Ars Technica reports that Congress is looking in to the extent of the cooperation between phone companies and the NSA. This interest was sparked by the White House’s proposal for retroactive immunity.

What’s interesting about this, however, is what it really means to call for retroactive immunity. It’s one thing to provide immunity for possible future violations of the law that might occur but something completely different to ask for immunity for the past. The main difference is that the only reason to ask for immunity for past actions is if you are aware that past actions were in violation of the law. If you knew that no laws were broken in the past, it would be absurd to ask for immunity.

It’s bad enough that the Bush administration and the NSA chose to creatively interpret the law in allowing the wiretaps but to try to pass legislation to protect their partners in crime is a blatant abuse of our legal and government systems.

What bothers me the most is not knowing the true extent of the legal abuses that have occurred in the war on terror. How far has it really gone? How far would they be willing to go?

So to bring this post on topic it reminds me of IT security best practices. Based on experience and the lessons we have learned in the history of IT security, we have come up with some basic rules that, when followed, go a long way to preventing serious problems later.

So many of us security professionals have made recommendations to software companies about potential security threats and often the response is that they don’t see why that particular threat is a big deal. For example, a bug might reveal the physical path to a web content directory. The software company might just say “so what?” because they cannot see how that would result in a compromise. Unfortunately, many companies have learned “so what” the hard way.

The fact is that it doesn’t matter if you can see the threat or not, and it doesn’t matter if the flaw ever leads to a vulnerability. You just always follow the core rules and everything else seems to fall into place. 

The laws of our country are much like that. If we stick to the basics of our constitution everything else seems to fall into place. Constitution-bending laws like the Patriot Act, the DMCA, and others might seem like they don’t really affect us but that doesn’t matter. We should respect the basics even if we can’t see how these other laws might hurt us.

Related posts

• No related posts.