Computer tech law: like a giant Trojan worm

ARCHIVES 2011

By admin-s On Dec 13, 2011

The political effect of such a broad approach is to splinter criticism, not allowing focus on a single point of attack. This places the politician and bureaucrat in a position to cherry pick which arguments to uphold, which to reject, while keeping the essence unchanged. The Peaceful Assembly Bill is an example.

By uppercaise

» New law puts noose around computer techies

The federal government’s draft new law on computing is such an amorphous blob, trying to cover all the bases, that attacks have come from all sides, the latest critic being a politician formerly an IT entrepreneur who sees the law as another weapon against free speech. » MalaysiaKini.

That is not a far-fetched conclusion when the draft Computing Professionals Bill is viewed in terms of its impact on society and the potential for further political control over national life.

Of more workday relevance to the industry are the criticisms of the law for trying to create a closed computing industry; for attempting to keep tabs on everyone with a database of people in the trade; for trying to stifle innovation; for creating regulation by government rather than through industry self-regulation; and potentially for another means of creating avenues for bumiputera-ism to thrive.

Lawyers say it is bad law for being too loosely worded and ambiguous, too broad in scope, legislating for a danger that may not yet exist, and placing too much power in the hands of politicians. » Analysis at Loyar Burok.

The draft law is all that and more. Its broad scope allows its effects to ooze all over the computing trade like a giant malevolent runaway amoeba. Or for a computing analogy, a giant Trojan worm.

• Three laws in one

In essence, the bill is three or four laws in one, an omnibus, dealing with related but quite distinct issues which should have been dealt with separately. Among these issues:

• Cyber security, to protect vital institutions
• Creating a closed-shop ‘profession’ with status on par with doctors and lawyers
• Licensing, certification, and regulation of industry workers
• Political control over thought, information, and access to information

Lumping disparate issues into one law is a crafty piece of political gamesmanship; while on the one hand there is industry involvement in professional matters, the imprint of the heavy hand of government security is moulded into the portions on control and restrictions.

No legislation that imposes further controls on society by restricting the lives of citizens and providing greater powers to the ruling class can avoid being viewed in political terms. The science ministry’s putative “explanation” and rationale does little to dispel the impression of political motives. » Ministry statement

Cyber security is a separate issue

If the aim was to deal with cyber security, the government should have ensured that the law was drafted narrowly — by government, not industry — and sets out a proper security regime; to state specifically which areas it wishes to declare as security areas, and how industry and citizens may respond; set out clearly who may declare security areas or decide who is allowed entry; state their powers, and how the citizen or industry worker can obtain redress.

There is none of that. It is not good enough to simply declare out of bounds most of national life and then, in effect, tell the unregistered to just go write code for the sundry shop and the coffee shop.

Nor is it good enough to place the burden of security on the industry worker by putting him through the equivalent of fingerprinting. Once in a lifetime is enough.

Computer geeks are not doctors

Next, the question of why there has arisen a need for creating a “profession”. Has there been a general outcry from the public, or even from within the industry, of the lack of “professional” status? Or is it simply a result of professional jealousy, to satisfy the egos of industry leaders with an elitist status analogous to that of doctors? Legislative and government control is placed on entry to a “profession” that was created specifically in order to allow for these controls to be placed. Perfectly circular. The restrictions on specialisation is another form of control. Computing is not yet analogous to medicine where doctors spend years perfecting skills in sub-disciplines so that they don’t kill people (and even then they still do.)

Creating a “profession” has nothing to do with cyber security and does not belong in the same piece of legislation. Neither do the provisions on training, education, standards and certification.

Whose need does the law meet?

Above all, why is there now a need to register and keep tabs on who’s doing what in computing?

Legislation is created only when there is a pressing need. The draft law does not show what pressing need is being met. Inevitably, political questions arise: questions of control of society through computing, and questions of political power feeling threatened by computing power.