SlideShare a Scribd company logo

Cyber Legislation

Download as DOCX, PDF
M
Matthew Assarian
1 of 13
Legislating for Hacks Matthew Assarian 27 April 2015
Abstract: Cyber crime and cyber terrorism are of great concern domestically and internationally. The United States, however, has been slow to adopt legislation regarding the rights and responsibilities of protecting the country’s data. Rather than develop an overarching framework or become signatory to international accordsdesignedtodeal withwhatisultimately a transnational threat, law makers in the US have beenreluctantuntil veryrecently,withinthe lastfew years,to make a concentrated legislative effort.Anypreviousworkdone on the issue was primarily concerned with publically held institutions, such as the Army or national infrastructure, largely for national security reasons. A critical gap has remained and that has been first, how exactly the relationship is defined when public and private interests meet, and then finally what is required legally of private institutions to protect their data. There is a renewed effort on the part of the US congress to address these issues, and it appears to be spearheadedbycorporations and private industry. However, this is in direct contrast to their previous strategyof obstinacy,attemptingtoscuttle anyattemptsatsubstantive legislationfor fear that it would be an “undue burden” and “stifle innovation”. This new tactic of appearing to be civically engaged is a cynical ployto insinuate themselvesintothe legislative process.Rather than being a case of law makers consulting experts, paid lobbyists are shaping legislation. The resulting law shifts the burden of protection of private data from the corporate to the public sphere, affording corporations with the benefits but none of the associated risk. Introduction: Ever since that day, nothing has been the same. Who can forget where they were on November 24, 2014 when they heard the news; Seth Rogen/ James Franco vehicle “The Interview” wouldn’t be coming out. According to media outlets, the terrorists had won. At least that was the case being made by the likes of David Auerbach and Slate magazine in their op-ed piece, “The Sony Hackers Are Terrorists”. Auerbach made the case that while other companies had experienced breaches and lost data, it was the first time an American company had been assaulted by hackers who wanted to send a message to Sony. The effects were devastating according to one insider: SonyPictures’networksubsequentlywentdown for twodays,forcingemployeestouse personal e-mail
accounts,work fromhome,andin some cases, resortto paperand pencil todo theirwork...“It’s justbusinessas usual,if the yearwas 2002,” one SonyTV stafferwrote to me in a Facebookmessage.“[There are] lotsof PAshaving to run jump-drivesbackandforthall overthe place,and handdeliveringhardcopiesof filesandscripts. (Auerback 2015) Truly horrific. That Sony was able to recover from the attack is a testament to the resilience of Sony management. To be fair, Sony did not pull “The Interview” from theaters because of a DoS attack on their system, but rather because at some point after the initial breach was discovered, The Guardians of Peace (the group responsible for the attack which was itself most likely a front for North Korean-elements) promised 9/11 style attacks on theaters should they show the film(Auerback 2015). It was only when theater chains themselves refused to play the picture that Sony pulled the plug, thereafter being somewhat unjustly accused of capitulation by critics who rushed to judgement before learning that a legitimate terror threat had been made. Hyperbole seems to be the trend in the post 9/11 world, where the line between what constitutes actual terrorism and what constitutes a simple crime has become indistinct to the point of non-existence. Conflating cybercrime with cyber terrorism has become a popular rhetorical tool among politicians who, in the same breadth, mention attacks on the US food supply and its financial institutions, as if they are one in the same. An op-ed for the Huffington Post, written by former North Dakota Senator Byran Dorgan is a prime example of such a trend. The Democratic Senator opened up the article about “cyber terrorism” by discussing the infection of computers belonging to Aramco, a Saudi Arabian oil company, by possible Iranian “terrorists” (Dorgan 2013). His second example was about hackers commandeering the Associated Press’s Twitter account and erroneously reporting an explosion at the White House. He made sure to mention the resulting stock market plunge of 143 points. Subsequently, he switches back to the word “terrorist”, saying that “cyber terror is now the new language of war that we barely understand” (Dorgan 2013). He goes on to say that across the country “the
government and private corporations” are working to protect us against cyberattacks (Dorgan 2013). Not only does Dorgan confuse the term hacker and terrorist, he says we are protected by the government, as well as corporations. It is possible he could mean private contractors working in some sort of Federal agency, but the overwhelming sentiment is that he sees no difference between a limited attack on a single corporate entity and full blown assault on the national infrastructure. Martin Libicki, a senior management scientist for the RAND corporation, doesn’t see it that way. “The difference between a costly annoyance,” Libicki writes “and terror affected” (Libicki 2015). Because hacks like those that happened to Sony lack the ability to create a “visceral sense of fear”, they cannot be called terrorism (Libicki 2015). That’s not to say that American businesses are not tempting targets and aren’t in danger from, and should be secured against, cybercrime, but unless criminals can precipitate an economy-wide crash on the scale of the 2008 financial crisis, the idea of crimes against hedge funds being equivalent to attacks on the country’s water supply is inaccurate and inappropriate. So why is this relevant to a discussion about cyber security legislation? It’s important because it provides the rhetorical framework for understanding the success of the current push for cyber legislation. Without it, the reasoning behind such legislative momentum is nigh incomprehensible. This paper asserts that because of the urgency lent to the issue by the conflagration of cybercrime and cyber terrorism, businesses are able to position themselves in such a way that preserving their individual interests appears to be in the overall national interest, and so they are given deference in the legislative process, shaping possible future laws to their benefit. This is bad for the average citizen however, because it does little to protect the rights of the individual, while conferring protections on corporations at public expense. Literature Review: The literature review for this paper involved a wide swath of topics. Although none of the existing literature directly examines the idea of the current Congressional action as being anomalous in the history of such legislation nor the idea of it as resulting from corporate lobbying, there were many separate sources that looked at each issue separately. I, however, chose to look at them in the larger context, not in a vacuum.
