Fear the Feds Who Fear IT Knowledge

Government security concerns may limit access to technical training.

In our end-of-year discussions about the coming years it issues, someone mentioned government concerns about training in computer security. "The more people take these classes, the more people know how to hack" seems to be a growing concern at No Such Agency and its District of Columbia brethren.

Lets kill this thought before it multiplies. Its offspring might be limits on access to technical training, and that would be a terrible idea.

When people understand how things work, they make better decisions about how to use technology. If you know that your cars parking brake is controlled by a cable attached to the handle between the seats, separate from the brake pedals hydraulics, then you might think of using the former as backup to the latter on the day when your brake pedal sinks to the floor. But I cant teach you that without telling you useful things about how to sabotage a car.

Computer security involves the same dilemma. If you know about resource pools in Windows 9x, youll get in the habit of using just a few browser windows, rather than spawning windows willy-nilly to keep many Web pages open. You may even use a resource monitor to make sure your PC doesnt crash with little warning. Thats one of the simplest, most obvious examples of why even casual users ought to understand ITs underpinnings, even though that knowledge is also the foundation of malicious hacks.

My own school-age sons have seen movies, like "GoldenEye," in which hacking skills are plot elements. With touching confidence, they plead with me to teach them how to break in to systems. I always give them the same answer: "Read my book about PCs, then well talk." That puts the subject to bed for a while. They dont want to learn that much; they just want to know what button they can push that will make things do what they want.

Most malicious mischief makers dont want to work hard enough to learn precision hacking, but it takes an army of skilled developers to avoid creating the loopholes that enable a one-click attack. Lets not make it harder for future defenders to learn their craft.