This story arc is us, in cybersecurity. Last year, Charlie Miller and Chris Valasek proved they could, through the "Internet", remotely hack in and control a car driving down the freeway. In the video, we see a frightened reporter as the engine stalls in freeway traffic. Should researchers be able to probe cars, medical equipment, and IoT devices accountable to nobody but themselves? Or should they be accountable to the public, and rules setup by government?
This story is about us personally, too. In cyberspace, many of us have superhuman powers. Should we be free to do whatever we want, without accountability, or should be be forced to register with teh government, so they can watch us? For example, I scan the Internet (the entire Internet) with relative impunity. This is what I tweeted when creating my masscan tool, an apt analogy:
Finally, this is related to the #FBIvApple debate on crypto backdoors. Should law-enforcement be able to get into all our electronics, when they have a warrant upon probably cause? Or should citizens be able to encrypt their data with impunity, so that nobody (not even the NSA codebreakers) can read it?I've been totally tonystartking the code for the past week (think Iron man, working in the basement, only with software code).— Rob Graham ❄️ (@ErrataRob) March 26, 2013
I'm totally #TeamCap on this one, as most of you know. It's car companies and medical device manufacturers who should be held accountable for deffects. They evade responsibility because they can pay for government lobbyists. Only a free security research community will ever hold them accountable. Similarly, as Snowden showed, 'warrents' are not enough to hold the government and law enforcement accountable, and thus, unfettered crypto must be a right of the people that government cannot abridge. Lastly, I'll never "register" or "get certified" by the government. I'll leave the country before that happens.