Comment Re:List of contacts (Score 1) 1021
What I faxed (others feel free to use it as well)
Please carefully consider the parts of the proposed Anti-Terrorism Act of 2001 (ATA) (Sep. 19, 2001) that deal with computer "terrorism". As currently worded, the act is so broad as to encompass a number of activities that are currently part of everyday research in computer security issues. First, the definition of a protected computer encompasses nearly every computer currently on the internet. From Title 18 Chapter 47 Sec. 1030
(d)(e)(2) the term ''protected computer'' means a computer -
(A) exclusively for the use of a financial institution or the
United States Government, or, in the case of a computer not
exclusively for such use, used by or for a financial
institution or the United States Government and the conduct
constituting the offense affects that use by or for the
financial institution or the Government; or
(B) which is used in interstate or foreign commerce or
communication;
Under section (B), any computer running e-mail (interstate communication) qualifies.
Second, I have grave concerns about the implications of the aiding and abetting section on published research in security circles. Computer professionals depend on knowledge and skill. Knowledge we get from published accounts of vulnerabilities. If providing information on how to break into a system (and therefore how to secure it) become punishable by a maximum of life in prison, then I imagine such information will become quite scarce. And this will not make our computer systems any more secure. On the contrary, security will become more difficult for law abiding citizens.
Especially since there is no test of intent in finding someone guilty of "aiding and abetting," the effects of this component of the proposed law will be quite detrimental to the ability of computer professionals in the United States to secure our systems and stay current on threats to computer security and vulnerabilities in existing systems. And this will harm the nation competitively, as well as make our information infrastructure even more vulnerable to terrorist attack.
I propose that wording be added to the Anti-Terrorism Act of 2001 (ATA) (Sep. 19, 2001) that would explicitly exempt speech from qualifying as aiding and abetting terrorism. Further, I would urge the committee consider exempting computer security research specifically, including publication of vulnerabilities, from being considered aiding and abetting terrorism, and specifying in far greater detail what a protected computer system is and what level of damage must be intended or accomplished to qualify for prosecution under the proposed act, as well as activities that are exempt. Please avoid having this act become an example of the law of unintended consequences.
Daniel Hindes, Systems Administrator
8801 Cedros Ave. #14
Panorama City, CA 91402
dhindes@earthlink.net
Please carefully consider the parts of the proposed Anti-Terrorism Act of 2001 (ATA) (Sep. 19, 2001) that deal with computer "terrorism". As currently worded, the act is so broad as to encompass a number of activities that are currently part of everyday research in computer security issues. First, the definition of a protected computer encompasses nearly every computer currently on the internet. From Title 18 Chapter 47 Sec. 1030
(d)(e)(2) the term ''protected computer'' means a computer -
(A) exclusively for the use of a financial institution or the
United States Government, or, in the case of a computer not
exclusively for such use, used by or for a financial
institution or the United States Government and the conduct
constituting the offense affects that use by or for the
financial institution or the Government; or
(B) which is used in interstate or foreign commerce or
communication;
Under section (B), any computer running e-mail (interstate communication) qualifies.
Second, I have grave concerns about the implications of the aiding and abetting section on published research in security circles. Computer professionals depend on knowledge and skill. Knowledge we get from published accounts of vulnerabilities. If providing information on how to break into a system (and therefore how to secure it) become punishable by a maximum of life in prison, then I imagine such information will become quite scarce. And this will not make our computer systems any more secure. On the contrary, security will become more difficult for law abiding citizens.
Especially since there is no test of intent in finding someone guilty of "aiding and abetting," the effects of this component of the proposed law will be quite detrimental to the ability of computer professionals in the United States to secure our systems and stay current on threats to computer security and vulnerabilities in existing systems. And this will harm the nation competitively, as well as make our information infrastructure even more vulnerable to terrorist attack.
I propose that wording be added to the Anti-Terrorism Act of 2001 (ATA) (Sep. 19, 2001) that would explicitly exempt speech from qualifying as aiding and abetting terrorism. Further, I would urge the committee consider exempting computer security research specifically, including publication of vulnerabilities, from being considered aiding and abetting terrorism, and specifying in far greater detail what a protected computer system is and what level of damage must be intended or accomplished to qualify for prosecution under the proposed act, as well as activities that are exempt. Please avoid having this act become an example of the law of unintended consequences.
Daniel Hindes, Systems Administrator
8801 Cedros Ave. #14
Panorama City, CA 91402
dhindes@earthlink.net
