
Why I Hope Congress Never Watches “Blackhat” - noonespecial
http://www.wired.com/2015/01/why-i-hope-congress-never-watches-blackhat/
======
Someone1234
Computer Crime laws are already insanely disproportionate.

They were created during a moral panic when only a few individuals, large
multinationals and, large governments had computers and the government were
worried that "hackers" could break into the electricity grid or the
communications system and shut it down.

So right now you could literally break into someone's home, knock them
unconscious, and then steal their laptop, but yet still get more jail time for
"hacking" into their laptop than any of the previous crimes.

It only gets more insane when someone "hacks" across state lines. The federal
laws are absolutely insane, and the only thing more disproportionate are some
of the drug laws (many of which were also created during times of moral
panic).

In particular are comic cases of when companies fail to secure things at all
(e.g. leave data exposed to the public via hidden URLs) and then someone gets
prosecuted because they "hacked" that company and "stole" that data.

~~~
alistairSH
>In particular are comic cases of when companies fail to secure things at all
and then someone gets prosecuted because they "hacked" that company and
"stole" that data.

<devil's advocate>If I leave my garage open, and somebody takes my golf clubs,
is that not theft?

Yes, the potential punishments are disproportionately harsh. Yes, the company
is silly for leaving data exposed. No, it's not ok to take data because it's
unprotected.

~~~
cortesoft
Yes, stealing something is a crime whether the item is locked or not. However,
cases like that of the Weev guy
([http://en.wikipedia.org/wiki/Weev](http://en.wikipedia.org/wiki/Weev)) are
very different than someone coming into an unlocked garage and stealing your
stuff.

His case is more like a going into a store that is open and invites you in
(this was a public website he went to). You are browsing around, looking at
stuff for sale.. you then see an unmarked door in the middle of the store. It
isn't locked, and doesn't say "Employees Only", so you walk in.

The store can't then turn around and have criminal charges brought against you
just because you weren't supposed to go into the door. There were no locks or
signs, and you were in a place you were supposed to be. Now, if there was any
sort of lock at all (even a crappy, broken, one that was easy to bypass) you
could argue that it is a crime.

If I send a standard request to a website, with no special forged auth or
anything, and that website gives me back data, you can't blame the person who
made the request. It is up to the website to tell me "no, you are not allowed
to access that."

~~~
csandreasen
If I accidentally leave my front door unlocked, it's still a crime for you to
waltz into my house and peak around. I wouldn't describe what weev did as just
walking through an unlocked door, either. It's more like he walked through an
unmarked door, looked into a filing cabinet and saw some private business
records, then thought "Cool. There's more in this cabinet. I'll just go ahead
and make copies of them all for myself."

------
riskable
I don't understand how the Sony hack relates to the proposed changes to the
CFAA. If the attacker was North Korea--as suggested by the administration
(which I _don 't_ believe)--then how would increasing penalties for "hacking"
or developing (or even sharing) "hacking tools" make a difference? As if we
had any jurisdiction whatsoever over there or that the laws of the United
States would somehow deter foreign attackers.

If they want to increase penalties for anything it should be for companies
failing to secure their systems. Attackers can often use very sophisticated
methods to make their way into internal networks but once they're in it's run-
of-the-mill, patched-three-years-ago vulnerabilities that let them do the most
damage.

There's a lot of negligence going on inside corporate networks in regards to
information security and one of the justifications I often hear is that they
can't justify increased spending (or spending any money whatsoever) on IT
security when the costs of an attack are unknown. If we apply significant
punitive damages then the costs would be much easier to calculate and justify.

~~~
snowwrestler
> If the attacker was North Korea--as suggested by the administration (which I
> don't believe)--then how would increasing penalties for "hacking" or
> developing (or even sharing) "hacking tools" make a difference?

This might be a bit off-topic, but there's potentially a distinction between
North Korea being responsible for the hack of Sony, and whoever the people are
who actually penetrated Sony's network and extracted/deleted the data. By
analogy: if you pay an assassin to kill someone, the law holds both you and
the assassin responsible.

I think this is what the government means when they say North Korea was
responsible--not necessarily that every participant in the attack was a North
Korean in North Korea.

~~~
drzaiusapelord
It is well known that NKorea and China are partners in a cyberwar against the
west. NKorea's elite hacker team are stationed in China. This has all been
documented by various groups and reporters.

I think a lot of the skepticism here and the general praise of autocratic
states on HN, are mostly from a lot of people with an anti-US bone to pick or
other political agenda. So to them, the US is always wrong, so they hold up
NKorea, China, Russia, and Iran as bastions of liberty, honesty, and utopia.
Its incredible how delusional these people are.

I also think a lot of people, especially right/libertarian leaning kids, lean
toward autocracy and want a "decisive toughguy" leader for their own political
and emotional reasons. Democracy, secular enlightenment, separation of powers,
etc is seen as weak. Of course, they think the autocrats will be on their
side, the same way, many think eugenics is a fine idea because, of course, "my
people" will be allowed to procreate. There's a Fox News anchor who famously
praised Putin and wished he had a Putin-like president during Russia's taking
of Crimea. Of course, western sanctions have all but crippled Russia and the
ruble today. I wonder if this anchor is still praising Russia's leadership.

1] [http://www.forwardprogressives.com/fox-news-host-says-
wants-...](http://www.forwardprogressives.com/fox-news-host-says-wants-putin-
leader-get-things-done-right/)

------
mhurron
If Congress is making laws and policy based on movies, we have a bigger
problem then which movies they base it on.

