It's good to see that many people have a sound head on their shoulders and are not engaging in over-reaching knee-jerk reactions.
Find the time to write your congresscritter, but do it when you are not emotional. Tell them that security research is not cracking, that cracking is not terrorism (if you don't take the time to properly secure your systems, you need to take some liability!), tell them that crypto is free speech, it is the ability of people to have a private conversation! A conversation without big ears, between a limited group of people. Then let the letter sit overnight and read it in fresh light.
If you really want them to listen, take the time to print out your letter, after you have sent it online, address some envelopes and send them hard copy!
If you really wan to stir some feathers, then remind them of the declaration of independence - "But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security"
Tell them that security research is not cracking, that cracking is not terrorism
I agree that security research is not cracking.
Cracking is not terrorism in most cases, but if you crack some critical systems, it can get people killed. And though it doesn't rise to near the level of terrorism where people are killed, crackers who cost lots of innocent people a lot of time and money just to make their point or for the fun of it are still scum.
if you don't take the time to properly secure your systems, you need to take some liability!
People who don't secure their systems should take some responsibility for their lack of action. I think liability is the wrong word, because to me it infers that they deserve to be hacked. They don't. They have a responsibility because their lack of security can allow their system to be used against others. Trusting people that don't lock up their valuables don't deserve to be robbed. People that choose not to arm themselves don't deserve to be attacked. Defence against many forms of attack, including cracking may very well be a good idea, but lack of it does not imply guilt on part of the victim.
I strongly support free speech. I think that crypto laws requiring back doors, or making crypto insecure for the common person are wrong, and would be ineffective in their goals.
As part of supporting free speech, I am strongly against malicious cracking. Worms, viruses, trojans and the like do a lot to harm innocent people who just want to get online but don't have a lot of technical knowledge. The internet is a great tool for free speech, and it shouldn't be kept from them just because they don't know how to properly secure their home computer from malicious attacks of others. If the govenment ends up passing harsh legislation which inhibits our freedom to protect such people, it is the crackers who deserve the lion's share of the blame, not the people who got cracked.
I understand that in order to improve security, security needs to be tested. I also understand that in order to get vulnerabilities fixed, that security issues need to be made public. The way they are made public could often be handled better though.
If you really wan to stir some feathers, then remind them of the declaration of independence - "But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security"
You may stir up some feathers with this, but I doubt you'll help your cause. I agree that as a last resort, revolt is actually a responsibility of an american citizen. But only as a last resort, and only for the good of the country.
I realize that I made some comparison between terrorism and cracking in this post, and I want to state that I don't want to trivialize the problem of terrorism with this. Terrorisn is crime that far outshadows cracking. Malicious cracking is more of a petty terrorism in which lives aren't lost.
According to the U.S. government [state.gov], "terrorism" is defined as:
"premeditated, politically motivated violence perpetrated against noncombatant(1) targets by subnational groups or clandestine agents, usually intended to influence an audience."
This is a reasonable enough definition, though it clearly makes it impossible for the acts of a nations military to be referred to as terrorism.
Using this definition, cracking is not terrorism, though cracking can be a part of terrorism, just as stealing someone's shirt isn't terrorism, but if you steal a pilot's uniform so that you can hijack a plane to kill the passengers for some political motive, then the theft is one part of the bigger terrorist act.
You claimed that "Malicious cracking is more of a petty terrorism in which lives aren't lost". But that is nonsense. According to any reasonable definition of terrorism, if there is no violence, there is no terrorism. In some very specific rare cases, malicious cracking can be violent (somehow cracking air-traffic controller or hospital computers and purposely endanging lives), but I don't know that I've ever heard of such a thing actually happening.
It might seem like a minor quibble, but if you remove the requirement of violence for an act to be terrorism, and instead say that terrorism is when you break the law to make some political point, you are venturing into very dangerous territory. Because by changing the definition, you are now saying that any political action that is illegal is terrorism, and obviously terrorism is a menace that must be stopped. Remember, the vast majority of socio-political improvements in any country have come about by people who broke laws - in some cases specifically unjust laws, and in other cases, ordinary laws were used as a pretense to try to stop a social movement.
