Bad Raps For Non-Hacks
from the no-whistleblowing dept
I’ve said in the past that the DMCA is actually an “anti-whistleblowing” law. While, in the wake of last year’s corporate scandals, the US government claims they’re doing everything possible to encourage whistleblowing, the DMCA law’s “anti-circumvention” clause is showing why that isn’t true when it comes to digital security. SecurityFocus has a good article detailing just a few people who got into serious legal trouble (though, usually acquitted after needless expense) just for pointing out security vulnerabilities on computer networks. Yes, there is a fine line between pointing out a vulnerability and actively intruding – but the end results should pretty clearly determine what’s happening. In the cases where the people actively pointed out the vulnerability to those whose systems were open, without doing any damage to them, it seems pretty clear that these people shouldn’t be getting in trouble. The scariest case is one we discussed last year, when a security analyst pointed out a hole in wireless network in Houston. The city had him arrested and said the damages he caused were the expense it took them to fix the hole. As I said at the time, this is incentive for anyone to make their networks as insecure as possible, because it only means you’ll be able to recoup larger “damages” later on.