close
    • chevron_right

      Wisconsin Governor Hacks the Veto Process

      news.movim.eu / Schneier · Saturday, 8 July, 2023 - 00:18 · 2 minutes

    In my latest book, A Hacker’s Mind , I wrote about hacks as loophole exploiting. This is a great example: The Wisconsin governor used his line-item veto powers—supposedly unique in their specificity—to change a one-year funding increase into a 400-year funding increase.

    He took this wording:

    Section 402. 121.905 (3) (c) 9. of the statues is created to read: 121.903 (3) (c) 9. For the limit for the 2023-24 school year and the 2024-25 school year, add $325 to the result under par. (b).

    And he deleted these words, numbers, and punctuation marks:

    Section 402. 121.905 (3) (c) 9. of the statues is created to read: 121.903 (3) (c) 9. For the limit for the 2023 -24 school year and the 20 24 25 school year , add $325 to the result under par. (b).

    Seems to be legal:

    Rick Champagne, director and general counsel of the nonpartisan Legislative Reference Bureau, said Evers’ 400-year veto is lawful in terms of its form because the governor vetoed words and digits.

    “Both are allowable under the constitution and court decisions on partial veto. The hyphen seems to be new, but the courts have allowed partial veto of punctuation,” Champagne said.

    Definitely a hack. This is not what anyone thinks about when they imagine using a line-item veto.

    And it’s not the first time. I don’t know the details, but this was certainly the same sort of character-by-character editing:

    Mr Evers’ Republican predecessor once deploying it to extend a state programme’s deadline by one thousand years.

    A couple of other things:

    One, this isn’t really a 400-year change. Yes, that’s what the law says. But it can be repealed. And who knows that a dollar will be worth—or if they will even be used—that many decades from now.

    And two, from now all Wisconsin lawmakers will have to be on the alert for this sort of thing. All contentious bills will be examined for the possibility of this sort of delete-only rewriting. This sentence could have been reworded, for example:

    For the 2023-2025 school years, add $325 to the result under par. (b).

    The problem is, of course, that legalese developed over the centuries to be extra wordy in order to limit disputes. If lawmakers need to state things in the minimal viable language, that will increase court battles later. And that’s not even enough. Bills can be thousands of words long. If any arbitrary characters can be glued together by deleting enough other characters, bills can say anything the governor wants.

    The real solution is to return the line-item veto to what we all think it is: the ability to remove individual whole provisions from a law before signing it.

    • chevron_right

      A Hacker’s Mind News

      news.movim.eu / Schneier · Tuesday, 21 March, 2023 - 20:39

    My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon . It’s been spied in airports.

    Reviews are consistently good. I have been enjoying giving podcast interviews. It all feels pretty good right now.

    You can order a signed book from me here .

    For those of you in New York, I’m giving at book talk at the Ford Foundation on Thursday, April 6. Admission is free, but you have to register .

    • chevron_right

      Booklist Review of A Hacker’s Mind

      news.movim.eu / Schneier · Saturday, 14 January, 2023 - 16:29

    Booklist reviews A Hacker’s Mind :

    Author and public-interest security technologist Schneier ( Data and Goliath , 2015) defines a “hack” as an activity allowed by a system “that subverts the rules or norms of the system […] at the expense of someone else affected by the system.” In accessing the security of a particular system, technologists such as Schneier look at how it might fail. In order to counter a hack, it becomes necessary to think like a hacker. Schneier lays out the ramifications of a variety of hacks, contrasting the hacking of the tax code to benefit the wealthy with hacks in realms such as sports that can innovate and change a game for the better. The key to dealing with hacks is being proactive and providing adequate patches to fix any vulnerabilities. Schneier’s fascinating work illustrates how susceptible many systems are to being hacked and how lives can be altered by these subversions. Schneier’s deep dive into this cross-section of technology and humanity makes for investigative gold.

    The book will be published on February 7. Here’s the book’s webpage. You can pre-order a signed copy from me here .