Bad Things Happen When Politicians Think They Understand Technology
from the not-so-good dept
Then we have the big cybercrime bill put forth by
"Despite all [the] best efforts, we do have concerns regarding whether government can rapidly recognize best practices without defaulting to a one-size-fits all approach," they wrote.This is one of those bills that sounds good for the headlines (cybercrime is bad, we need to stop it), but has the opposite effect in reality: setting up needless "standards" that actually prevent good security practices. It's bills like both of these that remind us that technologically illiterate politicians making technology policy will do funky things, assuming that technology works with some sort of magic.
"The NIST-based requirements framework in the bill, coupled with government procurement requirements, if not clarified, could have the unintended effect of hindering the development and use of cutting-edge technologies, products, and services, even for those that would protect our critical information infrastructure."
They added the bill might impose a bureaucratic employee-certification program on companies or give the president the authority to mandate security practices.