Collusion between Government and Business The literature covering the general topic of government being used as an instrument of corporations is long and storied. Obviously the biggest influence in that capacity would be Karl Marx, but he hardly has a monopoly on the subject. “War is a Racket” was written by Smedley Butler in 1912 and reveals how, in his capacity as military commander, he was instrumental in securing interests of the Dole Fruit company in South America. For more up-to-date information, I looked to the several sources, one being Journal of National Security Law and Policy, in particular an article by Suzanne Landau, “Under the Radar: The NSA Efforts to Provide Secure Private-Sector Communications Infrastructure”. Landau outlines the history of the NSA since its inception in the late 1940’s, early 1950’s, where it often would, at the very least, examine the communication infrastructure of private companies. This was often done in order to provide them with an advantage in competing in international markets (Landau 2012). Although that was not part of the NSA’s mandate, it was an early example of the government using national resources for private benefit. A paper by Dr. Bajaj Komlesh, an official in the Indian government, provided key insight into the US’s history of providing its companies with a comparative advantage in the international market by using resources earmarked for defense. It’s something he argues has only increased under the auspices of “counter-terrorism” (Baja 2012). This would include, but was not limited to, electronic eavesdropping, wiretapping and network intrusion. Such methods are, according the Bajaj, widely used by the US, especially against the Chinese. The Chinese view this as economic provocation because it allows the US and its allies to bargain from a position of strength in international economic negotiations (Bajaj 2012). Lobbying in the United States Lobbying is not an activity unique to the US, the EU has an entire building designated for lobbyists, but the US is known for an aggressive type of lobbying. In particular, the US is known for a “revolving door” where a government employee leaves work on Friday and on Monday starts her new job as a lobbyist. This has obviously taken on much more significance since the Citizens United Supreme Court decision but even traditional lobbying, outside of elections, has experienced a boon, as regards to cybersecurity. According to information and articles from sources as diverse as Reuters News Agency to Progressive think tanks, the amount of lobbying in Washington DC for cyber legislation has tripled since 2012. The New York Times puts the figure at $134 million as of 2014 (Dusel 2014) and that sum is likely to grow. These sources,
while informative, were a little light on analysis and as such, the information provided was somewhat scattershot. Locating it proved to be one of the biggest challenges of this paper. PR Material There was a substantial amount of material generated during the lobbying efforts, from several view points. The most prolific however, tended to be either business interests or trade groups, although they were sporadic government agencies and Civil Rights groups created promotional literature as well. The group that produced the most material, by far, was the US Chamber of Commerce and their publication “Free Enterprise”. It seems scarcely a week went by without some sort of op-ed or press release coming from Chamber of Commerce. In a piece that would eventually go on to be published in “The Hill” a major Washington DC organ, the Chamber defined their position as being fiercely anti-regulatory, but amendable to cooperation between private industry and government (Joston 2012). Another major group was the Business Software Alliance. This was a collection of companies including Microsoft and McKafee which were very vocal in their support of certain pieces of legislation. They were particularly rabid when it came to the topic of copyright infringement and piracy. In a somewhat misguided campaign, at one point the BSA was encouraging employees to rat on their employers with the “Bust Your Boss” initiative, where the organization would pay “whistleblowers” for alerting them to any possible illegal software use in their office (Gaskin 2009). There have been similarly acronymed trade groups, like the Internet Security Alliance (ISA) but they are relative youngsters compared to the BSA, which has been around since 1988. Taken separately, these resources were interesting yet inchoate, not yet coalescing into a bigger picture. There was the historical framework for business-government interaction, but it had yet to incorporate the newly created frontiers of the digital world. There was information about which group donated to which cause, but not how it fit into an overall strategy. This paper strives to take the above mentioned sources and synthesize them into something new. Argument:
Like most things in the United States, cyber legislation is being driven less by common sense than by dollars and cents. The current push for legislation, although seemingly spearheaded by companies, is in direct contrast to their previous strategy of obstinacy, and is in fact a cynical ploy to appear civically engaged all the while crafting laws which benefit them, sometimes at the expense of citizens. It is the intention of this paper to demonstrate that the ultimately goal of those corporations lobbying Congress is to shift the burden of data protection onto the government, while shielding themselves from liability. Discussion: Although the specifics of each piece of cyber legislation differ, the pattern of those opposed and those in favor, who wants what and how they are willing to settle rarely change, the only shifting constant is in the ratios. When Civil Rights activists likes something, the security hawks feel they are losing out. When the security hawks have something they are happy with, the Civil Rights activists have strong reservations. When the Civil Rights activists and the security hawks are happy, the telecommunications industry refuses what they see as a regulatory burden and lobby to have the whole thing shut down. It’s dull and predictable but that has been the primary road map to Congressional gridlock. So what’s changed? Why is there now a push for legislation? Partially, the momentum is the result of a spate of high-profile security breaches at retailers such as Target and Home Depot and healthcare providers such as Anthem. There is the view that now is the time to act (Maza 2015). The industry knows it has a security problem. Former Carter administration official Amitai Etzioni, says that although corporations have been opposing efforts to create a cyber- regulatory structure, they have also been neglecting the role of cybersecurity, viewing it as superfluous. In fact, many executives regard the idea of cybersecurity itself as within the existing purview of its IT departments and not necessarily worth the expense (Etzioni 2011) which if they fully implemented adequate security protocols would be substantial. Many
businesses also view the idea of Federally mandated cyber security measures as something the government, rather than the companies themselves, should foot the bill for (Etzioni 2011). So we have an industry unwilling to spend the money to defend itself but acutely aware of what happened to the likes of Target and Sony. Needless to say approaching the government for help would look… awkward. Companies are continuing to try other ways around beefing up security, such as with CyberSecurity Breach insurance. This is mostly seen as a way for smaller companies without the resources of the bigger corporations to protect themselves from the potentially ruinous effects of a data breach. So far the cyber insurance industry has grown into a $2.1 billion behemoth. It suffers from its own forms of unwieldiness, mostly because the legal structure and what companies are required to protect and disclose, etc. is somewhat codified in laws like the Graham Bleachly Act, but is in no way uniform (NPR 2015). In many ways, smaller companies may be helped by an over-arching regulatory structure but they are butting up against decades of anti-oversight thought, propagated largely by groups like the Business Software Alliance and the US Chamber of Commerce. For example, there were attempts during the George W. Bush administration to create some sort of regulatory framework by Richard Clark: Duringhistenure at the White House,Clarke attemptedto institute anambitiousregulatoryregime,buthe sayshis planwas largelyblockedbyanti-regulationforceswithin the administrationof George W.Bush.StewartA.Baker, whoservedasthe firstassistantsecretaryof homeland securityforpolicyat the time,writesthatthe proposed strategy“sidleduptowardnew mandatesforindustry,” wouldhave requiredformationof asecurityresearchfund that woulddrawon contributionsfromtechnology companies,andwouldhave increasedpressureonInternet companiestoprovide securitytechnologywiththeir products.These requirementswere viewedastooonerous
