The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #232 [spaf's (and other's) comments] (1 message, 1955 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/232.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: encore!pinocchio!bzs@talcott.harvard.edu (Barry Shein)
To: phage
Date: Thu 14:27:14 10/11/1988 EST
Subject: spaf's (and other's) comments
References: [Thread Prev: 221] [Thread Next: 126] [Message Prev: 230] [Message Next: 234]


From: Gene Spafford <purdue.edu!spaf@talcott.harvard.edu>
>Consider:
>  * passing a test or completing a course does not show
>    competency

I was arguing primarily for the equivalent of a Ham radio operator's
license, to prove that one might understand the laws, responsibilities
and reasonable codes of conduct involved, and perhaps that they're not
so untrained/stupid that they're likely to hurt others if let near a
computer, including a question or two about basic shock hazard or
shuffling along the carpet and then hugging your IMP.

Perhaps once in one's life a person should read something that tried
to convince him/her/it that most hacking around with systems is
neither funny nor original nor likely to gain you fame and fortune
(outside of, perhaps, a few adolescent friends) and explained the
value of data, people's time etc. Something a freshman could pass
after an evening or two's study, that's all.

More important, it means it can be taken away (after a STANDARDIZED
due process), from anyone, and no more access to shared facilities,
thus go flip burgers for a living. It would of course be a serious
offense, something like Morris was accused of, and would normally (one
would assume) be for some period of time.

I was aware of the broader issues with competency licensing and even
addressed them, you're arguing with a straw man here.

>  * other professions with certifications do not exhibit a more
>    exemplary level of behavior, as shown in many studies

But they do have some method of dealing with serious problems,
decertification etc.

>  * state and federal laws might then come into play for
>    licensing in various locales, and this is also unlikely
>    to be beneficial

I thought FBI/NCSC/NSA just called you?

That's the whole POINT*, the f*cking state and federal laws are in
there duking away already trying to establish codes of conduct and
appropriate punishment etc.

This is almost humorous, am I being subtle? Are we having fun yet?

>Perhaps the most telling point is that once there is a licensing
>body and a license to be held (or certificate or whatever), we
>are much more likely to be liable for suits of malpractice because
>we will have a defined profession!  The current lack of formal
>specifications and licensing is actually a form of protection.

Right, now in order to avoid paying malpractice insurance (which
likely wouldn't be terribly high and would be passed on anyhow,
something people who take responsibility *deserve*) you just get to
face 20-year prison sentences and other imaginative punishments for
your errors/stupidity/etc.

I'm not convinced that some level of professional organization and at
least minimal competency etc would be such a bad thing, say as much as
we require for a driver's license.

I'm sure there were MD's who gave the same exact arguments until they
realized it was better to get sued for malpractice or decertification
and deal with that rather than getting lynched by some local mob for
what might have been an honest error.

And to have an organization who's responsibility is to police
professional ethics, of by and for professionals. It ain't perfect, no
sir, but the alternative (law enforcement agencies being the sole
investigatory etc. agencies) *really* sucks!

Think about it again.

	-Barry Shein, ||Encore||

* Excited, not angry.

END OF DOCUMENT