Every week seems to bring a new hacking story, so it’s perhaps no surprise that the knee-jerk reaction is to take the fight directly to the hackers. By making the penalties tougher, by expanding the scope of federal anti-hacking statutes and making it easier to prosecute wrongdoers, it’ll convince hackers that it’s just not worth the risk, right?
But simply toughening the laws on hackers by extending their scope and reach or extending prison sentences is not going to help catch the real hackers — the criminalized, anonymous hackers who operate in places such as China. Instead, they’re more likely to ensnare the likes of hacktivist heroes such as Aaron Swartz.
Getting tough on hackers by extending the definition of what a hacker is would theoretically mean that people who even so much as retweet or click on a link with unauthorized information could be committing a felony. Moreover, the white hat hackers (the “good guys”) could be ensnared as well, because their work, at its core, is indistinguishable from that of the black hat hackers (the “bad guys”).
And that could have a chilling effect on innovation.
Laws and regulations can’t keep up with the pace of technological change and end up either prosecuting the wrong people or prosecuting the right people, but on charges that far exceed the scope of the crime. Consider that the current anti-hacking federal statute, the Computer Fraud and Abuse Act (CFAA), was enacted in 1986, well before most politicians had ever heard of the Internet.
As a result, you get odd rulings where it’s obvious the law hasn’t kept up with the technology.
If tough hacking laws had been around 20 years ago, it might have stopped Google from launching its method of indexing Web pages or Apple from launching many of its innovative consumer gadgets.
And there’s another reason why tougher laws on hacking would have a chilling effect on innovation, and that’s because it would not require corporations to do more on their end to correct fatal security flaws before they are found by hackers. As we already know from experience, the last thing corporations want to do is to add an extra cost layer to their products by taking action to correct security flaws — even when they know the potential implications of a major security breach. If they know that the law will make it easier to recoup damages from hackers, they could have fewer incentives to find all possible security flaws.
In the case of Ashley Madison, the company didn’t even bother to encrypt the underlying data, which means that once a hacker got into the company, it was a simple task of scooping up names, addresses and credit card information. You could argue that the hackers who broke into Ashley Madison are criminals, but you could just as easily argue that the company was criminally negligent in allowing the security breach to happen in the first place.
If anything, the race to punish similar types of hackers would encourage corporations to deepen their intelligence and security sharing with one another and the government, and that means, you guessed it, even more security surveillance on the Internet. And the more that the tech sector becomes infected with a security surveillance mind-set, the worse it is for innovation.
To see how all this might play out, consider President Barack Obama’s proposed crackdown on hacking, first announced during the State of the Union after the high-profile hacking case of Sony Pictures. The proposals, as the Electronic Frontier Foundation pointed out in January, is a “mishmash of old, outdated policy solutions.” The concern is that overzealous application of new laws could be used to prosecute hackers for anything as minor as violating the terms of service of a Web site.
In many ways, the U.S. crackdown on hackers is our new war on drugs. Just as the U.S. sought to win the “war on drugs” by adding aggressive charges and excessive punishment to round up all the drug dealers, it’s now trying to win the “war on hackers” by stiffening up the federal anti-hacking statutes to round up all the hackers. By toughening the laws on hacking, you might catch the Internet equivalent of all the low-level drug dealers and mules, but it won’t get to the core of the problem — the high-level, anonymous kingpins who live beyond our borders.
And just as massively criminalizing the war on drugs led to a spike in prison terms and a negative economic drag on society, we could see the same thing with tech culture. Any coder, hacker or technology activist would be at risk of running afoul of the government and its stepped-up campaign against hackers.
Maybe tougher hacker laws will scare off the youngest generation from a life of crime. But it could also scare them off a life of computers, and that would be the greatest shame, because it would shut down the innovation pipeline of the nation. As we’ve seen before with other cyberlegislation, whenever the government thinks it’s doing what’s best for business, it’s not necessarily doing what’s best for innovation.
View the original content and more from this author here: http://ift.tt/1IwWWCz
from hacker samurai http://ift.tt/1IwWTGW
via IFTTT
No comments:
Post a Comment