Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
System administrator == (Bouncer|Wheel Clamper)

By Builder in Internet
Sat May 12, 2001 at 03:08:10 PM EST
Tags: Freedom (all tags)
Freedom

The UK have just passed a law requiring that people involved in giving advice regarding "security precautions in relation to any risk to property" have to have a licence. The problem is that they didn't include the word physical.


This means that they have the option of forcing all people who work with computer security to get a licence. Written an ipf script? Get a licence. Setup tcp_wrappers? Get a licence. Turned off file and printer sharing on a Windows machine? Get a licence. The link to the story on the register is here. Details about the history of this bill can be found by following the links at the bottom of that page.

The gestapo^H^H^H^H^H^H^HHome Office do state that their intent is not to licence computer personel, but after vigorous lobying by the CBI, they were unprepared to amend the bill to only include physical security, not logical. After this lobying they still passed the bill with 315 votes to 111. If, after the ommition being pointed out to you, and after lobying by one trade group you still pass the bill without ammendments, then you must have plans for something!

I'm not sure if they will try and force me to get a licence. I know I won't be happy if they do. The UK already store loads of information about me, and I'm not keen to give them more. This is becoming more and more like a police state. Soon I'll have to present my papers when going for interviews. I'm not happy.

More importantly, the UK Department of Trade and industry keep complaining that there is a skills shortage in the IT industry. I still don't really agree with that, but if that is the case, why add another barrier to entry? This is just going to make it harder for people to get into this game!

Anyway, I just thought I'd point this out to everyone. If you're not from the UK, be vigilant. Make sure you try and stop your government when they try to licence you. If you are from the UK, refuse to get the licence. If everyone refuses, and they raise a fuss, it will put great stumbling blocks in the textiles minister's plans to be the world's leading e-commerce country!

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Should people who work with security be licenced?
o Yes 10%
o No 39%
o For certain business sectors only 50%

Votes: 78
Results | Other Polls

Related Links
o here
o Also by Builder


Display: Sort:
System administrator == (Bouncer|Wheel Clamper) | 69 comments (48 topical, 21 editorial, 0 hidden)
It could be a good thing (3.50 / 4) (#1)
by theboz on Thu May 10, 2001 at 04:39:12 PM EST

If the license means they have to be trained in a particular area...for example if they are doing unix security they take some unix classes to get the license then it's a good thing. It will help make sure that businesses don't hire jackasses that are pretending to know computers but really end up costing the company over half a million dollars in lost revenue and salaries of idle people because they are too stupid to split the mirror when they are installing patches, or they don't know how to use the "su" command even though they somehow logged in as root. I speak from experience, I wish they had this in the U.S. because it's bad when the developers know more unix than the system administrators.

On the other hand, this could mean they are required to get MCSE certified, in which all hope is lost.

Stuff.

MCSE (5.00 / 3) (#6)
by enterfornone on Thu May 10, 2001 at 04:50:30 PM EST

Too many are under the delusion that MCSE is some special type of meaningless certification while Cisco, Sun, Linux certs as well as college degrees and now security licences are meaningful.

A piece of paper without any experience to back it up is a piece of paper regardless of who supplies it. The people who point to MCSE as the only meaningless cert are as bad as the rest of the anti-MS crowd.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
Other meaningless certifications (3.50 / 2) (#10)
by theboz on Thu May 10, 2001 at 05:04:42 PM EST

You are correct. It's just that I, as someone who slept through some MCSE classes and still passed some of the tests easily from reading a book or two (before I stopped working with MS products) I like to pick on it. When I say Minsweeper Competant Solitaire Expert, it's memories of sitting being really bored in my classes. In My NT 4.0 Core classes, I had internet access so I learned how to hack NT and use programs to break the lanman passwords and do fun things to the school network. However, in other classes like MS SQL Server Administration, I sat in there playing minesweeper and got really good at it. So it's not just me bashing MS, it's me making fun of certification in general by laughing at the one I know best.