Just remember, just because something is bad doesn't mean it's terrorism, and just because something is illegal doesn't mean it's bad.
Thank you (Score:5, Insightful)
Find the time to write your congresscritter, but do it when you are not emotional. Tell them that security research is not cracking, that cracking is not terrorism (if you don't take the time to properly secure your systems, you need to take some liability!), tell them that crypto is free speech, it is the ability of people to have a private conversation! A conversation without big ears, between a limited group of people. Then let the letter sit overnight and read it in fresh light.
If you really want them to listen, take the time to print out your letter, after you have sent it online, address some envelopes and send them hard copy!
If you really wan to stir some feathers, then remind them of the declaration of independence - "But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security"
Chris
Re:Thank you (Score:4, Interesting)
I agree that security research is not cracking.
Cracking is not terrorism in most cases, but if you crack some critical systems, it can get people killed. And though it doesn't rise to near the level of terrorism where people are killed, crackers who cost lots of innocent people a lot of time and money just to make their point or for the fun of it are still scum.
if you don't take the time to properly secure your systems, you need to take some liability!
People who don't secure their systems should take some responsibility for their lack of action. I think liability is the wrong word, because to me it infers that they deserve to be hacked. They don't. They have a responsibility because their lack of security can allow their system to be used against others. Trusting people that don't lock up their valuables don't deserve to be robbed. People that choose not to arm themselves don't deserve to be attacked. Defence against many forms of attack, including cracking may very well be a good idea, but lack of it does not imply guilt on part of the victim.
I strongly support free speech. I think that crypto laws requiring back doors, or making crypto insecure for the common person are wrong, and would be ineffective in their goals.
As part of supporting free speech, I am strongly against malicious cracking. Worms, viruses, trojans and the like do a lot to harm innocent people who just want to get online but don't have a lot of technical knowledge. The internet is a great tool for free speech, and it shouldn't be kept from them just because they don't know how to properly secure their home computer from malicious attacks of others. If the govenment ends up passing harsh legislation which inhibits our freedom to protect such people, it is the crackers who deserve the lion's share of the blame, not the people who got cracked.
I understand that in order to improve security, security needs to be tested. I also understand that in order to get vulnerabilities fixed, that security issues need to be made public. The way they are made public could often be handled better though.
If you really wan to stir some feathers, then remind them of the declaration of independence - "But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security"
You may stir up some feathers with this, but I doubt you'll help your cause. I agree that as a last resort, revolt is actually a responsibility of an american citizen. But only as a last resort, and only for the good of the country.
I realize that I made some comparison between terrorism and cracking in this post, and I want to state that I don't want to trivialize the problem of terrorism with this. Terrorisn is crime that far outshadows cracking. Malicious cracking is more of a petty terrorism in which lives aren't lost.
Re:Thank you (Score:1)
Using this definition, cracking is not terrorism, though cracking can be a part of terrorism, just as stealing someone's shirt isn't terrorism, but if you steal a pilot's uniform so that you can hijack a plane to kill the passengers for some political motive, then the theft is one part of the bigger terrorist act.
You claimed that "Malicious cracking is more of a petty terrorism in which lives aren't lost". But that is nonsense. According to any reasonable definition of terrorism, if there is no violence, there is no terrorism. In some very specific rare cases, malicious cracking can be violent (somehow cracking air-traffic controller or hospital computers and purposely endanging lives), but I don't know that I've ever heard of such a thing actually happening.
It might seem like a minor quibble, but if you remove the requirement of violence for an act to be terrorism, and instead say that terrorism is when you break the law to make some political point, you are venturing into very dangerous territory. Because by changing the definition, you are now saying that any political action that is illegal is terrorism, and obviously terrorism is a menace that must be stopped. Remember, the vast majority of socio-political improvements in any country have come about by people who broke laws - in some cases specifically unjust laws, and in other cases, ordinary laws were used as a pretense to try to stop a social movement.
Just remember, just because something is bad doesn't mean it's terrorism, and just because something is illegal doesn't mean it's bad.
terrorism need not be violent (Score:2)