tylerni7

## wassenaar.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                tylerni7
                / wassenaar.md
            
            
              Last active
              April 26, 2016 19:40
            
          
    BIS-2015-0011-0001 (Wassenaar) is a terrible idea. The only effect this legislation will have on cyber security is to harm legitimate researchers, and thereby make illegal activities even easier for cyber criminals.
First off, what problem is Wassenaar trying to address? Computer security has been a growing problem for the past decade, and it seems its importance has been growing at an exponential rate. There are reports in the media every week of large scale intrusions on companies and government organizations. Presumably the goal of Wassenaar is to attempt to stop or at least slow down these sorts of cyber attacks. However, it is not clear at all how Wassenaar will accomplish this. Will Wassenaar affect nation-state actors who are responsible for many of the breaches in the media? Clearly not; rogue nation-states are not going to be punished under our laws. In that case, this must help to prosecute criminals who use computers to attack corporations or people. However, what they are doing is obviously alrea

  
## rant
I don't think people understand what vulnerability sellers really do. They invest thousands of man and computer hours into finding bugs which people are willing to pay lots of money for. As a business, they want to keep their customer base happy, which means allowing their customers (yes, presumably the NSA/FBI/etc.) to use their exploits rather than selling them to Tails OS maintainers. Yes, it's probably the case that these exploits don't just go to nabbing child pornographers or drug traffickers, they also probably try to catch the next Snowden, which not everyone agrees is The Right Thing To Do. But for what it's worth, I'd still trust the US government (even with all its faults) far more than the Russians or Chinese.

But let's be honest here, Tails OS maintainers probably couldn't afford the same price that Exodus's customers will happily pay. Even if Exodus were happy to sell it to the Tails folks, that is certainly going to be a loss of money.

The arguments I'm used to hearing go something like "but
	I don't think people understand what vulnerability sellers really do. They invest thousands of man and computer hours into finding bugs which people are willing to pay lots of money for. As a business, they want to keep their customer base happy, which means allowing their customers (yes, presumably the NSA/FBI/etc.) to use their exploits rather than selling them to Tails OS maintainers. Yes, it's probably the case that these exploits don't just go to nabbing child pornographers or drug traffickers, they also probably try to catch the next Snowden, which not everyone agrees is The Right Thing To Do. But for what it's worth, I'd still trust the US government (even with all its faults) far more than the Russians or Chinese.

	But let's be honest here, Tails OS maintainers probably couldn't afford the same price that Exodus's customers will happily pay. Even if Exodus were happy to sell it to the Tails folks, that is certainly going to be a loss of money.

	The arguments I'm used to hearing go something like "but