Since we obviously can't actually do that, we seem programmed to run around in helpless circles saying that we will kill the sexual predators; and that if we can't, then we have to make sure our children never meet them.
It can't be done. And paradoxically, the closer we get to systems that achieve a reasonable score in keeping evildoers out, the more vulnerable we are to attack from those evildoers who bypass our filters.
So when the Attorney General of a US State speaks of requiring MySpace to achieve giant strides, it's worth suggesting that he's not only being unreasonable; he may even be making things worse.
The simple argument is that if parents think MySpace is a safe place to leave their children alone, they are likely to leave them far more vulnerable to the predators who do break in, than if they recognise the reality of the situation.
That reality is that predators will break in. The way to deal with it is to supervise and monitor, so that people know they are being watched - exactly the same way you stop fights in the school playground. It's not rocket science. ®