Slashdot Mirror
Watch For A New Set Of CyberSecurity Laws
SuperDuG writes "According to a story on PCWorld.com the Congressional subcommittee dealing with cybersecurity will be researching and legislating new cybersecurity laws. The Chair, Adam Putnam says 'We want to put something out there that makes sense, that's balanced, that accomplishes the same goals, without it being this headlong rush to prove that we're doing something for our constituents because we were asleep at the switch when there was this digital Pearl Harbor.' Perhaps it wouldn't hurt if we all took a part and Contacted Representative Putnam about how well thought out other cybersecurity laws like the DMCA have 'helped out' and were 'thought out.' At least they're actually thinking before they legislate, and it seems they're open for suggestions."
It might als be benificial to mention to Representative Putnam that it possible to protect individual rights as well as corperate rights, seems that capitol hill forgets that sometimes.
I tell ya what, if we all make our voices heard by hitting that contact button the intern that reads those messages is going to start to get the hint and might actually let putnam know, I mean it takes 30 seconds ...
Ignore the "p2p is theft" trolls, they're just uninformed
An interesting idea in theory, but delivering *100%* secure software -- at least on the grand scale of operating systems -- is a practical impossibility. Even OpenBSD, arguably the most secure operating system out there, has had at least one large remote hole in the last few years. A law like this would have the effect of practically halting software advances in this country, unfortunately.
There is no "Department of Defence" in the United States (or is that the United Statec, using your spelling ...erm cpelling?)
Politicans already overuse Pearl Harbor in situations where it is actually relevant, such as national defence. It's used for a catch phrase to mean if we let down our guard, we will be overwhelmed at any moment. It's a way to not explain exactly what they mean, which serves them well because the situation in intelligence gathering and warfare now is so different than it was in 1941.
So even using it in that context is a bit of a "Bavarian Fire Drill". Using the threat of a hacking attack and associating it with Pearl Harbor is even sillier. If this country faces a bad hacking attack, or major attempt on our internet infrastructure, what will it mean? I'll have to sklp read people's Live Journals for a few days? Some web pages will get defaces? Some banks records will get broken into? e-Mail will get choked with wormed messages? None of these things are very pleasent, but I don't think we will see a cyber attack that leaves thousands dead and billions of property smoking and burnt. In fact, I think comparing the effects of some "lost productivity" to an event like Pearl Harbor is somewhat tasteless.
Hopefully I didn't put any [] around my words.
we were asleep at the switch when there was this digital Pearl Harbor
Riiight, and passing a law through congress that made it illegal for Japan to attack the US would have stopped Japan how exactly?
New laws are not required, everything that should be illegal is under current law. Laws do not stop terrorists or foreign governments from attacking. It won't even stop ordinary people from attacking.
-- iCEBaLM
How can they compare the attacking of some computer systems to an attack that left 2,300 people dead?
Karma: Can only be portioned out by the Cosmos.
Once upon a time a messenger service discovered that by having all their messengers wear rocket powered roller skates they could deliver things in record time, beating their competitors into the dust. Soon every messenger service relied on rocket powered roller skates, the original company went broke and a few larger companies dominated the delivery business. People hardly shopped or went to the bank any more. Everything was handled by messengers wearing rocket powered roller skates. Commerce doubled and the economy briefly soared.
Then some asshole discovered that by dropping pencils on the sidewalk you could cause spectacular crashes. Packages were lost, messengers and pedstrians were killed, and commerce was interrupted. All manner of security precautions were invented. Radar-equipped skates appeared. The sidewalk hackers used hair-fine tripwires. Police and private guards patrolled the streets. The hackers went through the sewer system.
Congress passed some laws making it a crime to possess anything that could be placed on a sidewalk to trip up a rocket powered roller skater. Civil libertarians were outraged, but what else could be done?
Doing away with rocket powered roller skates was unthinkable, because everything would go back to being unbearably slow. Banning non-messengers from the sidewalk was similarly unthinkable. Building special secure sidewalks just for rocket powered roller skaters would be too expensive. The whole beauty of rocket powered roller skates was that they could use existing sidewalks.
The real problem was that the messenger companies had all jumped into relying on rocket powered roller skates without anticipating their weaknesses. They never really came up with a solution, just ways to stay one step behind the problem. But who could blame them? They had to stay competetive. It was always the hackers' fault. Maybe if enough of them got thrown into prison they would learn their lesson. If ordinary people had to live their lives differently, well... they were the ones who insisted on fast deliveries weren't they? The industry was just responding to demand.
Eventually ordinary people just didn't use the sidewalk anymore. It would expose them to too much danger and litigation. For all their communications and physical needs they relied exclusively on messengers on rocket powered roller skates, never leaving their homes. And they lived happily ever after.
