Here's the problem, you can argue this back and forth all day long and say this is good and this is bad, etc., but what is really at the heart of the matter?

First let me ask/state the obvious: CL has adopted this present security system primarily as a means to regulate access control of their software. I think we could all agree on this.

Next, let me ask, (again the obvious): Why has CL decided access control of their software is needed? A no brainier. Apparently they have experienced loss of revenue due to theft and/or illegal use of their product and have decided to do something to curtail it.

Alright, now for the sixty-four dollar question. Who is CL at risk from? The persons who purchases and legally uses their software? Again a no brainier. Obviously, the risk (to them) are the folks making illegal use of their software.

Does this present security system effectively address that risk? If the answer is yes, than it meets one of the basic requirement of any good access control system. There are some other basic requirements it should meet as well, but this one is most crucial. If the answer is no, then CL needs to scrap this and find an effective countermeasure to employ.

True, it is sometimes necessary, when incorporating protective measures, to place some level of inconvenience or restriction upon the otherwise honest and law abiding. However, there is all to often the tendency to make this the first (and sometimes only) line of defense because it is easier to regulate the honest guy rather than target the law breaker who refuses to cooperate. This is bad policy. A good security measure should always have a direct impact on the target it is meant to address and not just impact on in the environment in general.

Okay, agreed, sometimes ease of implementation is a real world necessity. So the good guys and gals get called in to help shoulder the burden. A pain, but a necessity. However, when a security measure is implemented but fails to effectively solve or address the problem for which it is created, it places an increased and undue burden on the people (who are not the problem and who are expected- actually needed - to help maintain a desired level of security), the countermeasure should be done away with. It is ineffective and damaging to morale. It is bad policy. It makes for lousy feelings. And lousy feelings can make for lousy behavior - in even otherwise good people.

There are many reasons why people and companies adopt this "regulate the good guy" mindset when creating security control measures. Most of the time it stems from either ignorance or laziness - or both.

The issue at hand is simple loss prevention. That equates to Dollars and Common Sense. The question to ask: What does CL stand to gain by implementing the countermeasure and what does CL stand to lose by implementing the countermeasures? Weighed in the balance, on one side of the scale we have loss of revenue, via theft of product. On the other side we have loss of revenue, via customer boycott and loss of good consumer morale as a result of an unpopular new access control measures. How does this balance out in real Dollars and Common Sense? Because in the end that is what it is all about.

If good sales can be maintained and the new countermeasures effectively curbs a sizeable portion of the loss of product as experienced in the past, than the countermeasure is ultimately a sound one - regardless of whether or not it is a popular one. If, however, higher total loss occurs (because of changes made to either side of the balance) due to the implementation of these measures, the measures should be abandoned and a new system found. Robbing Peter to pay Paul is bad policy. So is snubbing your loyal consumer to spite the criminal, particularly when the criminal is laughing and giving you the finger and continuing to do exactly as he/she was before.

Well, I am not getting paid for my two-cents at the moment, and since this is what I do for a living I will shut up now. Hopefully, CL will address the Dollars and Good Sense of the issue and chose the most prudent course of action to ensure the continued success of Poser.

In the meantime, we can do our part to continue to voice our concerns and to not let business run rough shod over us and infringe on our rights in an effort to protect their own. Both sides have to stand up for their rights. One side will not do it for the other. Achieving the right balance can be a tricky thing and sometimes it comes about via trial and error and a lot of shouting and screaming. :O)

Also, let's not forget the real root of the problem, and that is the criminal behavior that has lead up to the need for this sort of security measures. It is an old saying, but a true one. You can be part of the problem, or part of the solution. So much of what goes on in any social order depends on you and how committed you are to doing what you know to be right, even in the face of adversity. Drop the ball and the other side will score. Sit on the sideline, watch and do nothing, and you are not even in the game.

Cheers,