Stuff.
[ Parent ]

New MCSE requirements (4.00 / 3) (#18)
by WinPimp2K on Thu May 10, 2001 at 05:33:19 PM EST

Not to debate the relative value of the MCSE to other certifications, but MSFT has recently made one of the requirements to get it a years experience administrating a 150 node network. This will definitely cut back on the number of new MCSEs entering the workforce. Not an encouraging thought when a government body might decide to make it a legal requirement for employment

[ Parent ]
New MCSE requirements? (none / 0) (#34)
by enterfornone on Thu May 10, 2001 at 10:42:03 PM EST

Got any links for that? I keep a close eye on certification news sites as well as the MS MCP site and I haven't heard anything like that.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
My bad (none / 0) (#54)
by WinPimp2K on Fri May 11, 2001 at 01:31:10 PM EST

I checked the Microsoft site

It does list the following

An MCSE candidate should have at least one year of experience implementing and administering a network operating system in environments with the following characteristics:

  • 200 to 26,000 supported users
  • 5 to 150 physical locations

It looks like I read something elsewhere that took these and the "Should haves" and changed them to "must haves"

[ Parent ]

No, you take the course in Pub Bouncing (4.00 / 1) (#48)
by Paul Johnson on Fri May 11, 2001 at 10:05:14 AM EST

AIUI from The Register, the beef with this law is not merely that it requires them to be licensed, but that the licensing regime is designed for physical security personnel. So before you are allowed to sysadmin that Linux box you have to learn how to eject drunks from pubs.

When challenged, the Home Office said that this was due to an oversight and they had no intention whatsoever of regulating the computer security industry. But they still didn't change the law.

The latest Register story, with links to their previous stories on this issue and the actual law itself is here.

Paul.
You are lost in a twisty maze of little standards, all different.
[ Parent ]

of course it's a police state (3.60 / 10) (#7)
by dennis on Thu May 10, 2001 at 04:58:01 PM EST

You're just noticing? You've put cameras on every streetcorner you can afford, you've given your government a monopoly on physical force, you've allowed your government to monitor all your emails. When you give a government all the tools to become a totalitarian regime, don't be surprised when they become a totalitarian regime. You're not there yet, but the handwriting's on the wall.

Not just noticing :( (none / 0) (#11)
by Builder on Thu May 10, 2001 at 05:05:15 PM EST

I wish I was only just noticing this. While I don't have a huge problem with the CCTV cameras, I dissagree with most other steps the government have used to erode our freedom. I would gladly sacrifice the small additional safety that the cameras give us in exchange for the right to defend myself and my family.

I write my MP (Member of Parlaiment), I phone my MP every time an issue like this comes up. But one man doesn't change much. So I post here. I tell anyone who will listen. And often I feel that I leave it too late. I did again. :(


--
Be nice to your daemons
[ Parent ]
you can always (none / 0) (#12)
by cory on Thu May 10, 2001 at 05:11:56 PM EST

Move to the Good Ol', like my great-granddad did (by way of Canada and Mexico, but that's a long story). Not that we're much farther behind you (UK) in terms of being a police state, but hey, even a little bit more freedom is more freedom.

Though actually, this can seque into a question I asked on another board (no, not that one). What country currently has the best record for freedom for its citizens? Something tells me Switzerland or one of the Low Countries would be a safe bet, but having never been to any of them I can't say for sure.

Cory


[ Parent ]
Switzerland... (none / 0) (#25)
by MrSmithers on Thu May 10, 2001 at 08:16:16 PM EST

While I can't speak for the freedoms there (only been on a couple short visits), I have always wondered if letting cops carry automatic weapons helps the crime rate any :)

Although it might be worth giving up a couple freedoms just to be able to enjoy all the great chocolate...

[ Parent ]
not just the cops... (4.00 / 1) (#37)
by Greyshade on Fri May 11, 2001 at 01:55:26 AM EST

this site is the first one that google pulled when I did a search...

Here's a relevent quote:

In the case of Switzerland, for example, military service for males is compulsory, and according to the Federal Constitution of 1874, all military servicemen receive arms (most commonly "assault weapons").[41] As soon as the government adopts a new infantry rifle, it sells the old ones to the public.[42] As a result, a nation of only six million people has at least two million guns, including over 600,000 fully automatic assault rifles (more than in the United States) and 500,000 pistols.[43] Even without a strict registration scheme, the Swiss homicide (p.771)rate is only fifteen percent of the American rate, and to the extent that guns are used in crime, the weapon is usually a stolen pistol or revolver.[44] The correlation between access to a firearm and criminality does not, therefore, appear to be as tautological as gun control advocates claim.

[ Parent ]

*wow!* that's dishonest (none / 0) (#40)
by streetlawyer on Fri May 11, 2001 at 02:44:47 AM EST

Even without a strict registration scheme, the Swiss homicide (p.771)rate is only fifteen percent of the American rate ....

