Slashdot Mirror

← Back to Stories (view on slashdot.org)

SSSCA Hearings Postponed Under Heavy Opposition

Posted by Hemos on from the get-out-and-write dept.

Concerned Citizen writes "Both the EFF and WIAFLW are reporting that the "Senate Commerce Committee's hearings on the Security Systems Standards and Certification Act (SSSCA or DMCA-2) which had been originally schedule for today (Oct. 25, 2001) have been postponed due to mounting opposition, particularly from those in the tech community." Senator Fritz Hollings has yet to reschedule a hearing (it's likely that he won't), and has also indicated that he would consider modifying the bill."

5 of 219 comments (clear)

  1. Difference between the land of the free and USSR ? by MosesJones · · Score: 3, Insightful


    Not looking that much, while this bill has been buried it does appear that where the USSR wanted the state to control everything the US wants large companies to control everything. The end result is similar with the average Joe or Joeski having zero power and rights.

    Keep vigalent for your freedoms, or slowly they will disappear.

    --
    An Eye for an Eye will make the whole world blind - Gandhi
  2. Certification by pieterh · · Score: 4, Insightful

    Let's face it. Within a few years the profession of 'programmer' will be protected by law, and any practicing programmer will have to be certified by a recognised educational establishment and/or Microsoft. Programming for fun will be allowed only for personal reasons. Any software intended for commercial use will have to confirm to the appropriate certification act.
    If this sounds outlandish, think about how we construct buildings. Why should software developers be treated differently than architects and engineers?
    (This is a leading question, but one I think will be asked by parties seeking to regulate the IT domain).

    --
    My blog
    1. Re:Certification by Masem · · Score: 4, Interesting
      Most engineering professionals can take what is known as a Professional Engineering exam; this is equivalent to the bar for lawyers or AMA certification for doctors. The test is typically done in two parts, one that you can take right after college, and the other after 5 years of 'practical' experience in the field. The first test is very general, covering all fields of engineering (fluid dynamics, chemistry, physics, mathematics, statistics, statics, etc), but the scores are weighted based on your profession; a mechanical engineer probably doesn't need to know much chemistry or statistics, but better dang well be up to speed on statics and the like. If you pass this test, you are "an Engineer in Training" (thus, this is typcially the EIT test). The second part is much more open ended and typically geared towards your profession. Passing this grants you the Professional Engineer title. (that's why you'll see P.E. after some names).

      Now, the rules vary from state to state, but in most cases, you have to be a PE to design any facility, structure, or whatever that is larger than a small room, in where there may be possible issues with the public safety. Thus, you'd obviously want bridges done by mech e's, chemical plants by chem e's, etc. The idea is that the PE certification of the design ensures that the public safety has been met to a certain degree.

      While this idea is great and all , there are currently major problems due to the state-by-state nature of it. For example, just like with bar tests, you need to be recertified in a new state if you move. Another problem is that because of how some aspects are designed, there's a lot of overlap of displines, and some state rules force the weaker displine to have more effect. In CA for example, in designing a chemical plant, you'll typically have a Mech E., Chem E., and Civil E. all working together on the design. However, current law states that only a Mech E's can certify the plant design; thus, the mech E can add, say, a hugh vat of sulfuric acid (a highly toxic safety hazard) for no reason, and yet could get the plans certified by him with no input from the Chem. E. In effect, the PE certification of chemical engineers is worthless in CA. There's a large number of industrial Chem E's fighting these types of rules to make it better.

      Will Computer Engineers need to be certified? I would that those that are designing systems that pose potental harm to the public good, such as air traffic control systems, medical systems, water and power plans controls, should have some sort of certification, but in conjunction with those that would normally work on those projects as well. However, for the end-user's casual programs, including Windows, office software, browsering, servers, etc, it's unnecessary because those items pose very little *direct* harm to the public. (Do note that even Microsoft signs off on libilities for malfunctions of their software, and says that it shouldn't even been used in critical situations as listed above).

      Of course, the other question is that where do you draw the line at what 'programming' is. Is writing a Visual Basic script programming? Is JavaScript programming? These are all tools that cannot be easily controlled as too many users use them already. So trying to limit all programming is near impossible. But certainly regulating and certifying programs that run the public infrastructure and those that write them is a good step.

      --
      "Pinky, you've left the lens cap of your mind on again." - P&TB
      "I can see my house from here!" - ST:
  3. Re:Corporate America steps up to the plate by opkool · · Score: 3, Interesting

    Excellent news... looks like
    a) the big boys (corps) have come in and had a word in their ear, or
    b) all your letters and lobbying of representatives has worked... I'm with the former :)

    I would add another possibility:

    c) All the librarians through the ALA have, as always, raised their common voices against a law that offends Freedom of Speech and the Right to Knowledge..

    Yes, librarians are a long-time deffenders of our rights. Just check who is against DMCA, filters in internet access (CIPA) and other pitifull, rights-basher laws.

    So next time you go to a library to check p0rn from a free computer, please be quiet. That lady with funny glasses that "Shssss!"'s you all the time is on your side. on the Freedom side.

  4. Re:An interesting thought, but it won't happen by dcavanaugh · · Score: 3, Informative
    Although Congress will surely talk about things like this, it will not happen for a wide variety of reasons. For starters, there will always be an overwhelming tendency for employers (who rarely understand IT) to cut corners and save money by hiring "uncertified/unlicensed/unofficial" people. If they have to give these people unconventional titles, no problem. "Joe is not a programmer, he's a binary-cyber-document-specialist!"

    In ancient times, there were hiring freezes directed specifically at IT departments. As a workaround, the non-IT departments would build their own "renegade" IT capability, using non-IT job titles to keep everything under the radar. The concept of using stealth techniques to avoid corporate policy can be applied to hardware, networks, software, and people. Some of these same techniques would be used to work around whatever dumb laws we might be stuck with.

    IT is a very cyclical industry. When the job market is lousy, employers can require a Master's degree for an entry-level programmer and make it stick. When the job market is hot, the same employers will pay premium salaries and resort to door-to-door begging in pursuit of college dropouts.

    We treat IT people diffently from architects, engineers (or even electricians), because when engineers make mistakes, people die. When IT people make mistakes, they call it Microsoft.

    Any attempt to regulate the software development industry will fail because of...

    1. Non-US people who will be unaffected. Linus will go back to Finland, laughing all the way.
    2. European or Asian countries who will capitialize on the opportunity we hand them (instead of protecting the people who bought the Disney Congress)
    3. The implications of supply and demand on a hot IT job market or the demand for "the latest" software innovation. Right now, the market is lousy for both, but it won't stay that way forever.
    4. The "without warranty" nature of the software industry (fear of product liability). If companies won't warranty the code, who is going to warranty the imperfect people who make the code? The logical conclusion of a "regulated" IT industry is "accountability". Does that mean malpractice insurance for programmers and/or their employers? They need a sign in Congress that says "Don't feed the lawyers".
    5. Added cost. If employers are willing to import H1B workers, do you think they might be interested in downloading low-cost "uncertified" software from overseas? You bet.

    They could try certifying the products instead of the people, but that will fail also. What would they do about the billions of lines of "uncertified" code already out there? Grandfather it? How does anyone know the difference between that code and new, uncertified code?

    When Congress talks about regulating the industry, employers who fear higher costs will scream loudly and defeat the legislation. Any initiative that threatens to reduce the supply of cheap programmers or raise the cost of software development will never see the light of day. Not even Sen. Hollings would try a stunt like this.