Thursday, March 10, 2016

Captain America Civil War -- it's us

The next Marvel movie is Captain America: Civil War (May 2, 2016). The plot is this: after the Avengers keep blowing things up, there is pushback demanding accountability. Government should be in control when to call in the Avengers, and superhumans should be forced to register with the government. Ironman is pro-accountability, as you've seen his story arc evolve toward this point in the movies. Captain America is anti-accountability.

This story arc is us, in cybersecurity. Last year, Charlie Miller and Chris Valasek proved they could, through the "Internet", remotely hack in and control a car driving down the freeway. In the video, we see a frightened reporter as the engine stalls in freeway traffic. Should researchers be able to probe cars, medical equipment, and IoT devices accountable to nobody but themselves? Or should they be accountable to the public, and rules setup by government?

This story is about us personally, too. In cyberspace, many of us have superhuman powers. Should we be free to do whatever we want, without accountability, or should be be forced to register with teh government, so they can watch us? For example, I scan the Internet (the entire Internet) with relative impunity. This is what I tweeted when creating my masscan tool, an apt analogy:
Finally, this is related to the #FBIvApple debate on crypto backdoors. Should law-enforcement be able to get into all our electronics, when they have a warrant upon probably cause? Or should citizens be able to encrypt their data with impunity, so that nobody (not even the NSA codebreakers) can read it?

I'm totally #TeamCap on this one, as most of you know. It's car companies and medical device manufacturers who should be held accountable for deffects. They evade responsibility because they can pay for government lobbyists. Only a free security research community will ever hold them accountable. Similarly, as Snowden showed, 'warrents' are not enough to hold the government and law enforcement accountable, and thus, unfettered crypto must be a right of the people that government cannot abridge. Lastly, I'll never "register" or "get certified" by the government. I'll leave the country before that happens.

1 comment:

Simon Majou said...

You've already registered your company.