POSTED BY Anthony Gatto
This blogger recently has been focusing his topics on the ongoing threats to data privacy and cyberterrorism. And why shouldn’t I? Just take a look at the Heritage Foundation’s list of companies hit by cyberterrorists in 2014:
- Niemen Marcus
- Public Works company (Homeland Security would not release the name)
- P.F. Chang’s
- U.S. Investigative Services
- Community Health Services
- Home Depot
- Apple Icloud
- Goodwill Industries International
- Bartell Hotels
- U.S. Transportation Command Contracts
- J.P. Morgan Chase
- Dairy Queen International
Similarly, who could forget the November 2014 cyberattack on Sony Entertainment where executive salaries, confidential emails, and films not yet released where made public by hackers. As a result of these cyberattacks and the ongoing concern by the public about the safety of their digital infrastructure, President Obama recently addressed the staff of the federal National Cybersecurity Communications Integration Center (“NCCIC”), and emphasized that “protecting our digital infrastructure is a national security priority and a national economic priority.”
Obama outlined two major objectives for legislative action. The first proposal would encourage better information sharing between the private sector and government on cyber threats. The proposal strikes a balance between protecting privacy and civil liberties while safeguarding critical information networks. Thus, the program protects private companies from legal actions that might arise from sharing consumer information with other private entities for purposes of counteracting cyber threats. This new program would build on proposed legislation that failed to become law last year when the House and the Senate both addressed cyber threat information sharing.
The second administration proposal provides for the following: 1.) prosecution of parties who sell botnets 2.) criminalizing the overseas sale of stolen U.S. financial information; 3.) Deterring the Development and Sale of Computer and Cell Phone Spying Devices; 4.) Updating and Expanding the RICO Act to Include Computer Fraud and Abuse Act (“CFAA”) Offenses; and 5.)Modernizing the CFAA to include prosecution for abusing one’s authorization to access information. (For a more detailed explanation).
Reaction to the proposals from the White House was mixed. While both private sector parties and privacy advocacy groups expressed support for the goal of improved cyber protection, some took issue with the rather relaxed standards for business-to-business or business-to-government sharing of consumer information. Although the sharing of information would only be authorized to combat certain cyberterrorism threats, organizations such as Electronic Frontier Foundation contended that expanded information sharing would pose a serious risk of transferring more personal information to intelligence and law enforcement agencies. Additionally, the Center for Democracy & Technology advocacy group expressed their own concerns when a member of their Senior Council reacted to Obama’s new proposals by stating: “Privacy protections and use restrictions must be in effect before information sharing occurs.”
Similar, yet less criticizing reaction came from the Financial Services Roundtable, which represents banking, insurance and credit card companies. The FSR only expressed the need for “strong information sharing” to win the cybersecurity battle. However, they did express their view that congress will play an important role in moving forward with the appropriate information sharing legislation. This comment reaffirmed the ideas of some commentators that the Obama proposal was simply a starting point for addressing the issue in Congress. Comments like this may also serve another purpose; to let the President know that Congress ultimately has the power to make all laws and not the President. Several members of congress, such as Sen. Ron Johnson, R-Wis., chairman of the Senate Homeland Security and Governmental Affairs Committee, and Rep. Devin Nunes, R-Calif., chairman of the House Permanent Select Committee on Intelligence, voiced their own opinions on the proposal which appeared to be that Obama’s proposals will receive close consideration in congress.
President Obama’s proposals appear to be an accurate depiction of the growing concerns our country faces. Cyberterrorism and Cyber security should be top priorities that congress will address in 2015. However, with such global issues as ISIS in the Middle East, nuclear tension with Iran, a border and immigration crisis in the United States, and the Ukrainian conflict with Russia, this blogger believes it unlikely that any cybersecurity legislation will be passed in 2015. Most of the new White House’s proposals stem from failed 2011 legislation in which the efforts to get this legislation passed began in 2009. Presently, six years later from when the original strategy to get cybersecurity legislation passed, the world is a different place with different problem and some of these problems need to be addressed before these new proposals. Although true, it is also apparent some cyber security legislation cannot be delayed such as protecting the entire U.S. electrical grid. Recently, Newsweek reported that China and at least two other countries have the capabilities to shut down the entire power grid and other vital U.S. infrastructure. It is the opinion of this blogger that issues of that magnitude deserve the time and attention of Congress this year along with our broken immigration system, the conflict in the middle east, and the unpredictable activity in the Ukraine. President Obama is right to acknowledge the need for Cybersecurity legislation, but he is wrong to call for congress to address the entire cyber industry at such a time when the United States has more pressing issues to deal with.
Bio: Anthony is a Staff Member of the Journal of High Technology Law. He is currently a 2L at Suffolk Law and holds a B.S. in Finance from Suffolk University.