for businesses,Bakernotes,bymanywithinthe administration,andultimately“anythingthatcouldoffend industry,anythingthathintedatgovernmentmandates, was strippedout.”(Etzioni 2011). So with the increased lobbying and more conciliatory approach being taken by the US Chamber of Commerce, what’s changed? In large part, the answer is the man who occupied The White House. While Bush almost completely ignored the issue (Etzioni 2011), Obama has been much more pro-active in trying to set up something to protect the nation’s infrastructure, which as was previously mentioned in the introduction, now seemed to include economic and financial components. Obama has been cautious in his attempts to woo corporations and made it a point to say in 2009 that “[m]y administration will not dictate security standards to private companies.” (Etzioni 2011). It was in this more “conciliatory” atmosphere that lobbying began in earnest in the Capital. Companies like Google, Ratheon and Boeing all have spent billions trying to sway members of Congress. The US Chamber of Commerce started a campaign in 2012, advocating for a “voluntary cooperation” regime, culminating in a joint paper with the National Institute of Standards and Technology (NIST). The solutions advocated by the Chamber are largely “market based” (Beachanue 2014) and encourage, but not require communication between companies about cyber threats. In addition to its work with the NIST, the Chamber of Commerce worked with John McCain and five other Senators to create the SECURE IT bill, which was meant to challenge another cyber legislation bill proposed by Joe Lieberman and Susan Collins (Vigiyan 2012) which they felt was placed too many restrictions on private industry. Other than issuing an Executive Order in 2013 directing the government to develop voluntary cyber standards for privately-held assets considered critical to national security, and to increase sharing of cyber attack information with companies (Salant 2013), the White House finds itself at an impasse. Although corporations are now advocating for solutions to the cyber security problem where before they simply stalled, their lobbying efforts continue to focus on a few areas deemed non-negotiable. The overall corporate wish-list includes no regulatory apparatus, which the Obama administration has largely assented to, but the lobbyist insist that there will be no information sharing without assurances of freedom from liability and negligence (Salant 2013).
Conclusion: As of February, 2015 Obama is still stumping for some sort of compromise on the cyber legislative agenda. At the Summit on Cybersecurity and Consumer Protection hosted by Stanford University a weary Obama made yet another plea, "It’s one of the great paradoxes of our time that the very technologies that empower us to do great good can also be used to undermine us and inflict great harm," Mr. Obama said, addressing the summit (Maza 15). It’s easy to picture him sighing. Through a confluence of language, equating cybercrime with cyber terrorism and financial instruments with the national security infrastructure, there has been a great flip in the script. Sensing a White House willing to compromise, businesses feel they can lobby for a regulatory regime that wasn’t, instead looking for voluntary compliance. Despite James Lewis, a cyber-security expert at the Center for Strategic & International Studies, flatly conclude[ing] that “the market has failed to secure cyberspace. A ten-year experiment in faith- based cyber security has proven this beyond question.” (Etzioni 2011) corporations persist in the idea. Honestly, who could blame them? With the NSA conducting corporate espionage on their behalf, and the possibility that they might be immunized to prosecution for liability and negligence if they are able to get their agenda passed, why would corporations want to spend a red cent on cybersecurity? Of course there is the idea that consumers won’t be protected and citizens’ civil rights might be trampled, but a good PR department can right any sinking ship. Especially when they don’t have to spend money on the lawyers they would normally need to defend themselves from compliance violations and class action lawsuits.
Bibliography Auerbach, David “The Sony Hackers are Terrorists.” 17 December 2014. Slate.com. http://www.slate.com/articles/technology/bitwise/2014/12/sony_pictures_hack_why_its_perp etrators_should_be_called_cyberterrorists.html Bajaj, Kamlesh “Industrial Espionage and Counter-Terrorism: Two Sides of the Same Coin.” 9 July 2014. China-US Focus. http://www.chinausfocus.com/peace-security/industrial- espionage-and-counterterrorism-surveillance-two-sides-of-the-same-coin/ Beauchesne, Ann “U.S. Chamber of Commerce Launches National Cybersecurity “Roundtables” Series in Chicago” 2 June 2014. US Chamber of Commerce. https://www.uschamber.com/us-chamber-commerce-launches-national-cybersecurity- roundtables-series-chicago Dorgan, Byron “Cyber Terror is the New Language of War” 17 July 2013. HuffingtonPost. http://www.huffingtonpost.com/sen-byron-dorgan/cyber-terror-is-the-new-l_b_3612888.html Etzioni, Amitai “Private Sector Neglects Cyber Security” 29 November 2011. The National Interest. http://nationalinterest.org/commentary/private-sector-neglects-cyber- security-6196 Gaskin, James “Business Software Alliance Dirty Trick Update” 14 October 2009. Networkworld.com. http://www.networkworld.com/article/2251718/smb/business-software- alliance-dirty-tricks-update.html Goetz, Kaomi “Companies Worried About Hackers Turn to Cyber Insurance” 19 March 2015. NPR. http://www.npr.org/2015/03/19/393865187/companies-worried-about-hackers- turn-to-cyber-insurance
Landau, Susan “Under the Radar: NSA Efforts to Secure Private-Sector Communication Infrastructure” 29 September 2014. Journal of National Security Law and Policy Volume 7 Issue 2. http://jnslp.com/wp-content/uploads/2015/03/NSA%E2%80%99s-Efforts-to-Secure-Private- Sector-Telecommunications-Infrastructure_2.pdf Libicki, Martin “Cyberattacks are a Nuisance, Not Terrorism” 8 February 2015. Newsweek.com http://www.newsweek.com/cyber-attacks-are-nuisance-not-terrorism-305062 Marcus, Steve “Telecoms Prevail in Arguing Against Cybersecurity Recommendations” 19 March 2013. Reuters.com. http://www.reuters.com/article/2013/03/19/us-usa- cybersecurity-fcc-idUSBRE92I03420130319 Maza, Cristina “Will the Government and Private Industry be Able to Cooperate?” 3 February 2105. Christian Science Monitor. http://www.csmonitor.com/USA/USA- Update/2015/0213/Cybersecurity-summit-Will-government-businesses-cooperate-more Salant, Jonathan “Lobbying is Big Business in the Capital” 21 March 2013. Bloomberg Business. http://www.bloomberg.com/news/articles/2013-03-21/cybersecurity-lobby-surges- as-congress-considers-new-laws Vijayan, Jakumar “No BiPartisan Fight in Bill Debate” 5 March 2012. Computer World. http://www.computerworld.com/article/2505963/cyberwarfare/no-partisan-fight-over- cybersecurity-bill--gop-senator-says.html
Cyber Legislation

