The Computer Misused Act

Both Ivan Ristic and Nathan McFeters has blogged about it so I wont waste your time with what they have already said. Go ahead and read their blogs. Instead, I would like to represent my view in this blog post.

Just as a background, I've already talked about the British Computer Misuse Act. Now, what really makes me worried is that this act wont fix anything. In fact, it will make the situation far worse. And Britain is the next example to follow Germany, which I am sure will be followed by The United States of America very soon, as it seems that they are the initiators of the recent anti-hacker craze.

Security though obscurity does not work!

The law cannot prevent the distribution of information. Have we get rid of the piracy problem? No! In fact, the piracy industry is now far welloff then in the past. You can probably notice that every movie or tv show is available online without the need to access bittorrent or any other distribution network. The music industry is much the same. As a result, bands such as Radiohead and Scissor Sisters, I believe, have offered their music for free because free does make an economic sense.

In a similar way, the Computer Misuse Act will make the availability to exploits far much easier then now. People wont stop publishing security information. They will switch the medium. Instead of posting info on personal blogs, they will do that on Wikipedia or any other site that allows anonymous contributions. The distribution of info on the Web is a breeze now-a-days with the existence of things such as RSS, ATOM and aggregation engines. The reach of information and availability of exploits and the fact that there are no opinion makers to shape the thinking of younger generations of information security experts, will make the situation unbearable, not only for those who don't deserver the punishment but also to companies and organizations who cannot protect themselves. Security is not a destination. It is a process. We cannot train a monkey to run a scanner. We need people who understand the risk to show us which of our assets are at stake. With that law in place we are actually reverting what we have already built with far too many sacrifices.

But this is just me thinking and expressing opinion. It is your say really.