SSSCA Hearing October 25th: Free Software Threatened

A story at NewsForge details the latest on the state of Senator Fritz Hollings' proposed SSSCA, which may be the most radical attempt at legislative oversight over electronic goods ever attempted in the U.S. Opposition from the Electronic Frontier Foundation, the Free Software Foundation, the Association of Computing Machinery and others notwithstanding, Hollings' efforts to impede a free market in computer hardware and software through legislative fiat has been little commented on, in part because Hollings refuses to release much information about it. Eben Moglen is quoted to good effect on the risk a bill officializing and regulating all digital devices would pose to Free software. Under the SSSCA, it would be "unlawful to manufacture, import, offer to the public, provide or otherwise traffic in any interactive digital device that does not include and utilize certified security technologies." And that rules out most Free software, right from the start. (Read on for some more information.)

Besides writing your own representatives (email and faxes are probably better than phone calls), note that according to Hollings' contact page, "South Carolina residents may call, toll free, 1-800-922-8503" to reach him. In addition, the Electronic Privacy Information Center (EPIC) and the Privacy Center will be holding a meeting on "Security or Surveillance? Technology's Impact After September 11" on October 22 at Washington, DC's National Press Club; you can email for details on this meeting.

Be careful in your criticisms

[CmdrTroll]

SSSCA was doomed to fail from the start because it was too far-reaching. Too many monied interests (starting with PC companies and ending with toaster makers) would oppose it on cost grounds alone. It is sponsored by people who keep the details secret, because they know the details don't make sense and people will laugh at them. Let's face it - the Senate is no more prepared to make technical decisions than they are to engineer a new CPU.

As an avid media and software pirate, though, I am deeply concerned that the FSF, the Slashdot community, et al, will focus too much of their attention on SSSCA, and when a more modest measure (such as CPRM) reaches Capitol Hill, the powers that be will view us as naysayers. We need to be careful not to express too much dissent for hopeless measures like the SSSCA, so that we do not stand accused of crying wolf later. Because any hinderance to the free exchange of copyrighted materials hurts us all and strikes another blow to the First Amendment.

-CT

certified security technologies

[perdida]

This law sucks, but don't condemn the effort of the government to establish an acceptable level of security. Has the open source community offered an alternative, partial security solution?

Open Source, and its constituent community, has encountered many political drawbacks in fighting for a free Net of independent, sovereign boxes.

You don't have the money to buy the politicians.

You don't have the political clout to motivate votes away from this.

People, afraid of terrorism, John Ashcroft, and closed profiteers have the money and the votes.

Slashdot and its ilk, unfortunately, have not succeeded in giving free software a moral legitimacy among mainstream intellectuals.

So there is a single choice left- to redefine what open source means.

Open source technology is meant to allow individuals with technical skill to improve software and debate technical means and methods.

The software often has the same purposes as closed source software. Security is one of those purposes.

As /. rightfully proposes, there is no reason why an effective security technology in any application - from the protection of a server to the anonymization of a Net user's free speech, to the protection of confidential information - need have a closed source.

However, the more people have access to the code, the more compromised security technology may be.

This poses a threat to law enforcement, which must combat relatively common hacking knowledge in the society.

Sort of like the homemade anthrax appearing all over the United States and the world, the level of security that hackers encounter when they steal software and music or commit industrial espionage is relatively low-level.

The open source software development community itself must work to make finding security holes harder to master.

There are two ways of doing this. One is to license the knowledge instead of the computers - to make every student of security register and submit to constant surveillance. This is what is done with some military technology, and advanced germ warfare.

Another way is to let the government in on your knowledge - and to allow the government to support an independent agency practicing advanced, superior level of security, watching over the major U.S. systems.

Which do you prefer?

Re:Slashdot headlines circa 2006-2007

[reverius]

Slashdot wouldn't be here in 2007 if this passes... unless they implement the security requirements.

And pay the huge certification fee that you just know there's going to be...

Good luck, free software. You're going to need it.