.... and therefore the highest in Europe, in an extremely racially homogeneous society with extremely low income inequality.

--
Just because things have been nonergodic so far, doesn't mean that they'll be nonergodic forever
[ Parent ]

If you want honesty... (none / 0) (#49)
by dennis on Fri May 11, 2001 at 10:26:24 AM EST

and therefore the highest in Europe

Let's see your source for that.

[ Parent ]

But higher than (none / 0) (#52)
by weirdling on Fri May 11, 2001 at 12:04:27 PM EST

Italy, Belgium, France and Finland, based on numbers from 1993. Second graph down.
In your defense, I don't believe you are being dishonest, just poorly informed.
Actually, the numbers are much worse than that, as many European states only count convictions, while the US counts reports, meaning that the US will always have a higher violent crime rate because there is many times more reports than convictions...

I'm not doing this again; last time no one believed it.
[ Parent ]
it *is* somewhat misleading, though (4.00 / 1) (#58)
by rawthorne on Fri May 11, 2001 at 07:08:17 PM EST

since it "neglects" the fact that most of the firearms in Swiss hands are there for military purposes, but fails to count the firearms in the posession of the US military.

Won't go into the gun-regulation-crime-rate thing (been there, done that, got bored, left), but such "statistics" don't really deserve the name.

[ Parent ]

Highest in europe? (none / 0) (#60)
by delmoi on Sat May 12, 2001 at 03:37:45 PM EST

You're telling me that the murder rate in Switzerland is higher then say, Turkey, Serbia, or Kazakhstan?

Right...
--
"'argumentation' is not a word, idiot." -- thelizman
[ Parent ]
Kazakhstan?!? (none / 0) (#64)
by Chris Andreasen on Sun May 13, 2001 at 12:38:15 AM EST

You're telling me that the murder rate in Switzerland is higher then say, Turkey, Serbia, or Kazakhstan?
Kazakhstan?!? Last time I checked Kazakhstan was smack dab in the middle of Asia, not Europe...
--------
Is public worship then, a sin,
That for devotions paid to Bacchus
The lictors dare to run us in,
and resolutely thump and whack us?

[ Parent ]
Racial homogeneity? (none / 0) (#69)
by kirghiz on Thu May 17, 2001 at 11:31:27 AM EST

Racially homogenous? Perhaps, though I'm not sure. Culturally homogenous, certainly not. There are French, German and Italian cantons, speaking three different languages. After all, the Arabs and Israelis are racially homogenous...

[ Parent ]

little known Franklin quote (none / 0) (#57)
by cory on Fri May 11, 2001 at 04:41:02 PM EST

Most people don't know, but Ben Franklin put a correllary to his famous quote about freedom and security. The whole thing goes like this: "Those who would sacrifice an essential freedom for a temporary safety deserve neither liberty nor safety. But I'd give up both for a decent chocolate truffle any day of the week."

Cory


[ Parent ]
Serious question (4.00 / 1) (#21)
by dennis on Thu May 10, 2001 at 06:18:03 PM EST

I'll admit to being a bit trollish in the above post, and I apologize, I can see you're doing what you can...but here's something I'd really like to know--what do your fellow British citizens feel about all this? When you talk to the average nongeek person over there, are they all upset about it, or do most of them think it's the best way to control the nasty criminals? If I lived there, the answer to this question would determine whether I stayed and tried to fix things, or got the heck out.

Also, if you don't mind the CCTV cameras, are you aware of the efforts to hook them into face recognition software/databases?

[ Parent ]

And in fairness... (none / 0) (#50)
by keyeto on Fri May 11, 2001 at 11:07:46 AM EST

... we that live in the UK haven't actually gone out of our way to give these powers to our government. Rather our government has imposed these powers upon us, against our will, and against the advice of civil rights groups.

The UK government is not unique in this either, how many governments can you think of that never even once imposed an unwanted power over its citizens? I do know we are subjects rather than citizens, but I can't think of a word that encompasses both, but excludes foreign nationals merely living here.


--
"This is the Space Age, and we are Here To Go"
William S. Burroughs
[ Parent ]
What's unfair? (none / 0) (#51)
by dennis on Fri May 11, 2001 at 11:37:35 AM EST

we that live in the UK haven't actually gone out of our way to give these powers to our government. Rather our government has imposed these powers upon us, against our will

Do you have a vote?

