What if we legalize cybercrime? (bqp.io)
28 points by CiPHPerCoder 4 hours ago | hide | past | web | 5 comments | favorite





For people who won't read the article, it makes it clear that this is just a thought experiment, and offers a lot of reasons why we don't legalize cybercrime.

But one reason that's not mentioned is that it's horribly asymmetric:

> Let me paint a utopian world for you, where all kinds of cybercrime – hacking, ransomware, DDoS, etc. – are entirely legal.

It's much more expensive to defend against a DDoS attack than it is to launch one. Granted, if we did live in a world where cybercrime was legal, and things like IoT cameras were much harder to subvert into a free botnet, it might become more expensive, but in the end a lot more effort would be put into prevention than would be put into cause.

While we can dream of a future where cybercrime is legal and we rely on our code and math to protect us, completely legalizing it today is not our best option. Nevertheless, we should consider moving in that direction.

I like that this article looks at the distributed, societal-level effects that derive from law. But I find the "should consider moving in that direction" part to be perplexing. One straw-man take against that: what about defense in depth? Can we strongly incentivize secure software and software-based appliances and still have legal deterrents against cybercrime perpetrators?

I do kinda fancy the idea of giving letters of marque for "cybercrime", though it's obviously not realistic for a whole bunch of reasons.

Odd that google.com now redirects me to bing.com when I use Microsoft Edge... Ah, another Facebook blackmail notice, need to remember to send them their monthly $20, so they don't tell my significant other about my affair... Somebody left a phone on the ground, oh damn it, it just scanned my fingerprint and is breaking into my bank account, serves me right, I should have known better than to go outside today.

Yeah, I'm not digging this dystopian future. On the plus side, it would bring typewriters back into common use.

> Somebody left a phone on the ground, oh damn it, it just scanned my fingerprint and is breaking into my bank account

Never, ever, use biometrics as a valid login option for identity-sensitive data/applications. They're way too easy to find out for an attacker.

