Legislation as a security problem

This article about the US paper industry gaming new green legislation got me thinking about legislation as a security problem. Essentially, gaming legislation like this can be viewed as a breach of security. Those of us in computing recognise that the first (and simplest, but not the only) way of securing an application is to reduce its attack surface. So we put firewalls between our servers and the world and disable unnecessary services and so on. When we add features to our apps, we examine them for new points that can be attacked.

Legislators don't seem to have caught on to this simple defense mechanism. Their response to any situation always seems to be to create more legislation. The result is a steadily increasing cognitive load as real people struggle to keep up with the growing stack of legislation (most of which is papering over cracks in previous legislation). Governments have become so powerful and intrusive that, if we're not there already, we're fast approaching the stage where the only reasonable way of interacting with them will be to game their own legislation.

comments powered by Disqus