~~~
IgorPartola
I don't know, if they watched Inconvenient Truth, it might benefit some of the
knuckleheads there. Or 12 Years a Slave. Or even Lincoln.

~~~
lifeisstillgood
Well the Congressional Cinema Club could put on some special showings and ask
for sponsorship

\- Car Manufacturers Lobby: Bullit

\- Anti Car Lobby: Duel

\- Trans-Atlantic Airlines Lobby : Titanic

\- Construction Lobby: Bridge over the River Kwai

\- Elon Musk : Iron Man 1 or 3 (but not 2)

\- The Hamptons Tourist Board: The wicker man

\- The Banjo Players association of America: Deliverance

\- Tesla Car Showrooms: Death of a salesman

\- Climate Change Deniers Lobby: Some Like It Hot

\- Liberal Atheists for a kinder America: Any Harry Potter

~~~
godkingjim
"The Hamptons Tourist Board: The wicker man"

I'm curious; what you mean by this one?

~~~
anigbrowl
I laughed hard at this one! The Hamptons is basically a vacation destination
in eastern New York state for very very wealthy people, who don't want any
riff-raff cluttering up their picturesque vacation views. 'The Wicker Man' is
a film (+ a remake) about a police officer who goes to investigate a crime in
a remote idyll where everyone knows everyone else and runs into...problems.
Translation: let's ensure that the 'wrong' people stay away.

~~~
lifeisstillgood
Yeah, did not sleep well for a week after watching that one :-)

------
coldcode
What is being proposed for new laws scares me more than any hacker.

~~~
click170
Contact your rep in congress and tell _them_ that. They dont read hackerness
unfortunately.

~~~
cmurf
Really? And you think they won't assume you're some nasty hacker trying to
angle for weak laws so you can just get away with more of this demonic evil
hateful hacking thing that you do? Hoodlum! The incompetency here is not
striking in the fact there's apparently been no change since 1984.

~~~
click170
> Hoodlum!

I think there's a valid concern that we would be seen this way if we contacted
our reps.

This is why I think it's important that you present and carry yourself well,
be prepared about what you want to talk about, and anticipate questions by
having well-thought-out answers ready. These people consider themselves
professionals, so despite our views of them, we will better communicate our
points if we demonstrate professionalism and respect.

------
nickysielicki
Am I crazy for wanting to leave the US?

Is it like this everywhere?

~~~
sp332
Where would you go?

~~~
nickysielicki
Europe

~~~
sp332
Europe generally has fewer privacy and free speech protections than the US.
And in some countries, the NSA _and_ the national government will be spying on
you. [https://www.thewire.com/global/2013/10/france-not-happy-
abou...](https://www.thewire.com/global/2013/10/france-not-happy-about-latest-
snowden-leak/70733/)

~~~
krick
I don't need any "protections", I need to be left alone. That's how I actually
can speak free, feel free and don't worry about my privacy too much (well, as
long as I don't use skype, gmail, mobile phone… well, everything is relative,
ok?). And honestly I thing that only fools believe in stuff like "free speech
protections", although I usually don't try to persuade anybody about all these
abstract matters. So, yeah, I'm just fine in Europe without all these "free
speech protections" and stuff. I guess it could be better, but I don't feel
like leaving to Siberia or some desert island yet.

~~~
sp332
I don't understand the distinction you are making between free speech and
being able to speak freely. I'm not talking about an abstract concept, I mean
posting certain things on your blog is actually illegal. And being spied on by
the government is the the opposite of being left alone, so I think you should
be against that too.

------
rilita
Making the CFAA apply more broadly and criminalizing hacking behaviors that
are currently misdemeanors will have the following effects imo: 1\. As stated
in the article, restrict legitimate security work and creation of useful
tools. 2\. Glamorize becoming a hacker for the misfits of the world. ( It's a
criminal behavior; you'll get underground respect for doing it... ) 3\. Drive
hacking further underground ( this is like suddenly making weed illegal again
in places where it is currently legal ) More crime will result. 4\. Cause me
to release code I write under an alias through multiple proxies in combination
with Tor.

~~~
dragonwriter
If the behaviors are misdemeanors, they are, by definition, already
criminalized.

------
brainy
the good news is that africa has cyber laws, so you can all came here.

------
delinka
"...making Hemsworth officially the best-looking human to ever use a command
line."

Psh. Just because I prefer to avoid publicity doesn't mean the honor actually
belongs to anyone other than myself.

------
angersock
Make no mistake: they're coming after what they don't think they can control.
That's probably _you_ , friend.

