[OSM-legal-talk] Threat assessment
Jochen Topf
jochen at remote.org
Tue Jan 8 08:38:38 GMT 2008
One thing that is always alluded to and never really thought through is
"the bad guys might take the data and put restrictions on it".
One thing that seems to be missing in this whole legal debate is what
security engineers call a threat assessment. Before I decide what security
measures I need, I have to look at possible attackers and what means they
would probably have. Otherwise I spend an inordinate amount of effort to
secure my toy chest from the CIA or not enough effort to secure my military
secrets against attackers with the resources of a nation state. And nobody
would secure a toy chest with so much security that it is too hard to use!
Translated to our case this means we have to ask questions like:
* What exactly do *we* want to do with our data?
* What do we fear that somebody else might do?
* How can we prevent him from doing that?
* Do the proposed restrictions actually prevent what we are trying to
prevent? More? Less?
* Would the prevention of bad things also prevent us or others from doing
good things?
* Are the restrictions imposed proportional to the threat?
With the CC license we have basically said: We don't want to think about
this, we just do something similar to what has been good for Free Software
and Wikipedia. But Geodata is different. So there might be different
outcomes, if we think about that. (Maybe somebody has, then please point
me to an URL.)
Jochen
--
Jochen Topf jochen at remote.org http://www.remote.org/jochen/ +49-721-388298
More information about the legal-talk
mailing list