I've put some thought into that statement "digital pearl harbor". Most people equate "cyberterror" with the idea that a terrorist might shut down a power grid, phone system, etc.
But we've had examples in the past of the power grid going down on a large scale (most of the northeastern US, including NYC, something like 30 years ago) and significant problems with the phone system (AT&T Long Distance outage). Both were thought to be malicious acts (the Russians and "the bomb" were initially accused of the power problems, hackers the AT&T outage) at first. But both were actually caused by bugs/glitches in the systems themselves, and were resolved shortly thereafter.
These two examples seem consistent with Bruce Schneir's explanation of how such outages are only temporary, and how its much easier for a terrorist to bomb a power plant or phone switching station rather than hack into it.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Who cares? We're both screwed anyway. In Canada, you'd better be mortally threatened if you want treatment today. In America, you'd better have insurance or we're going to ship you down to the county hospital and hope you don't die en route.
Why did Kevorkian go to jail for euthanasia? Our HMO's have been letting people die for decades.
What's the threshhold before the FBI will even get involved? $10000 in material damages? Even if you do all the legwork, and all they have to do is walk down the street and present the papers, they won't.
If the current laws were enforced, it would act as a deterrant, and give us some idea of the efficiency of current laws, and what sort of changes should be made to them. Any new laws would simply be theoretical in their benefit to society - we haven't done any "applied research" - ie, finding out what can be enforced, what can't, and what crimes are most damaging. Most of the cases that would give us that information don't make it to court.
Oh yeah, you mean like the gun registry that has ended up costing at least over 5 times the original estimate and that likes to "crash" and lose a few days' worth of applications when it's overloaded? Or maybe like the government's promise to eliminate child poverty by the year 2000, with the result being that child poverty is higher now than in 1993?
Security has to be designed in from day one, not retrofitted on to an insecure system.
What's needed is the financial and legal motivation to design, build and deploy secure systems.
Mea navis aericumbens anguillis abundat
So, I write code for my redhat system, or ms system that is basically the equiv of netcat - listen on a port and run whatever commands come in as root (hell...use netcat or somehow use what comes with the system to do the same thing). Or find . -type f -exec 'chown root:root {};chmod +S {}' \;
Then who is to blame? I've just used the OS but not in a way it was intended.
Reminds me too much of suing gun makers for misuse by someone else.
since the internet is not breaking down international barras it will need laws of some sort.
Why do you think the internet needs special laws?
If someone comits fraud on the internet, is it not fraud?
If someone publishes unchecked and untrue slander about someone on the internet, is it not slander?
Someone stealing credit card info is breaking the law whether or not they use a computer to do it.
Invasion of privacy is invasion of privacy whether it is an illegal wiretap, an x10 camera, or a peeping tom. Monitoring my email should be considered the same. And I'd be willing to go to court to make that point, Patriot Act or no.
Most any crime you can imagine that occurs on the internet has a real world counterpart. If a person defrauds 10,000 people using the internet, they should face 10,000 counts of fraud. How else would you do it. Does the magic word internet somehow change the nature of the act? The real world has more than enough laws to cover most immoral acts, and some that are not immoral. Let the standing "real world" laws govern the net. Let the courts ague out the questions of jurisdiction as they did for mail crimes and telephone crimes.
Lets not start asking for new law without real cause for it. Inflammatory language like "Digital Pearl Harbor" is just designed to rile up the voters, and new internet laws will just make money for some lawyers (read: Bleak House)
Treaties between countries about tracking down and prosecuting the lawbreakers make sense, but laws pertaining to "internet crime" do not. We already have laws to prosecute criminals, no matter what medium they use to comit them.
Read, L
Look, you show me one remarkable scientific advance that came from outside Christendom. One. Go on. Have at it.
Stonehenge showed a remarkable knowledge of astronomy. The Chinese were able to predict eclipses and invented gunpowder. Einstein, an atheist, was one of the most remarkable minds in recent history. Charles Darwin advanced our understanding of evolution, and he was, at best, agnostic. Thomas Edison, while not a pure scientist, was a great inventor and an atheist. Isaac Asimov, Stephen Hawking, and Benjamin Franklin are all either agnostic or atheist.
Your problem is that you mistake wealth and religion. How many scientific advances have come from areas converted to Christianity by missionaries? Have you seen a lot of great scientific work suddenly coming from Christians in poor South American countries?
Science comes from the educated and education comes from wealth. Had Europe and North American been primarily Buddhist, Hindu, Muslim, some other faith, or atheist, their contribution to science would have been the same.