Recommended

Cyber Warfare
Cyber WarfareCyber Warfare
Cyber WarfareJason Fernandes
 
Social media, surveillance and censorship
Social media, surveillance and censorshipSocial media, surveillance and censorship
Social media, surveillance and censorshiplilianedwards
 
Cybersecurity under the Trump Administration
Cybersecurity under the Trump AdministrationCybersecurity under the Trump Administration
Cybersecurity under the Trump AdministrationBrunswick Group
 
Prism
PrismPrism
PrismRovin Valencia
 
051309 Federal Interest And Social Security Metanomics Transcript
051309 Federal Interest And Social Security Metanomics Transcript051309 Federal Interest And Social Security Metanomics Transcript
051309 Federal Interest And Social Security Metanomics TranscriptRemedy Communications
 
Katherine Neal_Written Brief 1
Katherine Neal_Written Brief 1Katherine Neal_Written Brief 1
Katherine Neal_Written Brief 1Kate Neal
 
Metanomics: Federal Interest in Virtual Worlds and Cybersecurity
Metanomics: Federal Interest in Virtual Worlds and CybersecurityMetanomics: Federal Interest in Virtual Worlds and Cybersecurity
Metanomics: Federal Interest in Virtual Worlds and CybersecurityDoug Thompson
 
Can cloud computing survive the NSA disclosures
Can cloud computing survive the NSA disclosuresCan cloud computing survive the NSA disclosures
Can cloud computing survive the NSA disclosuresJason Fernandes
 

Recommended

Cyber Warfare
Cyber WarfareCyber Warfare
Cyber WarfareJason Fernandes
 
Social media, surveillance and censorship
Social media, surveillance and censorshipSocial media, surveillance and censorship
Social media, surveillance and censorshiplilianedwards
 
Cybersecurity under the Trump Administration
Cybersecurity under the Trump AdministrationCybersecurity under the Trump Administration
Cybersecurity under the Trump AdministrationBrunswick Group
 
Prism
PrismPrism
PrismRovin Valencia
 
051309 Federal Interest And Social Security Metanomics Transcript
051309 Federal Interest And Social Security Metanomics Transcript051309 Federal Interest And Social Security Metanomics Transcript
051309 Federal Interest And Social Security Metanomics TranscriptRemedy Communications
 
Katherine Neal_Written Brief 1
Katherine Neal_Written Brief 1Katherine Neal_Written Brief 1
Katherine Neal_Written Brief 1Kate Neal
 
Metanomics: Federal Interest in Virtual Worlds and Cybersecurity
Metanomics: Federal Interest in Virtual Worlds and CybersecurityMetanomics: Federal Interest in Virtual Worlds and Cybersecurity
Metanomics: Federal Interest in Virtual Worlds and CybersecurityDoug Thompson
 
Can cloud computing survive the NSA disclosures
Can cloud computing survive the NSA disclosuresCan cloud computing survive the NSA disclosures
Can cloud computing survive the NSA disclosuresJason Fernandes
 
Organised Crime in the Digital Age
Organised Crime in the Digital AgeOrganised Crime in the Digital Age
Organised Crime in the Digital AgeYogeshIJTSRD
 
2013 01-14
2013 01-142013 01-14
2013 01-14Cspri Administrator
 
Gibson final
Gibson finalGibson final
Gibson finalJennaHajhassan
 
Assarian- One Cool Topic Final Paper
Assarian- One Cool Topic Final PaperAssarian- One Cool Topic Final Paper
Assarian- One Cool Topic Final PaperMatthew Assarian
 
"Digital.Report+" - expert magazine for ICT policy professionals
"Digital.Report+" - expert magazine for ICT policy professionals"Digital.Report+" - expert magazine for ICT policy professionals
"Digital.Report+" - expert magazine for ICT policy professionalsVadim Dryganov
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
20150210usa-1
20150210usa-120150210usa-1
20150210usa-1Xiao Hong
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsDavid Sweigert
 
Crossing the Line: The Law of War and Cyber Engagement - A Symposium
Crossing the Line: The Law of War and Cyber Engagement - A SymposiumCrossing the Line: The Law of War and Cyber Engagement - A Symposium
Crossing the Line: The Law of War and Cyber Engagement - A SymposiumJonathan Meyer
 
Gmail Hacking in China
Gmail Hacking in ChinaGmail Hacking in China
Gmail Hacking in ChinaHGM1
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoJoão Rufino de Sales
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)naveen p
 
Iftf state sponsored_trolling_report
Iftf state sponsored_trolling_reportIftf state sponsored_trolling_report
Iftf state sponsored_trolling_reportarchiejones4
 
Can Artificial Intelligence Predict The Spread Of Online Hate Speech?
Can Artificial Intelligence Predict The Spread Of Online Hate Speech?Can Artificial Intelligence Predict The Spread Of Online Hate Speech?
Can Artificial Intelligence Predict The Spread Of Online Hate Speech?Bernard Marr
 
Data Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsData Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsBradley Buchanan
 
2600 v19 n2 (summer 2002)
2600 v19 n2 (summer 2002)2600 v19 n2 (summer 2002)
2600 v19 n2 (summer 2002)Felipe Prado
 
The removal of a russian app raises new concerns for apple and google
The removal of a russian app raises new concerns for apple and googleThe removal of a russian app raises new concerns for apple and google
The removal of a russian app raises new concerns for apple and googleaditi agarwal
 
Is data privacy a reality with the gdpr?
Is data privacy a reality with the gdpr?Is data privacy a reality with the gdpr?
Is data privacy a reality with the gdpr?Equaleyes Solutions Ltd.
 
SOPAandPIPA
SOPAandPIPASOPAandPIPA
SOPAandPIPAMichael Punzo
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...David Sweigert
 
Greetings and Introduction
Greetings and IntroductionGreetings and Introduction
Greetings and IntroductionAditya Hernawan
 
Trabajo Slideshare
Trabajo SlideshareTrabajo Slideshare
Trabajo Slideshareandherzhito
 

More Related Content

What's hot

Organised Crime in the Digital Age
Organised Crime in the Digital AgeOrganised Crime in the Digital Age
Organised Crime in the Digital AgeYogeshIJTSRD
 
Assarian- One Cool Topic Final Paper
Assarian- One Cool Topic Final PaperAssarian- One Cool Topic Final Paper
Assarian- One Cool Topic Final PaperMatthew Assarian
 
"Digital.Report+" - expert magazine for ICT policy professionals
"Digital.Report+" - expert magazine for ICT policy professionals"Digital.Report+" - expert magazine for ICT policy professionals
"Digital.Report+" - expert magazine for ICT policy professionalsVadim Dryganov
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
20150210usa-1
20150210usa-120150210usa-1
20150210usa-1Xiao Hong
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsDavid Sweigert
 
