After ransomware took Baltimore hostage, Maryland introduces legislation that bans disclosing the bugs ransomware exploits

Originally published at: https://boingboing.net/2020/01/28/md-sb-30.html

Sorry to the seniors in advance but this is why Boomer legislators, lawmakers and judges are not in any position to make decisions about technology regulation. They simply do not understand what they’re dealing with or even discussing. Nor do they really want to so they pass laws designed to ignore the problem, if no one can talk about it or research it the problem will just go away right?

2 Likes

Our government, in a nutshell. Leave it to our representatives to make breaking the law illegal. Again.

More stuff in the nutshell.

When bug reporting is outlawed, only outlaws will know about the bugs.

2 Likes

Incidentally, this bill appears to ban a great many DRM and conditional access mechanisms; since those explcitly degrade the function of a computer system and/or deny access to data until money or other consideration is provided for an activation code.

I’m guessing that isn’t the plan.

4 Likes

Hahahaha so maybe it could do some good after all?

2g3os6

Do not fret, oh fellow denizens of boingboing! I have responded! :man_superhero: heheh

Just sent a detailed email to the bill’s sponsor, and my own state senator – who I just happened to give a decent donation to this past weekend at a fundraiser, as she is running for Baltimore City Mayor. I also called her office, and will be calling the sponsor senator’s office in a moment. I think I may be able to get some attention on the problems within the bill.

So, if this is a state law, it would only apply to disclosures from within Maryland, right? If you lived in Maryland but left the state to make the disclosure, is that still ok?

That’s aside from the blindingly obvious first amendment issues, which really should be sufficient to keep anyone who supports this from holding any position of government power, ever.

I have to assume they mean well, and this isn’t due to, say, back-room asks from NSA, which is obviously a resident in the state. From what I gather, NSA is of mixed history when it comes to supporting proper research and reporting of exploits, and trying to prevent those holes from being patched, because they take advantage of them in their espionage efforts.

One thing I told my state senator, the state senator sponsoring the bill, and the two state delegates who are co-sponsors, is that this bill as written would prevent local Maryland university researchers from looking for and properly reporting problems in our state’s electronic voting systems!

Everyone in the senators’ offices I spoke to today seemed genuinely open to my feedback, and I was told I was not the first person who had given such feedback. So, they appear to be taking the feedback seriously. The vote is a good number of steps away from being voted on and passed into law, so as long as folks keep up the pressure, it is likely to be scrapped or seriously amended to fix these issues, I think. I hope! If it gets passed, we’ll have to take it to the state supreme court, and even potentially to the US supreme court, as it is clearly a violation of federal free speech protections.

I would say that my statement applies even if it is incompetence rather than malice, because for a legislator to not see the first amendment issues involved in this would require a really staggering level of incompetence.

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.