Re: Sympathy for the Devil

[Robert Graham <robert_david_graham () yahoo com>]

Re: https://www.eff.org/deeplinks/2012/03/zero-day-exploit-sales-should-be-key-point-cybersecurity-debate
> 'security researchers should never turn a blind eye to their ethical 
> responsibility to help improve technology'

This is a good demonstration why libertarians oppose populists like the EFF. Rather than champion for researcher 
freedom, the EFF champions rules and restrictions. 

The ethical choices aren't between harming computers or not harming them. The choices are between harming computers or 
harming people.

If Stuxnet had not disabled the uranium enrichment program, we and/or Israel would almost certainly be in a shooting 
war with Iran right now. In the original Gulf War (in 1990) we sent in hackers to exploit VAXen to silence radars, 
instead of killing people. In the recent Libyan action, we had to kill people because cyber alternatives weren't 
ready/available.

The military wants cyber because it's a a non-kinetic/less-lethal alternative. When given a task, they will carry it 
out regardless. If that means killing people, then so be it, but they want alternatives that have the least risk to our 
soldiers, non-combatants, and even enemy soldiers.

There is the ethical question whether cyber gives the government new abilities that would otherwise be impossible with 
kinetic action, or whether it encourages governments to decide on military action when it does not come with the 
political cost of casualties. But that's not the direction the EFF is going with their argument. Instead, while the 
military is killing human beings, the EFF is insisting that it's unethical to harm computers instead.


The EFF article wasn't really about military exploit sales, but cybersec legislation. The thing that is wrong with the 
legislation is that it's a power grab. Different groups within government are fighting among themselves to see who is 
in charge of "cyber", and they are all fighting together to take power in the name of "government". Outside groups are 
likewise fighting for influence and lucrative contracts.

Far from opposing the power grab, the EFF is fighting for their own spot at the power-and-influence table. Their 
argument is that the EFF is charge in deciding what's "ethical", and that this should be reflected in legislation.


Even if you believe the worst inflated threats of state-sponsored hacking, there is little our government can do in 
cyberspace to stop it. Instead, such laws do much to enhance the threat from our own state. The best defense is not 
government, but security researchers. Stuxnet shouldn't be the exception, but the rule. Our government should declare 
open-season on adversaries, clarifying that it's no violation of U.S. law to attack Iranian computers or Chinese 
firewalls. If a researcher believes s/he can stop a shooting war, but the EFF disagrees, the researcher should be free 
to make that decision.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave