Hmmm... That’s an interesting point. Are you postulating that the desire to do harmful hacking (to be specific and not indict all hackers) is comparable to alcohol or drug addiction?
At any rate, IF the vast majority of the populace had been willing to support whatever penalties were necessary to make Prohibition effective, it would have been successful. Certainly there are countries in which this has been done, with general success. Prohibition failed in the U.S. because the vast majority of the U.S. populace was not so inclined.
That’s not to say no one would ever get their hands on an alcoholic beverage, given my “IF”. There are always some cracks. (Oh, BTW, I am not a tee-totaler. I am just commenting on your example. )
Now, in the case of the Internet, you are correct: You’d probably have to get some sort of essentially world-wide treaty going (with real penalties for countries unwilling to go along with it) to crack down on harmful hacking. But, I think this problem will eventually become so big, and cost everyone so much money, that it will come to pass. Once it does, you don’t have to find every offender. You find a few, and administer Saudi Arabian style justice. Even that would not end the problem. But it would lessen it.
Then again... Back in my college days, when I was studying Electrical Engineering, I was too doggone busy to get into such trouble. (The story of my life!) Maybe there is an answer there... ?
Not at all. The analogy was about the effectiveness of laws to control behavior, not about the behavior itself.
Then again... Back in my college days, when I was studying Electrical Engineering, I was too doggone busy to get into such trouble.
Not really. The people that do the hacking are often professional programmers. Because so much Internet software is made up of layers of software from different sources, testing will often indicate a bug when testing how one layer of software interacts with another.
As an example:
Let's say I have a store on the Internet. I use a piece of software that the web server interacts with. A user connects to the web server and enters data. The web server passes that data to the application that processes the order.
When a new version of the web server software comes out, the manufacturer of the store software tests his application to make sure that it works properly with the new web server.
He finds a bug. Normally, the field where you type your credit card number in expects only numbers. You find that if you put in a string of hex code, it causes the application to crash.
In the previous version of the web server software, the web server properly read in the HTML instructions and filtered out anything that wasn't a number. The new version doesn't.
He found the bug by deliberately sending out-of-scope data to the web server, but the bug could be triggered accidentally by having, say, your cat jump on your keyboard while you were ordering from my site.
One person, a professional, found the bug. So can someone else, sometimes by accident.
And a third party may be looking for a way to crash my server.
All three of these people can find the same bug. You can't assume that just because someone finds an exploit that they intend harm.
For years, conservatives have resisted the idea of the UN being our police. And Internet police force would have much the same mandate. And it would suck.
Rather than that, how about we leave the Internet alone. People that have broken software should fix it, assume there are still more bugs that haven't been found yet and take action accordingly.
Because you are never, even with an Internet Police force, going to be able to stop systems from being exploited. It's too easy to hide, it's too easy to have a plausible answer for doing what you did and it's too much of a burden on regular, everyday Internet users to subject them to layers of UN-style corruption just to catch a few system exploiters. The cure would be worse than the disease.