askme233 November 2, 2012 8:43 AM

I think this is a great post for this blog. It goes to the heart of a lot of what drives the Security business: the cat and mouse game of rules and loopholes.

It even gets into the way that the security business has evolved from folks cracking/hacking for fun, and then realizing that it can be profitable. It went from from companies trying to secure themselves, to others realizing they can profit off by selling “protection”. In fact the AV companies are just as dependent on the need for the arms race to continue.

In the story, the Insurance companies cleaned up the loophole. What would happen if the AV companies actually sold software that worked against even future attacks? Their business model would end.

What happens when no-one blows up airplanes anymore and move on to other targets? (oh, right, never mind)

Clive Robinson November 2, 2012 9:50 AM

The first part is about getting around the Church’ ban against suicide.

It has been pointed out in the past that the right to terminate your existance at a time and place of your chosing is the ultimate form of freedom or self determination.

In many countries under political preasure from various religious organisations this right was made a crime. Even though in places this is nolonger the case it is usually still a crime to assist somebody in taking their own life.

Thus if you were asked by somebody to help them die, and you told them that the main constituant of the leathal injection (potassium chloride) was easily available in a large food store sold as one of a number of brands of low or reduced sodium salt for cooking etc you would be potentialy commiting a crime. If you also went on to tell them where they could get a suitably sized syringe and needle (cooking equipment shops and most hobby model makers shops) you would be compounding you problems.

However if you were to provide the same information above in a generalised way as can be easily found on web sites like wikipedia et al and with out being specificaly asked or directing it at somebody you knew might be contemplating suicide it is not a crime.

Of course wikipedia etc point out that potasium chloride is just one of three components in the lethal injection, the others being more frequently used for surgical anesthesia because potasium chloride burning up your blood vessels and then hitting your heart and causing it to fail is a very very painful way to die, (and yes there are considerable rumours and some evidence that those performing executions by lethal injection are not giving sufficient anesthesia thus it is a crule and inhumane punishment).

So it’s not just Churches where loopholes exist for suicide but for the law as well.

Norther Realist November 2, 2012 2:23 PM

@askme233 “What would happen if the AV companies actually sold software that worked against even future attacks?”

I think the better questions to ask are “what would happen if Microsoft and other software development companies actually developed and released code that didn’t have security flaws to begin with (or iat least didn;t have the same recurring security flaws)” followed by and “and why aren’t they doing that”.

pointless_hack November 2, 2012 3:57 PM

@Clive Robinson

Doesn’t the (Catholic) Church call that kind of thing ?

Suicide is the reflexive case of murder. Is murder a (lost) freedom? Suicide is not the ultimate freedom.

Rousseau makes the case against murder (and suicide,) without God.

Gaming the system should be about getting an edge!

Eric Black November 2, 2012 4:32 PM

I loved the statement of the Judge in the civil case on the Insurance scheme that “It is a bit ironic for plaintiffs, the life insurance companies, to suggest that they did not know the true nature of contracts that they themselves drafted.”

HAL November 2, 2012 5:00 PM

This account reinforces one thing: those hit by a “loophole” (usually but not always those who created it) invariably don’t see what hit them as a loophole, but as some sort of malfeasance. And they invariably act “outside the system” to go after the purported malfeasors. Certainly they never say “oh well – we messed up, we’ll fix it for next time”.

Look at recent history with IBM vs Neon Systems, or earlier at the very similar IBM vs Stracka et al. The Neon docs cover both cases quite well. IBM sold identical regular and restricted (IBM calls them “specialty”) CPUs to customers, at different prices. IBM operating systems will not dispatch most code on the faster and cheaper restricted engines, and a technical method was found in each case to allow arbitrary stuff to run on them. In the Neon case IBM threatened Neon’s customers and Neon sued (and settled for undisclosed reasons); in the Stracka case IBM contrived to have Stracka arrested for extortion! Fixing the loopholes in the licenses and code was never part of the solution.

ejhuff November 2, 2012 9:11 PM

The reaction of the U.S. Attorney (this is exploitation, identity theft, etc.) is hardly surprising. As shown in quite a few experiments, humans are hard wired to punish perceived unfairness. It’s one of the things that makes the species so successful. Even so, I hope the U.S. loses the case and I hope when those attorneys are dying someone comes along and makes them feel as bad as they made the people they harassed. The insurance companies got what they deserved.

Clive Robinson November 3, 2012 6:11 AM

@ Pointless-hack,

First off,

Gaming the system should be about getting an edge

I prefere to think of it as “redressing the balance” or “leveling the playing field”. Most often these contracts are set by those who believe “might is right” hence they further believe they have an incontestable right to set the terms and conditions their way. It is their hubris that gives rise to the loopholes and hence the “hammer to crack a nut” response when somebody uses the loophole. In essence their view is “our way or no way”…

And that is the real point the “our way or no way” view of the thug / dictator / enslaver. In their view you have no rights, no self determination, and that irrespective of what harm they are inflicting on you you must suffer it for the pretense of what they say is “the common good”. We know that what is now the Catholic Church used pain and the fear of pain to control people, people who found ways to elevate pain were either eliminated as witches or subsumed into the priest hood, to draw people to the Church. Slow painfull deaths were good for the Church because it focused peoples minds on their impending demise, they went to the Church for relief from their sufferings and this left them susceptable to the mysticism of the Church and ultimately the idea was sown in their heads that they could buy their way into God’s Graces by leaving their worldly wealth to the Church…

Thus they viewed you (and still do) not as an individual with rights and self determination, but as a property to be owned and therefore used, abused and taxed as they saw fit, because they “know” what is right for you. Even at it’s most benign it is the worst form of “paternalistic hypocrisy” and quickly goes on from there through abuse to torture to reach the desired goal of your full suplication.