Crossing the Line: The Law of War and Cyber Engagement - A Symposium
Crossing the Line: The Law of War and Cyber Engagement - A SymposiumCrossing the Line: The Law of War and Cyber Engagement - A Symposium
Crossing the Line: The Law of War and Cyber Engagement - A SymposiumJonathan Meyer
 
Gmail Hacking in China
Gmail Hacking in ChinaGmail Hacking in China
Gmail Hacking in ChinaHGM1
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)naveen p
 
Iftf state sponsored_trolling_report
Iftf state sponsored_trolling_reportIftf state sponsored_trolling_report
Iftf state sponsored_trolling_reportarchiejones4
 
Can Artificial Intelligence Predict The Spread Of Online Hate Speech?
Can Artificial Intelligence Predict The Spread Of Online Hate Speech?Can Artificial Intelligence Predict The Spread Of Online Hate Speech?
Can Artificial Intelligence Predict The Spread Of Online Hate Speech?Bernard Marr
 
Data Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsData Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsBradley Buchanan
 
2600 v19 n2 (summer 2002)
2600 v19 n2 (summer 2002)2600 v19 n2 (summer 2002)
2600 v19 n2 (summer 2002)Felipe Prado
 
The removal of a russian app raises new concerns for apple and google
The removal of a russian app raises new concerns for apple and googleThe removal of a russian app raises new concerns for apple and google
The removal of a russian app raises new concerns for apple and googleaditi agarwal
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...David Sweigert
 

What's hot (20)

Organised Crime in the Digital Age
Organised Crime in the Digital AgeOrganised Crime in the Digital Age
Organised Crime in the Digital Age
 
2013 01-14
2013 01-142013 01-14
2013 01-14
 
Gibson final
Gibson finalGibson final
Gibson final
 
Assarian- One Cool Topic Final Paper
Assarian- One Cool Topic Final PaperAssarian- One Cool Topic Final Paper
Assarian- One Cool Topic Final Paper
 
"Digital.Report+" - expert magazine for ICT policy professionals
"Digital.Report+" - expert magazine for ICT policy professionals"Digital.Report+" - expert magazine for ICT policy professionals
"Digital.Report+" - expert magazine for ICT policy professionals
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of us
 
20150210usa-1
20150210usa-120150210usa-1
20150210usa-1
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
 
Crossing the Line: The Law of War and Cyber Engagement - A Symposium
Crossing the Line: The Law of War and Cyber Engagement - A SymposiumCrossing the Line: The Law of War and Cyber Engagement - A Symposium
Crossing the Line: The Law of War and Cyber Engagement - A Symposium
 
Gmail Hacking in China
Gmail Hacking in ChinaGmail Hacking in China
Gmail Hacking in China
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)
 
Iftf state sponsored_trolling_report
Iftf state sponsored_trolling_reportIftf state sponsored_trolling_report
Iftf state sponsored_trolling_report
 
Can Artificial Intelligence Predict The Spread Of Online Hate Speech?
Can Artificial Intelligence Predict The Spread Of Online Hate Speech?Can Artificial Intelligence Predict The Spread Of Online Hate Speech?
Can Artificial Intelligence Predict The Spread Of Online Hate Speech?
 
Data Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsData Mining: Privacy and Concerns
Data Mining: Privacy and Concerns
 
2600 v19 n2 (summer 2002)
2600 v19 n2 (summer 2002)2600 v19 n2 (summer 2002)
2600 v19 n2 (summer 2002)
 
The removal of a russian app raises new concerns for apple and google
The removal of a russian app raises new concerns for apple and googleThe removal of a russian app raises new concerns for apple and google
The removal of a russian app raises new concerns for apple and google
 
Is data privacy a reality with the gdpr?
Is data privacy a reality with the gdpr?Is data privacy a reality with the gdpr?
Is data privacy a reality with the gdpr?
 
SOPAandPIPA
SOPAandPIPASOPAandPIPA
SOPAandPIPA
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
 

Viewers also liked

Greetings and Introduction
Greetings and IntroductionGreetings and Introduction
Greetings and IntroductionAditya Hernawan
 
Trabajo Slideshare
Trabajo SlideshareTrabajo Slideshare
Trabajo Slideshareandherzhito
 
Local en rentabilidad en blanes burguer king
Local en rentabilidad en blanes burguer kingLocal en rentabilidad en blanes burguer king
Local en rentabilidad en blanes burguer kingSusana Cruz
 
Diretrizes de políticas da UNESCO para a aprendizagem móvel.
Diretrizes de políticas da UNESCO para a aprendizagem móvel.Diretrizes de políticas da UNESCO para a aprendizagem móvel.
Diretrizes de políticas da UNESCO para a aprendizagem móvel.AnaPaula Franklin de Magalhães
 
Schritt-für-Schritt Anleitung zur Nutzung eines Feedreaders
Schritt-für-Schritt Anleitung zur Nutzung eines FeedreadersSchritt-für-Schritt Anleitung zur Nutzung eines Feedreaders
Schritt-für-Schritt Anleitung zur Nutzung eines FeedreadersChristina Schwalbe
 
SK-KD Agama Islam SMPLB – D(Tuna Daksa)
SK-KD Agama Islam SMPLB – D(Tuna Daksa)SK-KD Agama Islam SMPLB – D(Tuna Daksa)
SK-KD Agama Islam SMPLB – D(Tuna Daksa)SMA Negeri 9 KERINCI
 
LCS Capability Statement_Website2
LCS Capability Statement_Website2LCS Capability Statement_Website2
LCS Capability Statement_Website2Grant Croghan
 
Design and development of grid tie inverter with closed loop spwm single stag...
Design and development of grid tie inverter with closed loop spwm single stag...Design and development of grid tie inverter with closed loop spwm single stag...
Design and development of grid tie inverter with closed loop spwm single stag...eSAT Journals
 
Infor cloud suite industrial machinery, handbook, english 0216
Infor cloud suite industrial machinery, handbook, english 0216Infor cloud suite industrial machinery, handbook, english 0216
Infor cloud suite industrial machinery, handbook, english 0216Drake Brown
 
Lightning_Protection_LPI_Stormaster
Lightning_Protection_LPI_StormasterLightning_Protection_LPI_Stormaster
Lightning_Protection_LPI_StormasterAllied Power APS
 
Daftar alat peraga sd dak tahun 2015 asaka prima
Daftar alat peraga sd dak tahun 2015 asaka primaDaftar alat peraga sd dak tahun 2015 asaka prima
Daftar alat peraga sd dak tahun 2015 asaka primaRedis Manik
 

Viewers also liked (15)

Greetings and Introduction
Greetings and IntroductionGreetings and Introduction
Greetings and Introduction
 
Trabajo Slideshare
Trabajo SlideshareTrabajo Slideshare
Trabajo Slideshare
 
Quiz Show
Quiz ShowQuiz Show
Quiz Show
 
HJ Consumer
HJ ConsumerHJ Consumer
HJ Consumer
 
Local en rentabilidad en blanes burguer king
Local en rentabilidad en blanes burguer kingLocal en rentabilidad en blanes burguer king
Local en rentabilidad en blanes burguer king
 
Diretrizes de políticas da UNESCO para a aprendizagem móvel.
Diretrizes de políticas da UNESCO para a aprendizagem móvel.Diretrizes de políticas da UNESCO para a aprendizagem móvel.
Diretrizes de políticas da UNESCO para a aprendizagem móvel.
 
