Copyright © 2007 Robert G. Ferrell

An Open Letter to World Legislators

Distinguished ladies and gentlemen, we in the international computer criminal community salute you and your ongoing efforts to silence those who would make software vulnerabilities public. We work long hours ferreting out these holes in the world's Internet-facing systems and developing exploits for them; to have our hard-won data then posted by irresponsible ‘white hat' researchers so that both vendors and end users can patch these flaws takes money out of our pockets. Our business model relies upon only those with the proper connections in the criminal community having access to this information. That's where you come in. By creating a climate of fear and repression wherein anyone reporting an exploitable flaw is immediately set upon by law enforcement, you greatly facilitate our operations. We don't need to waste our valuable time and resources breaking security researchers' legs when you do it for us. Keep it up.

In the beginning we found studying the exploits discovered and posted on the Internet to be educational, but that time has long passed. Then we were merely pupils; now, we are the masters. It has been said that if guns are outlawed, only outlaws will have guns. The same logic holds for finding computer vulnerabilities, and we strongly support both measures. Give us exclusive access to these tools and we will mold online commerce to suit our specific needs and desires. After all, those who deploy insecure software show themselves thereby to be weak and inferior; we provide a valuable service by cutting them (and those pathetic fools who trusted them with their personal data) out of the herd. The strong flourish, the infirm are removed from the population, and the system is thus made more robust. We also wish to express our gratitude to world governments for establishing that collateral damage is an accepted component of commerce as well as military action.

It is critical to our organization that you continue to suppress public revelation of software flaws and escalate the punitive actions taken against those who would brazenly do so. Raid their homes and businesses, seize their hardware, ensnare them in lengthy legal complications–whatever it takes to discourage the international community from participating in the vulnerability discovery process. Computer security should be a ‘black box,' the inner workings of which are known only to a select few (i.e., us). This model has proven itself highly profitable in numerous fields of commerce, and we embrace it wholeheartedly.

Remember: your role is to stomp out our competition. Loose lips sink ships, or in this instance, render security vulnerabilities useless for our money-making operations. The fewer people know about these flaws, the more profit there is for us. To put it colloquially, "You be chillin', we be killin'." We will, of course, negotiate our standard mutual financial arrangement to 'lubricate the wheels of bureaucracy', should that be deemed in our best interests.

In conclusion, we like would take this opportunity once again to thank the international legislative, judicial, and law enforcement communities for their kind cooperation in this effort we have designated "Operation Big Chill." With your continued assistance we can exceed all profit forecasts and realize electronic commerce as the most lucrative criminal market since American Prohibition.