Bad Raps For Non-Hacks

from the no-whistleblowing dept

I’ve said in the past that the DMCA is actually an “anti-whistleblowing” law. While, in the wake of last year’s corporate scandals, the US government claims they’re doing everything possible to encourage whistleblowing, the DMCA law’s “anti-circumvention” clause is showing why that isn’t true when it comes to digital security. SecurityFocus has a good article detailing just a few people who got into serious legal trouble (though, usually acquitted after needless expense) just for pointing out security vulnerabilities on computer networks. Yes, there is a fine line between pointing out a vulnerability and actively intruding – but the end results should pretty clearly determine what’s happening. In the cases where the people actively pointed out the vulnerability to those whose systems were open, without doing any damage to them, it seems pretty clear that these people shouldn’t be getting in trouble. The scariest case is one we discussed last year, when a security analyst pointed out a hole in wireless network in Houston. The city had him arrested and said the damages he caused were the expense it took them to fix the hole. As I said at the time, this is incentive for anyone to make their networks as insecure as possible, because it only means you’ll be able to recoup larger “damages” later on.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...