Truth About Computer Security Hysteria
Did mi2g commit plagiarism?Rob Rosenberger, Vmyths co-founder
Thursday, 11 March 2004
I'LL BEGIN BY citing from the Kansas City Star's code of ethics. "Do not borrow the work of others. Plagiarism includes the wholesale lifting of someone else's writing, research or original concepts without attribution."
mi2g's report lifted from F-Secure's blog, and they failed to cite F-Secure's blog as a source.
You'll notice I cited the Kansas City Star. You'll also notice I quoted them. And since we're on the topic...
[Name deleted] (apparently still) works for mi2g. Mikko Hypponen works for F-Secure. And it looks like [name deleted] did some wholesale lifting of Mikko's research. You can see it when you compare Mikko's weblog 3/9/04 @ 1300 with mi2g's report. If you study the two texts, you'll notice such amazing similarities as:
It seems obvious mi2g's report lifted portions from F-Secure's blog, and they failed to cite F-Secure's blog as a source. But did an mi2g employee commit plagiarism?
I honestly don't know the answer. I don't want to sound sarcastic, but — the computer security industry treats "plagiarism" like the military treats "collateral damage." It's a necessary evil. Indeed, even the FBI routinely plagiarized the work of others in their valiant quest to stop cyber-crime. Fully two years ago I wrote:
The antivirus industry as a whole doesn't like to disclose their public reference sources. Rationalization comes in many forms: they don't want to give virus authors credit for their contributions, or they consider public data a proprietary resource, or... You get the hint. Ironically, these same experts would flunk out of a college writing course if they refused to cite public sources of information. I don't really know what the antivirus industry calls it, but the academic world calls it "plagiarism."
Many computer security experts believe they're granted "special dispensation" to do things that may seem unethical to the rest of society. Not only can they plagiarize, they can also lie. Like I said: it's a necessary evil.
Did F-Secure grant special dispensation to mi2g? No. I know this because Mikko approached me about it. (Credit where due: a reporter brought it to my attention first but he decided not to pursue the story.) And how do we know [name deleted] may be involved? Well, Mikko investigated F-Secure's website logs, then he used Google as a research tool, and ... you can guess the rest.
Okay, so we know mi2g didn't get special dispensation from F-Secure Maybe they got it from the FBI?
"The more I strive for [accuracy], the more I get critiqued for minor things," I repeatedly gripe. "On the other hand, mi2g can get away with all sorts of wild claims because they don't strive for accuracy." A dichotomy forms because mi2g seeks the shallow masses whereas Vmyths seeks the enlightened minority.
Our readers hold us to a higher-than-average standard; uncaring reporters hold mi2g to a lower-than-average standard. My self esteem can still live with it.
[Credit where due: I plagiarized the "special dispensation" line from Shirley MacLaine.]