Wed 25 Apr 2007
My latest Wired News column revisits an issue I wrote about in a law review article a few years ago for the Yale International Journal of Communications Law and Policy, The Price of Restricting Vulnerability Publications. In that article I compared proposals to limit the publication of computer security holes with the best practices in the natural sciences, including microbiology. Acceptable restriction guidelines were very, very narrow, and totally voluntary. Recently, however, a new task force organized under the National Security Act is proposing more restrictive guidelines, and while the proposal speaks in voluntary terms, the board reports are clearly resigned to the inevitability of future federal regulation of scientific publications. This bodes ill for advancement in science, and by analogy, computer security. In the column, I point to some other ways we can mitigate the risk that scientific research will be misused by criminals and terrorists.