Create an Account
username: password:
 
  MemeStreams Logo

My Letter to Ed Markey

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
My Letter to Ed Markey
Topic: Miscellaneous 6:57 pm EDT, Oct 28, 2006

Update: Ed Markey put out a press release today softening his stance on this.

Congressman Markey,

While I'm not one of your constituents, your statements and actions often have an impact that reaches beyond your district. Yesterday you were quoted in several news media outlets as having called for the arrest of Christopher Soghoian, a PHD candidate at the University of Indiana Bloomington, because he created a web page that generates phoney airline boarding passes. As you are likely aware, your call was answered by the FBI who reportedly broke into Soghoian's house last night and seized all of his computer equipment.

I am a professional computer security researcher. I work for one of the worlds largest IT companies. My job involves finding vulnerabilities in software systems and getting them fixed. Responsible vendors are usually very responsive and willing to work with my team when we contact them with information about problems with their products. Through this process we are able to locate and repair vulnerabilities in IT infrastructure before the bad guys can find them and exploit them. However, there are always a few unsophisticated people who seek to shoot the messenger instead of dealing with the flaw.

Christopher Soghoian is one of the good guys. He is not a criminal and he is not enabling criminals. He did not create the vulnerability in the boarding pass screening process. This problem has existed for years, and it has been noted in other quarters, most recently by Sen. Chuck Schumer. However, the problem hasn't been fixed. Soghoian's website was intended to demonstrate how simple this is, and he has clearly and repeatedly stated that his intent in creating the site was to raise awareness about the problem so that it will be fixed. His website does not make this much easier than standard desktop publishing software available on anyone's personal computer.

Your call for his arrest, and the subsiquent events that have unfolded over the past 24 hours, have done serious harm to the national security of the United States. You could have simply contacted him, informed him of the legal problems that one could face for operating such a website, and discussed shutting it down. By choosing instead to prosecute him you are sending a message to security professionals in this country that if you observe a problem with national security policies or practices and make people aware of those problems in good faith so that they might be fixed, the government will treat you as an enemy and will prosecute you if possible. The inevitable result will be that people will hold their tongues, and problems will persist until they are discovered by someone who has malicious intent.

I strongly urge you to reconsider your position on this matter. The current course of action is not in the best interests of this country.

Respectfully,
Tom Cross



 
 
Powered By Industrial Memetics
RSS2.0