Act 8. tallerpractico10 lina maria londoño
Act 8. tallerpractico10 lina maria londoñoAct 8. tallerpractico10 lina maria londoño
Act 8. tallerpractico10 lina maria londoño
 
Schritt-für-Schritt Anleitung zur Nutzung eines Feedreaders
Schritt-für-Schritt Anleitung zur Nutzung eines FeedreadersSchritt-für-Schritt Anleitung zur Nutzung eines Feedreaders
Schritt-für-Schritt Anleitung zur Nutzung eines Feedreaders
 
SK-KD Agama Islam SMPLB – D(Tuna Daksa)
SK-KD Agama Islam SMPLB – D(Tuna Daksa)SK-KD Agama Islam SMPLB – D(Tuna Daksa)
SK-KD Agama Islam SMPLB – D(Tuna Daksa)
 
LCS Capability Statement_Website2
LCS Capability Statement_Website2LCS Capability Statement_Website2
LCS Capability Statement_Website2
 
Design and development of grid tie inverter with closed loop spwm single stag...
Design and development of grid tie inverter with closed loop spwm single stag...Design and development of grid tie inverter with closed loop spwm single stag...
Design and development of grid tie inverter with closed loop spwm single stag...
 
Infor cloud suite industrial machinery, handbook, english 0216
Infor cloud suite industrial machinery, handbook, english 0216Infor cloud suite industrial machinery, handbook, english 0216
Infor cloud suite industrial machinery, handbook, english 0216
 
Lightning_Protection_LPI_Stormaster
Lightning_Protection_LPI_StormasterLightning_Protection_LPI_Stormaster
Lightning_Protection_LPI_Stormaster
 
Daftar alat peraga sd dak tahun 2015 asaka prima
Daftar alat peraga sd dak tahun 2015 asaka primaDaftar alat peraga sd dak tahun 2015 asaka prima
Daftar alat peraga sd dak tahun 2015 asaka prima
 
Mds&mds mpn
Mds&mds mpnMds&mds mpn
Mds&mds mpn
 

Similar to Cyber Legislation

Bashar H. Malkawi, The Forum on National Security Law
Bashar H. Malkawi, The Forum on National Security LawBashar H. Malkawi, The Forum on National Security Law
Bashar H. Malkawi, The Forum on National Security LawBashar H. Malkawi
 
Cyber Warfare: Can business trust the government to protect them?
Cyber Warfare: Can business trust the government to protect them?Cyber Warfare: Can business trust the government to protect them?
Cyber Warfare: Can business trust the government to protect them?Jason Fernandes
 
ECON 202 Written AssignmentDue April 28th Submitted through Blac
ECON 202 Written AssignmentDue April 28th Submitted through BlacECON 202 Written AssignmentDue April 28th Submitted through Blac
ECON 202 Written AssignmentDue April 28th Submitted through BlacEvonCanales257
 
Conflicts Affecting Economic Trade Between the UnitedSta.docx
Conflicts Affecting Economic Trade Between the UnitedSta.docxConflicts Affecting Economic Trade Between the UnitedSta.docx
Conflicts Affecting Economic Trade Between the UnitedSta.docxmaxinesmith73660
 
A View Of Cyberterrorism Five Years Later
A View Of Cyberterrorism Five Years LaterA View Of Cyberterrorism Five Years Later
A View Of Cyberterrorism Five Years LaterJulie Davis
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalLeslie Lee
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
Securing our libertyCommonweal. 140.12 (July 12, 2013) p5.Cop.docx
Securing our libertyCommonweal. 140.12 (July 12, 2013) p5.Cop.docxSecuring our libertyCommonweal. 140.12 (July 12, 2013) p5.Cop.docx
Securing our libertyCommonweal. 140.12 (July 12, 2013) p5.Cop.docxbagotjesusa
 
Looking Ahead Why 2019 Will Be The year of Cyberwarfare
Looking Ahead Why 2019 Will Be The year of CyberwarfareLooking Ahead Why 2019 Will Be The year of Cyberwarfare
Looking Ahead Why 2019 Will Be The year of CyberwarfareSecuricon
 
HacktivismPaper.docx
HacktivismPaper.docxHacktivismPaper.docx
HacktivismPaper.docxDesarae Veit
 
Why Are We Being Watched?
Why Are We Being Watched?Why Are We Being Watched?
Why Are We Being Watched?Crystal Miller
 
Corporate LawYou, your brother, your sister, and your best fri
Corporate LawYou, your brother, your sister, and your best friCorporate LawYou, your brother, your sister, and your best fri
Corporate LawYou, your brother, your sister, and your best friAlleneMcclendon878
 

Similar to Cyber Legislation (15)

Bashar H. Malkawi, The Forum on National Security Law
Bashar H. Malkawi, The Forum on National Security LawBashar H. Malkawi, The Forum on National Security Law
Bashar H. Malkawi, The Forum on National Security Law
 
Tema 5.cybersecurity
Tema 5.cybersecurityTema 5.cybersecurity
Tema 5.cybersecurity
 
Cyber Warfare: Can business trust the government to protect them?
Cyber Warfare: Can business trust the government to protect them?Cyber Warfare: Can business trust the government to protect them?
Cyber Warfare: Can business trust the government to protect them?
 
