This is a truism. The attempt to make law enforcement's job easier makes everyone less secure. For example, requiring government sponsored back doors in your favorite operating system or router or cell phone, in order, say, to facilitate court ordered wiretapping, makes all such device vulnerable to anyone and everyone who has any interest or desire in compromising those devices for their own purposes. A report from the Guardian exposes how "cyber-crime" laws are now actually criminalizing the work of security researchers!
Excerpt:
Some of the world’s best-known security researchers claim to have
been threatened with indictment over their efforts to find
vulnerabilities in internet infrastructure, amid fears American computer
hacking laws are perversely making the web less safe to surf.
Many
in the security industry have expressed grave concerns around the
application of the US Computer Fraud and Abuse Act (CFAA), complaining
law enforcement and lawyers have wielded it aggressively at anyone
looking for vulnerabilities in the internet, criminalising work that’s
largely benign.
They have also argued the law carries overly severe punishments, is too vague and does not consider context, only the action.
HD
Moore, creator of the ethical hacking tool Metasploit and chief
research officer of security consultancy Rapid7, told the Guardian he
had been warned by US law enforcement last year over a scanning project called Critical.IO,
which he started in 2012. The initiative sought to find widespread
vulnerabilities using automated computer programs to uncover the
weaknesses across the entire internet.
No comments:
Post a Comment