All democracies get the government they deserve.

[ Parent ]

I do indeed have a vote... (none / 0) (#53)
by keyeto on Fri May 11, 2001 at 01:22:13 PM EST

... but as an anarchist, I do not exercise it. If passing the polling station while there's an election on, I spoil my ballot. I refuse to take part in legitemising any form of authoritarian government.


--
"This is the Space Age, and we are Here To Go"
William S. Burroughs
[ Parent ]
Idealistic but counterproductive (5.00 / 1) (#56)
by dennis on Fri May 11, 2001 at 02:36:14 PM EST

It would be nice if by taking such action you could choose to live in anarchy. But it doesn't work out that way - by taking no action to limit authoritarian government, you are choosing to live in totalitarianism. Because if you don't do anything to put limits on your government, it will be quite happy to put limits on you. And it won't care at all whether you've legitimized it.

[ Parent ]
Not voting (4.50 / 2) (#61)
by swr on Sat May 12, 2001 at 03:55:13 PM EST

by taking no action to limit authoritarian government, you are choosing to live in totalitarianism.

I'm not in the UK... Have any of the canditates promised to end the CCTV monitoring? Have any of the candidates promised to reverse the expansion of police powers? Have any of the candidates even acknowledged that some of the things going on are totalitarian?

If your only choices are totalitarianism and totalitarianism, which do you choose? If it makes no difference, should you just pick one anyway, and support it with your vote?

I don't know if it's really that bad in the UK, but the previous poster who advocated non-participation or ballot spoiling seems to be suggesting that it is.



[ Parent ]
Good point (none / 0) (#66)
by dennis on Sun May 13, 2001 at 12:59:36 PM EST

If your only choices are totalitarianism and totalitarianism, which do you choose?

Well that's a darn good point, and truth be told I felt kinda the same way about the two U.S. presidential candidates that had a shot at winning. Not quite sure what to do about it. Any suggestions?

The only thing I can think of is to start at the local level, where third-party candidates have a better shot. In the last election the only Libertarian candidates were in major offices--that approach is doomed to failure. Build a power base from the ground up, and even if the major parties still win the big elections, their "moderate" platforms will have to shift in your direction.

(Not that I actually know the first thing about political strategy.)

[ Parent ]

I have it easy compared to some (none / 0) (#67)
by keyeto on Mon May 14, 2001 at 07:29:36 AM EST

Compared to many states in south east Asia, central America, and an awful lot of Africa, it's very hard to say that the UK is really bad. People do get imprisoned for speaking out against the state, and the British libel laws are an effective way for the rich to silence dissent.

But that's just ordinary capitalism. I do see capitalism as the groundwork for totalitarianism though, especially in more recent years, where you see governments having to submit to the profiteering intentions of major corporations. This makes the act of voting itself even less relevent to the way you actually get to live. You don't even have the choice of your favourite particular brand of totalitarianism, the one you're getting is being imposed on governments, as well as the rest of us.

And you're right, this has to be built from the ground up. You cant reform totalistarianism, you can only smash it. Unfrtunately, there aren't enough people who support this point of view to make it happen yet. This is why it's important for the likes of me to keep banging on about anarchism. If nobody even gets to hear about this alternative, then failure to change society for the better is gauranteed.

On a final, I would be readily dismissed as a hypocrit if I did vote for a party. It would be much better if the "None Of These Candidates Are Acceptable" non-party were standing in my ward, as there is in some part of Wales (I forget precisely where). That would be a valid position to mark my vote against.

It's easy to brush off this sort of trivial acusatoiun, but I feel happier in myself quite important to be consistentSince it makes little difference anyway,
--
"This is the Space Age, and we are Here To Go"
William S. Burroughs
[ Parent ]
None Of These Candidates Are Acceptable (none / 0) (#68)
by priestess on Mon May 14, 2001 at 11:00:57 AM EST

It's a lot more work than not turning up to vote, and more expensive by far than spoiling a ballot paper but you could always raise the 500 quid deposit (easily double that if you're going to actually compaign) and stand yourself, on your own platform.

I was thinking of doing that myself, but I just moved house and I'll be lucky to even get a vote unless I wanna go back to my old ward to exercise it. I definately can't afford that deposit right now.

Pre......