ECON 202 Written AssignmentDue April 28th Submitted through Blac
ECON 202 Written AssignmentDue April 28th Submitted through BlacECON 202 Written AssignmentDue April 28th Submitted through Blac
ECON 202 Written AssignmentDue April 28th Submitted through Blac
 
Conflicts Affecting Economic Trade Between the UnitedSta.docx
Conflicts Affecting Economic Trade Between the UnitedSta.docxConflicts Affecting Economic Trade Between the UnitedSta.docx
Conflicts Affecting Economic Trade Between the UnitedSta.docx
 
A View Of Cyberterrorism Five Years Later
A View Of Cyberterrorism Five Years LaterA View Of Cyberterrorism Five Years Later
A View Of Cyberterrorism Five Years Later
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam Segal
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
 
Securing our libertyCommonweal. 140.12 (July 12, 2013) p5.Cop.docx
Securing our libertyCommonweal. 140.12 (July 12, 2013) p5.Cop.docxSecuring our libertyCommonweal. 140.12 (July 12, 2013) p5.Cop.docx
Securing our libertyCommonweal. 140.12 (July 12, 2013) p5.Cop.docx
 
Looking Ahead Why 2019 Will Be The year of Cyberwarfare
Looking Ahead Why 2019 Will Be The year of CyberwarfareLooking Ahead Why 2019 Will Be The year of Cyberwarfare
Looking Ahead Why 2019 Will Be The year of Cyberwarfare
 
HacktivismPaper.docx
HacktivismPaper.docxHacktivismPaper.docx
HacktivismPaper.docx
 
Why Are We Being Watched?
Why Are We Being Watched?Why Are We Being Watched?
Why Are We Being Watched?
 
IT_Cutter_Publication
IT_Cutter_PublicationIT_Cutter_Publication
IT_Cutter_Publication
 
Corporate LawYou, your brother, your sister, and your best fri
Corporate LawYou, your brother, your sister, and your best friCorporate LawYou, your brother, your sister, and your best fri
Corporate LawYou, your brother, your sister, and your best fri
 
Terrorist Cyber Attacks
Terrorist Cyber AttacksTerrorist Cyber Attacks
Terrorist Cyber Attacks
 

