Sometimes you find something sane…

Any article on the law should include a disclaimer at the top: I am not a lawyer, a Congressman or a lobbyist, nor do I play one on the Internet. Take everything you read here with a largish block of salt. If you need legal advice, this is not it.

That said, when it comes to the law, computer security has always had a law enforcement aspect even as it consistently lags behind the technical cutting edge. Advancements in software design and the advent of geographically distributed systems and applications put the law even further behind than usual over the last five years or so. Sniffing packets and hacking protocols is so last decade! What about smart phone hacking, infrared snooping and online banking fraud?

The U.S. Congress has become more serious about looming cyber security risks and has recently pushed to fill the cyberlaw void with a series of bills. (For what it’s worth, an analysis by Randy Sabett shows that Congress has been relatively active on cybersecurity since 2003, debating and rewriting but not passing any bills.) Reaction in the technical community to the latest batch of bills has been decidedly mixed. So, where do we stand and what can we expect?

Continues at Congress should encourage bug fixes, reward secure systems.