----
My Mobile Phone Comic-books business
Robots!
[ Parent ]
CCTV (none / 0) (#62)
by Woodblock on Sat May 12, 2001 at 05:28:38 PM EST

I saw an interesting report on the Britich CCTV system. A man was annoyed at the constant bar fights outside his house, right on a corner with a CCTV camera. The police never came to investigate the fights. As an experiment, the man created an incredibly elaborate alien costume and started mulling about in front of the camera. Within minutes police came to stop this "crime". Makes you wonder to what extent the police choose which crimes are imporant, and which should be ignored. Not only are police states dangerous, but even more so when they choose which citizens to police.
-- Real computer scientists don't use computers.
[ Parent ]
Minus One - Too UK-centric (4.16 / 6) (#14)
by WinPimp2K on Thu May 10, 2001 at 05:21:33 PM EST

Just kidding! I've been following this on The Reg while waiting for more adventures of the BOFH to show up.

However since I'm not in the UK, I didn't bother to find out any of the details of the law. So a simple question. Since it simply doesn't distinguish between pub bouncers and sysadmins doesn't that mean that a single license is good for both?

I have this vision of a 4 hour class that involves watching Roadhouse (Patrick Swayze flick) and a few quick bits of hands on training in subduing agressive drunks, then taking your shiny new license and getting a job as Data Security Officer for the local Bank.

more usefully.. (none / 0) (#31)
by andrewm on Thu May 10, 2001 at 10:19:33 PM EST

finally, decent training on how to deal with people who demand access to the computer room. :)


(ok, I'm just kidding - but still, it had to be said :)


[ Parent ]
Ummm...I agree with law as quoted (none / 0) (#27)
by DesiredUsername on Thu May 10, 2001 at 08:34:21 PM EST

'...people involved in giving advice regarding "security precautions in relation to any risk to property" have to have a licence.'

Notice the "giving advice". So it doesn't apply if you turn off file and print sharing--just if you (presumably working as a consultant or something) advise someone to turn it off. That sounds reasonable. I'd sure hate to get a security consultant in who told me to "turn off file and print sharing" and said nothing else...

Play 囲碁
Giving advice vs. doing (none / 0) (#28)
by delmoi on Thu May 10, 2001 at 08:41:08 PM EST

Hrm, from what you said about the law, it wouldn't cause any problems for routine security administration, just giving advice.

So, securing your or your employers box wouldn't be a problem, but advising your boss might be a problem

I don't think it would cause to many problems as far as friendly advice either, I doubt the government would try to clamp down on people telling their friends they have a Linuxconf port open, or something.

In my mind, this would only affect "white-hat" hacker types, those working for security auditing companies.
--
"'argumentation' is not a word, idiot." -- thelizman
Perhaps it's just to avoid the boss looking stupid (none / 0) (#43)
by Ceebs on Fri May 11, 2001 at 04:57:29 AM EST

If as you say it only covers Advice Does this mean that it will be against the law for me to give him advice? Or when he goes off and does something incredibly stupid once again, he can then sack me Because the advice that I gave him and he ignored I gave him without a licence and so it was my fault?

[ Parent ]
Similar to Legal Advice (none / 0) (#55)
by RadiantMatrix on Fri May 11, 2001 at 02:03:50 PM EST

I imagine the phrasing of this law is similar to those here in the US that prevent the unlicensed from giving legal or investment advice. The idea is to protect people and organizations from getting poor advice from someone who doesn't know anything, since poor legal or investment advice can destroy someone.

It's easy to get around, though - if I give someone legal advice, I am always sure to be clear that I am not a lawyer, and that they shouldn't act on my advice without checking with one first. Same goes for financial advice.

If this bill works the same way, you merely have do disclaim your advice. To say "I believe your box is insecure for at least these reasons" is not advice, it is opinion. To say "If you close these ports, and turn off these services, you'll have a secure box" is advice. Just add "In my opinion" at the beginning and "but this isn't security advice" at the end, and you should be fine.

--
never put off until tomorrow what can be done the day after.
Express Yourself

[ Parent ]

I hate it, but... (3.71 / 7) (#30)
by DaveMe on Thu May 10, 2001 at 08:52:50 PM EST

I hate to do it, but I have to do the obligatory political correct comment to this. You wrote: gestapo^H^H^H^H^H^H^HHome Office. However you might feel about this law, please notice that the GeStaPo was a criminal, violent, and murdering organization, and comparing it to any, however questionable, democratical institution, is not only naive, but an unfair offense to who's trying to do their job.
At least in Germany, there's a wide consensus that this kind of comparisons is the retorical equivalent to saying "you surf the internet, so you encourage child pornography".
Thank you for your attention.

