This is a reply to Margot MacNutt’s original article.
Basically you have the Australian courts who want to place the onus on the shoulders of end-users. Others want to put the responsibility on Operating System or Application vendors due to their security holes. Finally, you have the Mail System operators or Network connectivity providers (ISPs) who don’t take sufficient measures to combat open relays or botnets where infected machines act like SMTP proxies.
And then there are those who really don’t want to regulate the Internet too heavily. If you start regulating the Internet, it means you need some sort of enforcement agency, and then you go down the slippery slope of national and trans-national jurisdictions and all the overhead, red-tape, and shenanigans that can go with all of that.
I wonder if we could instead borrow from the HAM Radio world to regulate the deployment of mail servers and networks.
Here’s the basic idea: to obtain a HAM license, operators must pass certain tests to ensure they have knowledge of the laws, operations and mechanics of operating HAM radios. Once the person has proven he/she knows how things work, and what can and cannot be done (best practices, if you will), only then is the new operator allowed to broadcast.
Couldn’t we borrow from this idea?
HAM radio operators worldwide – and the laws that regulate them – are not homogenous, but the system seems to work by and large. If a HAM starts to do unethical things, he will eventually be kicked off the airwaves. For the most part, HAMs are self-regulated.
Why couldn’t this idea be applied to the safe and proper operation of mail servers and networks? It’s not an ideal situation, but I feel it could provide a proper balance between a regulatory monster and self-regulation. And it seems to work!
Couldn’t this be extended to Email/Network security?
Leave a Comment