Their reasoning is the age old political “King Game” of “rule by devine right”, the King claims that either they are the “godhead” or “directly anointed by the godhhead” and that to question their rule is to question the judgment os a devine and all seeing entity and thus your punishment is ultimatly eternal damnation…

Even when people tire of this and chop a Kings head off to prove they are nothing but an impotent individual, the people still need for some reason a hierarchy culminating in a single individual so they create Presidents or other leader of state. On the idea that “somebody has to be in charge”…

As has been observed in the past “people need to be governed” the point being the real meaning of “need” in the statment, it can have two meanings, and actually means in this case “craving” or the “need” of the drug addict for that, that they abuse themselves with. Most people however mistakenly believe it is the other “need” that is like that of a child being given direction to ensure “good behaviour”. Unfortunatly as we know historicaly the chosen method of “direction” is what we now call abuse be it physical or mental.

It is as Bruce has pointed out a game of “hawks and doves”, in our society those hawks who appear as doves generaly become the “chosen” leaders. Thus we see the reality of two old sayings “a wolf in sheeps clothing” and “lone wolf”, the wolf is a hawk who preys on doves either covertly in the disguise of a sheep/dove or overtly as a wolf in either case the wolf is generaly a sociopath / psychopath.

And this point about actual leaders (as opposed to visable puppet leaders) being psychopaths is not lost on sociologists, in fact there has been research that shows those who “actually run” successful businesses have many of the traits of psychopaths. The only difference between them and those we lockup for crimes against humanity is that they have developed the ability of (faux) social communication we call “charisma” in order to win the bigger prize of immunity from the consequences of their actions.

Oh and the way to control a leader is to identify their “needs” or “cravings” and pander to them. So as the old sayings of “upon a dogs back are fleas to bite him, and upon those fleas are lesser fleas and so ad infinitem” and “the hidden had that pulls the puppets strings”. And this is an important point because some leaders are not actually leaders, they are all “charisma” and lack the actual ability to lead, but they make good puppets to front for those who “actualy run” things as the “hidden hand”.

It does not realy matter what the veneer of the hierarchy is, be it Church, State, Corporation, club or family, the power structure beneath is where the Hawks pray on the Doves, and the Doves come forward to their fate usually as willing suppliants. It only changes when the Hawks become sufficiently oppressive to the Doves, then for a brief time doves become Hawks and remove the head of the hierarchy. The real question for the Hawk is thus how far can they push the attrition rate on the Doves before the Doves turn on them.

But what is the alternative? we are usually told it’s “anarchy” and if we ask what anarchy is we get told it is bad… Likewise with “socialism” or anyother “ism” that people might think of.

However where such “isms” have been tried they fail not because of failings of the Dove like “ism” but because a Hawk comes in amongst the Doves and starts to build power structures with the aim of the Hawk to be the head of the hierarchy they are building, and that is where things develop into chaos as factions form and the “ism” breaks down. It is in effect not “the barbarians at the gate” that bring an Empire down but those within, their continual in fighting weakens the Empire such that the Barbarias can just walk in.

The scare stories about “isms” are told by those Hawks that want to keep the Doves in line meakly accepting the fate the Hawks have for them. George Orwell and others realised this and he wrote 1984 (whilst resident at the bottom of Pond St Hampstead London) as a warning to Doves of what to look out for, unfortunatly the Hawks appear to use it for a “best practice guide”.

pointless_hack November 3, 2012 9:43 AM

@Clive Robinson

I am not aware that Rousseau argued the psychological need for God/Govt.

jon November 4, 2012 8:36 PM

I’m feeling a little amoral after hearing the story of Joe Caramadre — because I really don’t see why anyone would feel bad about profiting from the deaths of terminally ill people. People he paid quite handsomely for their signatures, and who knew exactly what he was doing and didn’t mind. He didn’t pressure them and he wasn’t ripping them off.

Of course, ripping off insurance companies is morally wrong but (as they said in the story) it is below many people’s guilt thresholds.

paul November 5, 2012 12:37 PM

jon: is it ripping someone off to make them abide by the letter of a contract they themselves have offered? I can see how it’s wrong (and possibly criminal) to induce them to sign a contract whose wording you control, where you know something about that wording that they don’t. But when the other party — particularly a sophisticated one such as an insurance company — controls the contract, it seems wrong to insist that they should get a do-over whenever they screw up.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.