Laws that punish hackers with neato-fun wireless gear isn't going to close the loopholes that today's wireless systems present. Until manufacturers are held liable for security vulnerabilities in their products, it will continue to be relatively easy to eavesdrop on telephone calls, satellite TV, 802.11b networks, and wireless cameras. The only thing your law would do is impede us white hats from (a) educating our selves, which is currently the only way to learn about electronic security, and (b) doing our jobs, where attempting eavesdropping and other vulnerability testing is our mandate. It sure won't stop a determined attacker from actually eavesdropping a conversation on my cell phone (AT&T doesn't provide the "voice privacy" feature), my wireless network (128-bit WEP can be cracked using lots of sniffed data and a simple analysis), or my TV. Pervasive strong encryption, public review of encryption algorithms, and a Faraday cage (in that order) might ameliorate the risk, though. A law sure won't.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/76/12032#12032