IIRC (4.00 / 1) (#33)
by enterfornone on Thu May 10, 2001 at 10:40:13 PM EST

The Gestapo were an arm of a democratically elected government.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
not really (none / 0) (#39)
by streetlawyer on Fri May 11, 2001 at 02:42:21 AM EST

the Gestapo was the security arm of the Nazi party, incorporated into the German state after the Nazis took power. This would not have been possible had Germany not ceased to be a democratic state in any meaningful sense in around 1934.

--
Just because things have been nonergodic so far, doesn't mean that they'll be nonergodic forever
[ Parent ]
really...not really! (4.00 / 2) (#41)
by ti dave on Fri May 11, 2001 at 04:15:50 AM EST

"the Gestapo was the security arm of the Nazi party, incorporated into the German state after the Nazis took power."

False.

The Sturmabteilung (SA or more commonly, the Brownshirts) were the security arm of the pre-Reich Nazi party. A bunch of Thugs really.

Hitler wisely purged the SA once he had consolidated his power.

The Gestapo, actually an acromnym for Geheimnes Staats Polizei (Secret State Police) was organized after the burning of the Reichstag, and Hitler's suspension of Civil Law.

Class Dismissed...

Cheers,

ti_dave


"If you dial," Iran said, eyes open and watching, "for greater venom, then I'll dial the same."

[ Parent ]
Partly correct (4.00 / 2) (#45)
by Highlander on Fri May 11, 2001 at 07:08:45 AM EST

It is always better style to support your argument with the nazi card, AFAI concerns me.

But he is correct in the analogy, because the nazi state required you to prove that you are a human, (in a way - don't flame me because of the strong word),
i.e. as not jewish.

I think laws of this kind are stupid. The right way would be to open up the police records, and have the police records track offenses which make you uneligible for certain, e.g. security related tasks.

The police record is already used, and it does not punish the law-abiding people by forcing them to waste their time acquiring a license.

Of course, you can contest that there should be police records at all, but please read my point above that shows that even more is wrong with laws like that.

Moderation in moderation is a good thing.
[ Parent ]

Licensing codifies the profession (4.00 / 1) (#36)
by turtleshadow on Fri May 11, 2001 at 01:08:44 AM EST

I know that in other professions people and businesses can be stripped of credentials or go out of business when its good name goes flat.
I meet "Security" professionals everyday but I have yet to hear any of my collegues discuss or mention any person that has lost or have been stripped of credentials because dubious ethics or practices or just plain incompetence.
Typically they're let go and move to another victim

I rarely hear few mentions of, "don't hire that person; her/his work never stood up to the test of time."
Computer security "experts" often bury their mistakes in "dead" projects & companies or can somehow dodge responsibility.

Are we doing ourselves and the IT security career field an injustice by tolerating slackers in the ranks?
I know that product certification, or industry experience doesn't equate an M.D. or well established name but some people, typically the trusting user it really makes no difference, somehow the tech mystique carries something with it. As the party in the "know" should we be taking steps to educate them or protect them?
Would it help if Companies began yanking credentials and publicly at that.

If our own industry can't police itsself government does it for us. It sounds like the U.K. had enough and acted.

I believe per a recent Gartner study IT based business has lost upwards of $1M US dollars an hour when IT breaches and failures occur.

In that light, for that kind of cash Government requiring IT Security Professionals to get they're act together, get a comman level of ability and get licensed is a small tax to pay.

Turtleshadow



I see so many posts like this from the UK. (3.00 / 4) (#38)
by elenchos on Fri May 11, 2001 at 02:03:01 AM EST

In the US, this level of paranoia would be limited to card-carrying members of the Michigan Militia or the Tim McVeigh Fan Club. But these dire warnings from our British friends seem to be the norm. What's the deal? They must be up to something. What? To collect personal information about you? For what purpose? Oh, wait, I know. For some purpose so sinister no one dare speak what it is!!!

