Thursday, September 20, 2007

computer security and end users, part 1

Meteorplum and I have been having an interesting e-mail exchange, prompted by a provocative article Bruce Schneier posted, in which he compared insecure end-user computers to a public health hazard and suggested requiring ISPs to provide technical support. I posted a very brief comment, and the next day our exchange began. With Meteorplum's permission, I'll post it here.

From Meteorplum:

1. Did you deliberately misspell your handle on your comment? The link is correct, but you're listed as "Fales Data".

2. How do you think the burden of securing PCs could be shifted?

I'm thinking something along the car/driving model myself, with some form of mandatory PC user education/course and a test. It doesn't prevent anyone without a license from buying or using a PC, but they'd be fully on the hook for what the PC did if they don't have a license. In home environments, parents would be liable for their children's (mis)usage unless the kids are themselves licensed. Libraries and internet cafes will certainly change their policies to something akin to car rental agreements. I can certainly foresee much opposition, but no less so than early car owners (and some current gun owners).

No comments: