The Myth of the Superuser
This is a very interesting law journal paper:
The Myth of the Superuser: Fear, Risk, and Harm Online
Paul Ohm
Abstract: Fear of the powerful computer user, “the Superuser,” dominates debates about online conflict. This mythic figure is difficult to find, immune to technological constraints, and aware of legal loopholes. Policymakers, fearful of his power, too often overreact, passing overbroad, ambiguous laws intended to ensnare the Superuser, but which are used instead against inculpable, ordinary users. This response is unwarranted because the Superuser is often a marginal figure whose power has been greatly exaggerated.
The exaggerated attention to the Superuser reveals a pathological characteristic of the study of power, crime, and security online, which springs from a widely-held fear of the Internet. Building on the social science fear literature, this Article challenges the conventional wisdom and standard assumptions about the role of experts. Unlike dispassionate experts in other fields, computer experts are as susceptible as lay-people to exaggerate the power of the Superuser, in part because they have misapplied Larry Lessig’s ideas about code.
The experts in computer security and Internet law have failed to deliver us from fear, resulting in overbroad prohibitions, harms to civil liberties, wasted law enforcement resources, and misallocated economic investment. This Article urges policymakers and partisans to stop using tropes of fear; calls for better empirical work on the probability of online harm; and proposes an anti-Precautionary Principle, a presumption against new laws designed to stop the Superuser.
If I have one complaint, it’s that Ohm doesn’t take into account the effects of the smarter hackers to encapsulate their expertise in easy-to-run software programs, and distribute them to those without the skill. He does mention this at the end, in a section about script kiddies, but I think this is a fundamental difference between hacking skills and other potentially criminal skills.
Frank Wilhoit • May 8, 2007 6:52 AM
So you’re telling me to read the paper even though the abstract, which you quote in full, is patent nonsense?