http://www.perlmonks.org?node_id=361613


in reply to Re: Information sharing
in thread Information sharing

but as a member of humanity the least you can do is not help someone (who looks sketchy, talks sketchy, and acts sketchy) you see trying to bust through a window of with their fists, by pointing out that a brick or a sledge hammer would work better.
But that's not the case here. Imagine if you were a hardware store employee, and someone in the store asked you what would be more useful to break a window, a brick or a sledge hammer -- you'd have no way to know why they wanted the information. You'd just answer them, and that would be the right thing to do -- unless they told you why they wanted it.

Providing the information when unclear about intent is the right thing to do. Making your own choice about providing the information when intent is clear is probably the right thing to do as well.

There are two goals at work here, and they work against each other in a situation like this -- Security, and Information Transfer. Information Transfer is the more important goal, IMHO, but even more important than that is the fact that the intent is the point of failure, the reason that the window's going to get broken isn't because of a recommendation from a hardware store employee. It's because there's a punk looking to break stuff.

Admittedly, once intent becomes clear, this is not an issue any more. When freak indicated this was for Bad Things, then I would agree that it becomes personal choice about the resulting actions.

Even in a court of law, the hardware store employee who sold the vandal the sledge hammer would be untouchable -- UNLESS the intent was communicated, in which case there could be a tenuous concept of conspiracy. (Not that I'm aligning myself with the legal system, just saying that even a courtroom would be hard pressed to say that you're facilitating a crime if you don't know one is going to occur.)



-----------------------
You are what you think.

Replies are listed 'Best First'.
Re^3: Information sharing
by jZed (Prior) on Jun 05, 2004 at 17:24 UTC
    Imagine if you were a hardware store employee, and someone in the store asked you what would be more useful to break a window, a brick or a sledge hammer -- you'd have no way to know why they wanted the information. You'd just answer them, and that would be the right thing to do -- unless they told you why they wanted it.
    Nice analogy, but I don't think it fits the situation. A better one would be someone asking a pharmacist how to make poison. Perhaps the person asking is a researcher studying antidotes. If so, that person would already have some knowledge about poisons. In this case the person asking had little or no knowledge of the dangerous field he was asking about. Should knowledge about poisons be protected by the first amendment, sure. Should people with that knowledge share it when appropriate (assisted suicide?), that's an individual choice based on an individualistic definition of "appropriate". Should they share it with anyone who asks regardless of how much it looks like the person is intending to do harm to self or others with no indication there is a valid reason behind it? Nope.
      Who says that person's going to use it? I've asked plenty of questions in the course of not killing people about things that could kill people. I'm a writer, and I need information about poisons occasionally. Further, that poison (assuming the person didn't ask "How do I make poison?") may have other properties. Asking about sodium doesn't mean you're going to kill someone with it, necessarily.

      Now, you can say that's the exception -- and it may be. Or you can say that "provisions would be made" in an information-restriction strategy to allow special cases like that to get through. Operating in reality, however, will tell you that Special Cases means you have to get a license. On the site, that would equate to being approved for security information by others. I think that's not the kind of thing we'd want.

      You can't gauge appropriate by the question. You can't gauge intent by the question either.

      Should they share it with anyone who asks regardless of how much it looks like the person is intending to do harm to self or others with no indication there is a valid reason behind it?
      Again, I did not say you should encourage destructive acts. I'm saying that if you do not know the intent, then it's your job to ask if you're going to be concerned about how it's used. Even if you ask, you may not find out. You only hope the other person will be honest.

      If freak had the presence of mind necessary to say that he was doing security testing, who would have questioned that? And who's to say that freak isn't just the first illegitimately intentioned person to screw up and be honest? Who's to say that there haven't been plenty of other, less active monks amongst us who might have been a little smarter and a little subtler?

      Who will continue to answer questions related to security issues when they will be held responsible -- even if it's only by their peers and no legal body -- for the questioner's intent? If fewer people answer, where will that knowledge go?



      -----------------------
      You are what you think.

        On the site, that would equate to being approved for security information by others. I think that's not the kind of thing we'd want.
        I agree.
        I'm saying that if you do not know the intent, then it's your job to ask if you're going to be concerned about how it's used.
        I agree.
        Who will continue to answer questions related to security issues when they will be held responsible -- even if it's only by their peers and no legal body -- for the questioner's intent? If fewer people answer, where will that knowledge go?
        Very good questions. I don't think we should feel responsible for knowing the asker's intent. I do think we should feel responsible for trying to find it out when it's in question and to use our best judgement in assessing what we learn. If perlmonks were the only or a major place people got knowledge on security I would be more inclined to support the "answer almost anyone almost any time" approach.