comment 0

A Techie’s view on the Law

2283584007_f199332890_zAre some laws worth following–in other words, are some Laws so idiotic that they should be ignored completely?

That sounds anathema, because we have a romanticized definition of the law, we define the Law as a broad general agreement a society undertakes, and the law keeps society from tearing itself apart. In other words, the law is so sacred because without it–we descend into anarchy, so ignoring the law is akin to promoting anarchy.

But I’m not speaking of “The Law”, I’m speaking of “A law”, specifically an Act of Parliament. “The Law” refers to a vast conglomeration of many things, including constitutions (state and Federal), statutes, precedence of case law and Acts of Parliament. I’m not sure what a statute is–but I roughly know what an Act of Parliament is, and it surely isn’t a broad general agreement that society depends on to stave off Anarchy–rather an act of Parliament is a law brought into effect by Parliament–nothing more nothing less.

To my techie mind, that means that 222 Members of the Malaysian Parliament got together to enact a piece of legislation. Romantically we think this is the people’s will–the Rakyat voted these people into power and they now wield this power to enact laws that will protect the Rakyat. A glorious cycle of virtuosity that only democracy can deliver. That’s wishful thinking, realistically it’s a law brought into effect by 222 voting members of Parliament whose collective IQ would probably not exceed that of the Zoo.

So when these 222 MPs ge t together and enact legislation to regulate technology–I get a bit uncomfortable. Not only do most of them not have engineering qualifications, half of them don’t even have a website. Having these MPs enact legislation that will regulate a field they’re clueless about, is akin to getting open heart surgery from a car mechanic.

On a side note, a techie like me has a hard time understanding why we have 222 seats in Parliament. It would seem, that in a first past the poll system, you’d want to have ODD number of seats, to avoid the situation where 111 members belong to Barisan, and the other 111 belong to Pakatan (what happens then?). That’s just ONE of the many things an engineer would quickly realize is wrong with the entire system–and that’s why we only have 3 engineers in Parliament (at least according to the Sinar Project).

Exhibit A: Computer Crimes Act 1997

Take for example the Computer Crimes Act of 1997. This is what the paragraph 3 of the law states:

3. (1) A person shall be guilty of an offence if—
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorized; and
(c) he knows at the time when he causes the computer to perform the function that is the case.

Now, we all understand that the people enacting these laws aren’t experts in technology, and they seem fully aware that there is no way legislation can ever keep up pace with technology. So in response they draft legislation that is ambiguous and all-encompassing so as not to let any new technology ‘fall through the cracks’ of the law. But read the statement above again–and then imagine a scenario, where you find a iPhone in a public place, and you swipe to unlock it. Would you be guilty of the crime? From my techie perspective, it’s a resounding YES.

(a)You caused the computer (the phone) to function with the intent to secure access to it
(b)The owner of the phone certainly didn’t authorize you to access it
(c)And you knew this when you performed the swipe

But it doesn’t stop there, the act goes on to say

(2) For the purposes of subsection (1), this Act shall apply if,for the offence in question, the computer, program or data was in Malaysia or capable of being connected to or sent to or used by or with a computer in Malaysia at the material time.

Basically the act applies to every computer on the internet–talk about over-stepping your boundaries. Of course we also have the usual sections that authorize half the Police Force to invade your privacy, on the pretext of security, but is the law really providing security? Is it just another piece of garbage legislation we should ignore?

Ignoring Laws

The question boils down to ignoring laws. If Parliament enacted a law that stated no one could wear their seat-belts in their cars, would you ignore it?

Of Course you would–and you’d encourage everyone you loved to do the same. Ignoring a law for your own safety is common sense. The problem isn’t ignoring the law, the problem is how the law got drafted in the first place.

I would argue that the Computer Security Law of 1997 is both archaic and dangerous, it makes everyone less secure. By criminalizing simple hacks into servers, the government has essentially made security research illegal in this country, so no one could test the security of Unifi Routers or WiMax access points without at least being worried of legal action.This provides legal protection to the companies that provide bad security to their customers–the act doesn’t even stipulate a fine for inadequate security, something it SHOULD do if it were serious about security.

In todays modern world, where bug bounty programs are common,(A bug bounty program is one where the company providing a service or solution actually pays money to people who find flaws in their product–this encourages ‘white hat’ hackers to test their products to ‘secure unauthorized access’) companies pay hackers to break their systems–that’s how modern security works. That’s how facebook secures it’s servers.

Security through obscurity, the model proposed by this Act of Parliament, is out of date and needs to be discarded, no offense but the law was probably drafted at a time when less than 10% of the MPs had internet access, and in any case the internet of 1997 is far different from the internet today. But why haven’t we amended the law?

Because Parliament doesn’t know how computer security works, and even if they did, it’ll take a act of God Himself to get them of their arses to enact legislation that would actually make Malaysia more secure.

Conclusion

As a techie, I wonder when we’ll come up with Democracy 2.0, or Crowd-source Parliament. I think the system is flawed, and the laws it enacts are equally so. I wonder if we’ll ever move to a more effective and efficient solution–one where the legislative bodies can enact laws that keep pace with the technology of the day.

After all, the law is a piece of Technology. It was designed some couple thousand years ago to provide the social lubricant for society to operate, if there’s one thing we learn from history is that any form of Tyranny, no matter how Tyrannical is better than anarchy. The law was technology designed to prevent Anarchy, but it’s time for an upgrade.

And just like any other piece of Technology, upgrades come in increments or paradigm shifts–we’ve probably incremented the existing system as much as we should, it’s time we took radical approaches.Trying to use this old-skool law technology, to regulate todays digital technology is akin to pouring new wine into old wine-skins. I have no idea what a wine-skin is, but at least I know what the Public Key Infrastructure is, something the MPs that drafted the Digital Signature act clearly didn’t. I leave you with the wise words of Nicholas Negroponte, a giant of the tech world:

2845536335_d86cf7db2e_z

#YourComment