I sort of wonder... if their real intent was to license sysadmins (for the evil purpose of making you give them information about you, for the evil purpose of... of... someting bad), why didn't they just say clearly that they want to license sysadmins, so that there would be no need for interpretation? The thing passed by a margin of 3 to 1 already, so they could easily afford to lose some votes and get the exact bill they wanted, rather than attempt to sneak something in. Whoever they are, and whatever they really intend.

The reason I find you whole sad, paranoid theory so unconvincing is that it lacks reason and detail. You just use FUD to create some kind of atmosphere of vague threat and general foreboding, but don't give any supporting explanation. No specifics. Just spooky warnings.

So anyway, thanks for the advice. I will definitely try to stop my government from doing... um, whatever it is that they ought not to do... before, um.. well, whatever bad thing I will be averting by preventing whatever that other thing was. Good thing you warned me in time.

Perhaps you are not getting enough Slack, eh, my English friend?

Say to yourself in the early morning: I shall meet today inquisitive, ungrateful, violent, treacherous, envious, uncharitable men. All these things have

bad predicament (1.80 / 5) (#42)
by 2400n81 on Fri May 11, 2001 at 04:26:12 AM EST

UKians might give us a hard time about being a rowdy bunch but i think american geeks would be more likely to give that scheme the collective middle finger that is needed here.

...which of course is historically highly effective considering we gave the finger to legislature like the UCITA and the DMCA not to mention to our idiotic USPTO and we still have to deal with them.

Passed before dissolution (4.00 / 1) (#44)
by moscow on Fri May 11, 2001 at 05:29:05 AM EST

I would suggest that the essential reason that there was no attempt to modify this bill was that they wanted to get it passed before they disolve parliament. The govt started with a short list for this year because they knew they would break up early and they have still dropped a heap of legislation. Adjusting the letter of this law to fit its apparent spirit would have taken too long, and with their huge majority in parliament it was always as good as made anyway.

Bad style by the govn't, isn't it (2.50 / 4) (#46)
by Highlander on Fri May 11, 2001 at 07:16:04 AM EST

Forgive me for duplicating, but I myself do rarely read non-toplevel comments

It is always better style to support your argument with the nazi card, AFAI concerns me.

But he is correct in the analogy, because the nazi state required you to prove that you are a human, (in a way - don't flame me because of the strong word),
i.e. as not jewish.

I think laws of this kind are stupid. The right way would be to open up the police records, and have the police records track offenses which make you uneligible for certain, e.g. security related tasks.

The police record is already used, and it does not punish the law-abiding people by forcing them to waste their time acquiring a license.

Of course, you can contest that there should be police records at all, but please read my point above that shows that even more is wrong with laws like that.

Moderation in moderation is a good thing.

Cryptome coverage (4.00 / 1) (#63)
by zavyman on Sat May 12, 2001 at 10:01:29 PM EST

Cryptome has already been covering this issue, although not so explicitly that I knew what was going on right away.

From Licencing of IT security consultants revisited:

Where do we now stand on the licencing of IT security consultants and practitioners given that the Home Secretary has refused to exempt them explicitly from the Private Security Industry Bill?

... Could it be that Straw has it in mind to make it compulsory for all IT security consultants to be accredited by CESG before they can work in this field? If so, how might this affect academic research, practice and publication in this area?

From CISSPs - Do You Know Your Organization?:
From a European (and EU) point of view it would seem more natural to organize and/or establish the Information Security Professional Certification framework in cooperation with an organization which has no "hidden" connections or control from any non-European government agency or intelligence service. The European Union "Echelon" Committee is about to conclude its report on NSA technical eavsedropping on the private lives of European citizens. European IT security professionals must ally themselves to their own nations and European employers, not the computer spymasters of the United States and organizations that are willing to do their bidding.
And finally, cryptome.org has already provided anyone with the skills necessary to download it an International License to Practice IT Security Worldwide. This may or may not be what the UK authorities were looking for, but it appears to work nonetheless.

Good idea, bad way to do it (3.00 / 1) (#65)
by 0xA on Sun May 13, 2001 at 01:16:32 AM EST

I have always thought this was a pretty good idea for some parts of our industry. Security work would really stand out as being one of these roles.

However, I don't think that licensing is the correct approach. It would make a whole load more sense to fold this type of idea into a professional association like doctors, lawyers and engineers all have.

As a matter of fact the Canadian Information Processing Society has something like this, called the ISP certification.

Looks like a good way to do it to me.

System administrator == (Bouncer|Wheel Clamper) | 69 comments (48 topical, 21 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!