As a software engineer, I can assure everyone that legislation like what the President has proposed to address the recent Sony hack won't solve the problem; rather it is likely to exasperate the issue.
Sony gets hacked because they painted a bullseye on their back when they decided to sue ethical hackers. Also Sony is notoriously known within the tech industry for being a mismanaged, segmented company with non technical leadership. Which means that the engineers they tend to hire, aren't the best, because the best decide to work at the best tech companies. (e.g google, apple, facebook, etc), which this results in a situation where Sony software is shitty with very little motivation to fix security issues.
In the past, I have been involved with both Sony's official closed beta developer forums directly and hacker communities who specialized in ps3 homebrew development. There have been times where we in the hacker communities had discovered vulnerabilities in their psn infrastructure like using a severely outdated version of the Apache webserver that had been flagged with a high risk vulnerability years prior to the first time PSN was hacked presumably by Lulzsec.
We actually did the ethical thing and tried to get in touch with Sony to discuss these vulnerabilities because we were concerned that their entire network (and consequently their entire userbase) could be compromised. I know personally that the emails I sent either didn't get a response or any response I did get back would be "we will look into it" and apparently they didn't; because it wasnt long after this that PSN was hacked.
The thing is, I am scared to even talk about this with the public because the laws government passes regarding computer security, fraud, and intellectual property rights doesn't do enough to protect me personally from being labeled a hacker vulnerable to criminal prosecution and civil lawsuits.
Legislation won't stop hackers from hacking. In fact it will only entice it because it leads to cases like the government's legal persecution of Aaron Schwartz. This gives hackers a cause to fight against just like drone strikes that demolish entire Afghan villages gives a cause and initiative for terrorist organizations like ISIS and Al Qaeda to retaliate against us (those of us in western society that is) where we live. It's the never ending back and forth cycle of blowback. There are "forces of evil", ethical government must fight against, but the ethicality of a government is concisely decided by how and what they identify as a " force of evil" and how to address the best way to conquer the foe with minimal "civilian casualties".
Right now, congress isn't competent enough to properly address issues regarding technological issues. So I strictly stand behind a position that I won't try to educate politicians in the art of acquiring votes if they don't try to mandate the way I can design tech.
No comments:
Post a Comment