This one will blow your mind. The retard level of this proposed
law is stratospheric. In countries like France, internet
entrepreneurship has suffered because of lame regulations that are
supposed to protect their citizens from 'unfairness'. One great
example is when Uber started gaining traction in France. Suddenly,
the French Taxi market began to expand, as normal people were using
Uber to make some money giving rides. The French bureaucracies did
not like that, claiming that it was 'unfair to licensed Taxi drivers'
who are trying to make a living. Rather than let capitalism do it's
job (which would have forced the Taxi companies to innovate or lower
they're rates), they just banned apps like Uber. So it's no wonder
that none of the Google's and Apple's of the world are French.
Innovating in a place like that would be impossible. I suppose this
is one reason why so many people have come to America seeking better
lives, because here in America, whoever does the best job wins. We
know that when government interferes with business, it's usually a
very bad thing. Of course there are times when regulations are
necessary, but those occasions are rare, and when they do occur, the
will of the people is usually taken into consideration.
When the world found out that the NSA was stealing the entire
world's meta-data, business in tech industries suffered. Hell, even I
stopped doing business with American cloud computing service
providers, and switched to overseas providers instead. That's the way
of the universe, and the way of capitalism. Edward Snowden once said
that the British intelligence agencies are worse than the NSA,
and that Great Britain is the most surveyed state in the world. I
guess it's not surprising that I can't think of one British tech
company that is doing well either.
Today I found out that the United States intends to classify
software with surveillance capabilities as weapons, and to
place export restrictions of such software, so that it is illegal to
'export' such software to anywhere but Canada. These proposed
regulations are completely ridiculous, and if they become law, than
it will seriously stall research and development in the computer
security field. Here is the summary of the proposal:
"The Bureau of Industry and Security (BIS) proposes to
implement the agreements by the Wassenaar Arrangement (WA) at
the Plenary meeting in December 2013 with regard to systems,
equipment or components specially designed for the generation,
operation or delivery of, or communication with, intrusion software;
software specially designed or modified for the development or
production of such systems, equipment or components; software
specially designed for the generation, operation or delivery of, or
communication with, intrusion software; technology required
for the development of intrusion software;
Internet Protoco (IP) network communications surveillance systems or
equipment and test, inspection, production equipment, specially
designed components therefor, and developmen and production
software and technology therefor.
BIS proposes a license requirement for the export, reexport, or
transfer (in-country) of these cybersecurity items to all
destinations, except Canada.Although these cybersecurity capabilities
were not previously designated for export control, many of these
items have been controlled for their “information security”
functionality, including encrpytion and cryptanalysis. This rule thus
continues applicable Encryption Items (EI) registration and review
requirements, while setting forth proposed license review policies
and special submission requirements to address the new cybersecurity
controls, including submission of a letter of explanation with regard
to the technical capabilities of the cybersecurity items."
[1]
You can read more about it here.
So basically, the Burea of Industry and Security wants to classify
software with 'intrusive' capabilities as weapons, and wants to
require people to be licensed to export it out the country. This is
definitively somewhere in between the first and tenth worst ideas
I've ever heard. Being a developer myself, I often exchange code and
work with people from all over the world.
This is the way that the open source community works, and a law
like this has the potential to completely destroy the open source
cybersecurity community. Much of the software that we are working on
could definitively be considered to have 'intrusive capabilities'.
This is also how the computing industry works. In order to develop
software to defend yourself from cyber threats, you need to get your
hands dirty and exploit your own network, computer, or programs the
same way that an attack would happen in the real world. If you are
going to do that, than you need access to tools that could be
considered malicious. If we start putting export regulations on that
kind of software, than the open source community will be the first to
suffer. The big businesses will be able to afford the licenses, and
the little guys like me will not. Some of the worst security
vulnerabilities out there were discovered by people overseas, using
software developed here in America. It seems that this law is
designed to fail, and to weaken our cyber security systems. It will
also effectively consolidate the computer security industries into a
few giants, squelching creativity and innovation, and add just one
more roadblock for entrepreneurs in the digital world.
If this becomes law, than in the near future I may not be able to
legally continue exchanging certain code on Github with my friends in
Europe. And who will be in charge of deciding what software is
considered a weapon? How will that process work? I don't even want to
know. A law like this would also create serious headaches for people
that run communities like Github, as they will likely be held
responsible for the content other people upload to their site. So is
Github supposed to block access to certain code with geographic
restrictions? How the hell will that work? Everyone knows that
content censorship attempts are some of the most failed undertakings
in human history.
You don't see laws preventing the exportation of Swiss Army Knives
or rat poison because they have the potential to kill people if used
incorrectly. Ultimately, the way a piece of software or physical
object is used depends completely on what the user chooses to do with
it. Oh, and let's not forget that the biggest surveillance
perpetrators are in fact our governments, and not black hat hackers
in foreign counties.
These laws are currently open for public debate, and I suggest that if this news angered you as it did me, that you submit a comment to BIS explaining what a horrible idea this is. Remember, the government that governs least governs best.
No comments:
Post a Comment