RE: [funsec] McColo: Major Source of Online Scams andSpams KnockedOffline (fwd)

I don't think you want to do that. It has been done in Germany, and there's been, for example, a chilling effect on legitimate security research that just makes *everyone* worse off. Precisely in that case because, as you noted, dual use tools exist - and as you made note as an unpleasant possibility in your message, they got caught up in the middle of this sort of legislation.

Trying to regulate distribution of something on the Internet is both futile and dangerous, in general, IMO. It is certainly not going to make a dent on what malicious people do (they're probably breaking the law already or out of jurisdiction anyway).

The only real side effect of such action that I can see is much pain and angst by legitimate people trying to do their job and wondering if they are going to risk having their lives ruined by running afoul of ill-conceived legislature trying to ban distribution of "tools".

This is not the correct path, I think. Whatever the correct path is is likely to be a much more complex target, but many attempts at legislating the Internet often come out as so broad that you could find a way to use them against any ordinary sysadmin.

I thik that given past attempts, it is unlikly that there will be legislature that is both effective at criminalizing McColo and avoids the sort of environment where basic general Internet use is risky from a legal perspective.

(And we're perhaps a tad too close to that now. One does not wish to consider what'd happen if one got link-bombed with a shady site hosting "illegal" content that showers you in a badness pop-up deluge, and then got pulled over for a full computer search by the border patrol. Does trying to explain the concept of that situation before a jury as a defense for having a porn pic sitting around in your browser cache sound appealing?)

Now, I'm not trying to say that the correct laws cannot be made. But you had better be damn sure they're the right laws before they get passed. Many of the issues here are subtle and significant, ones that traditionally Internet-facing laws hve glossed over to th public detriment. Explaining such things to legislators is hard enough; you don't want to be stuck trying to fend off wrong charges from an overzealous prosecutor on subtle and highly technical grounds if you find yourself.

Because the danger from making the *wrong* laws is so great here, we really need to be very careful what we're calling for.

- S