Cyber Legislation

  • 1. Legislating for Hacks Matthew Assarian 27 April 2015
  • 2. Abstract: Cyber crime and cyber terrorism are of great concern domestically and internationally. The United States, however, has been slow to adopt legislation regarding the rights and responsibilities of protecting the country’s data. Rather than develop an overarching framework or become signatory to international accordsdesignedtodeal withwhatisultimately a transnational threat, law makers in the US have beenreluctantuntil veryrecently,withinthe lastfew years,to make a concentrated legislative effort.Anypreviousworkdone on the issue was primarily concerned with publically held institutions, such as the Army or national infrastructure, largely for national security reasons. A critical gap has remained and that has been first, how exactly the relationship is defined when public and private interests meet, and then finally what is required legally of private institutions to protect their data. There is a renewed effort on the part of the US congress to address these issues, and it appears to be spearheadedbycorporations and private industry. However, this is in direct contrast to their previous strategyof obstinacy,attemptingtoscuttle anyattemptsatsubstantive legislationfor fear that it would be an “undue burden” and “stifle innovation”. This new tactic of appearing to be civically engaged is a cynical ployto insinuate themselvesintothe legislative process.Rather than being a case of law makers consulting experts, paid lobbyists are shaping legislation. The resulting law shifts the burden of protection of private data from the corporate to the public sphere, affording corporations with the benefits but none of the associated risk. Introduction: Ever since that day, nothing has been the same. Who can forget where they were on November 24, 2014 when they heard the news; Seth Rogen/ James Franco vehicle “The Interview” wouldn’t be coming out. According to media outlets, the terrorists had won. At least that was the case being made by the likes of David Auerbach and Slate magazine in their op-ed piece, “The Sony Hackers Are Terrorists”. Auerbach made the case that while other companies had experienced breaches and lost data, it was the first time an American company had been assaulted by hackers who wanted to send a message to Sony. The effects were devastating according to one insider: SonyPictures’networksubsequentlywentdown for twodays,forcingemployeestouse personal e-mail
  • 3. accounts,work fromhome,andin some cases, resortto paperand pencil todo theirwork...“It’s justbusinessas usual,if the yearwas 2002,” one SonyTV stafferwrote to me in a Facebookmessage.“[There are] lotsof PAshaving to run jump-drivesbackandforthall overthe place,and handdeliveringhardcopiesof filesandscripts. (Auerback 2015) Truly horrific. That Sony was able to recover from the attack is a testament to the resilience of Sony management. To be fair, Sony did not pull “The Interview” from theaters because of a DoS attack on their system, but rather because at some point after the initial breach was discovered, The Guardians of Peace (the group responsible for the attack which was itself most likely a front for North Korean-elements) promised 9/11 style attacks on theaters should they show the film(Auerback 2015). It was only when theater chains themselves refused to play the picture that Sony pulled the plug, thereafter being somewhat unjustly accused of capitulation by critics who rushed to judgement before learning that a legitimate terror threat had been made. Hyperbole seems to be the trend in the post 9/11 world, where the line between what constitutes actual terrorism and what constitutes a simple crime has become indistinct to the point of non-existence. Conflating cybercrime with cyber terrorism has become a popular rhetorical tool among politicians who, in the same breadth, mention attacks on the US food supply and its financial institutions, as if they are one in the same. An op-ed for the Huffington Post, written by former North Dakota Senator Byran Dorgan is a prime example of such a trend. The Democratic Senator opened up the article about “cyber terrorism” by discussing the infection of computers belonging to Aramco, a Saudi Arabian oil company, by possible Iranian “terrorists” (Dorgan 2013). His second example was about hackers commandeering the Associated Press’s Twitter account and erroneously reporting an explosion at the White House. He made sure to mention the resulting stock market plunge of 143 points. Subsequently, he switches back to the word “terrorist”, saying that “cyber terror is now the new language of war that we barely understand” (Dorgan 2013). He goes on to say that across the country “the
  • 4. government and private corporations” are working to protect us against cyberattacks (Dorgan 2013). Not only does Dorgan confuse the term hacker and terrorist, he says we are protected by the government, as well as corporations. It is possible he could mean private contractors working in some sort of Federal agency, but the overwhelming sentiment is that he sees no difference between a limited attack on a single corporate entity and full blown assault on the national infrastructure. Martin Libicki, a senior management scientist for the RAND corporation, doesn’t see it that way. “The difference between a costly annoyance,” Libicki writes “and terror affected” (Libicki 2015). Because hacks like those that happened to Sony lack the ability to create a “visceral sense of fear”, they cannot be called terrorism (Libicki 2015). That’s not to say that American businesses are not tempting targets and aren’t in danger from, and should be secured against, cybercrime, but unless criminals can precipitate an economy-wide crash on the scale of the 2008 financial crisis, the idea of crimes against hedge funds being equivalent to attacks on the country’s water supply is inaccurate and inappropriate. So why is this relevant to a discussion about cyber security legislation? It’s important because it provides the rhetorical framework for understanding the success of the current push for cyber legislation. Without it, the reasoning behind such legislative momentum is nigh incomprehensible. This paper asserts that because of the urgency lent to the issue by the conflagration of cybercrime and cyber terrorism, businesses are able to position themselves in such a way that preserving their individual interests appears to be in the overall national interest, and so they are given deference in the legislative process, shaping possible future laws to their benefit. This is bad for the average citizen however, because it does little to protect the rights of the individual, while conferring protections on corporations at public expense. Literature Review: The literature review for this paper involved a wide swath of topics. Although none of the existing literature directly examines the idea of the current Congressional action as being anomalous in the history of such legislation nor the idea of it as resulting from corporate lobbying, there were many separate sources that looked at each issue separately. I, however, chose to look at them in the larger context, not in a vacuum.
  • 5. Collusion between Government and Business The literature covering the general topic of government being used as an instrument of corporations is long and storied. Obviously the biggest influence in that capacity would be Karl Marx, but he hardly has a monopoly on the subject. “War is a Racket” was written by Smedley Butler in 1912 and reveals how, in his capacity as military commander, he was instrumental in securing interests of the Dole Fruit company in South America. For more up-to-date information, I looked to the several sources, one being Journal of National Security Law and Policy, in particular an article by Suzanne Landau, “Under the Radar: The NSA Efforts to Provide Secure Private-Sector Communications Infrastructure”. Landau outlines the history of the NSA since its inception in the late 1940’s, early 1950’s, where it often would, at the very least, examine the communication infrastructure of private companies. This was often done in order to provide them with an advantage in competing in international markets (Landau 2012). Although that was not part of the NSA’s mandate, it was an early example of the government using national resources for private benefit. A paper by Dr. Bajaj Komlesh, an official in the Indian government, provided key insight into the US’s history of providing its companies with a comparative advantage in the international market by using resources earmarked for defense. It’s something he argues has only increased under the auspices of “counter-terrorism” (Baja 2012). This would include, but was not limited to, electronic eavesdropping, wiretapping and network intrusion. Such methods are, according the Bajaj, widely used by the US, especially against the Chinese. The Chinese view this as economic provocation because it allows the US and its allies to bargain from a position of strength in international economic negotiations (Bajaj 2012). Lobbying in the United States Lobbying is not an activity unique to the US, the EU has an entire building designated for lobbyists, but the US is known for an aggressive type of lobbying. In particular, the US is known for a “revolving door” where a government employee leaves work on Friday and on Monday starts her new job as a lobbyist. This has obviously taken on much more significance since the Citizens United Supreme Court decision but even traditional lobbying, outside of elections, has experienced a boon, as regards to cybersecurity. According to information and articles from sources as diverse as Reuters News Agency to Progressive think tanks, the amount of lobbying in Washington DC for cyber legislation has tripled since 2012. The New York Times puts the figure at $134 million as of 2014 (Dusel 2014) and that sum is likely to grow. These sources,
  • 6. while informative, were a little light on analysis and as such, the information provided was somewhat scattershot. Locating it proved to be one of the biggest challenges of this paper. PR Material There was a substantial amount of material generated during the lobbying efforts, from several view points. The most prolific however, tended to be either business interests or trade groups, although they were sporadic government agencies and Civil Rights groups created promotional literature as well. The group that produced the most material, by far, was the US Chamber of Commerce and their publication “Free Enterprise”. It seems scarcely a week went by without some sort of op-ed or press release coming from Chamber of Commerce. In a piece that would eventually go on to be published in “The Hill” a major Washington DC organ, the Chamber defined their position as being fiercely anti-regulatory, but amendable to cooperation between private industry and government (Joston 2012). Another major group was the Business Software Alliance. This was a collection of companies including Microsoft and McKafee which were very vocal in their support of certain pieces of legislation. They were particularly rabid when it came to the topic of copyright infringement and piracy. In a somewhat misguided campaign, at one point the BSA was encouraging employees to rat on their employers with the “Bust Your Boss” initiative, where the organization would pay “whistleblowers” for alerting them to any possible illegal software use in their office (Gaskin 2009). There have been similarly acronymed trade groups, like the Internet Security Alliance (ISA) but they are relative youngsters compared to the BSA, which has been around since 1988. Taken separately, these resources were interesting yet inchoate, not yet coalescing into a bigger picture. There was the historical framework for business-government interaction, but it had yet to incorporate the newly created frontiers of the digital world. There was information about which group donated to which cause, but not how it fit into an overall strategy. This paper strives to take the above mentioned sources and synthesize them into something new. Argument:
  • 7. Like most things in the United States, cyber legislation is being driven less by common sense than by dollars and cents. The current push for legislation, although seemingly spearheaded by companies, is in direct contrast to their previous strategy of obstinacy, and is in fact a cynical ploy to appear civically engaged all the while crafting laws which benefit them, sometimes at the expense of citizens. It is the intention of this paper to demonstrate that the ultimately goal of those corporations lobbying Congress is to shift the burden of data protection onto the government, while shielding themselves from liability. Discussion: Although the specifics of each piece of cyber legislation differ, the pattern of those opposed and those in favor, who wants what and how they are willing to settle rarely change, the only shifting constant is in the ratios. When Civil Rights activists likes something, the security hawks feel they are losing out. When the security hawks have something they are happy with, the Civil Rights activists have strong reservations. When the Civil Rights activists and the security hawks are happy, the telecommunications industry refuses what they see as a regulatory burden and lobby to have the whole thing shut down. It’s dull and predictable but that has been the primary road map to Congressional gridlock. So what’s changed? Why is there now a push for legislation? Partially, the momentum is the result of a spate of high-profile security breaches at retailers such as Target and Home Depot and healthcare providers such as Anthem. There is the view that now is the time to act (Maza 2015). The industry knows it has a security problem. Former Carter administration official Amitai Etzioni, says that although corporations have been opposing efforts to create a cyber- regulatory structure, they have also been neglecting the role of cybersecurity, viewing it as superfluous. In fact, many executives regard the idea of cybersecurity itself as within the existing purview of its IT departments and not necessarily worth the expense (Etzioni 2011) which if they fully implemented adequate security protocols would be substantial. Many
  • 8. businesses also view the idea of Federally mandated cyber security measures as something the government, rather than the companies themselves, should foot the bill for (Etzioni 2011). So we have an industry unwilling to spend the money to defend itself but acutely aware of what happened to the likes of Target and Sony. Needless to say approaching the government for help would look… awkward. Companies are continuing to try other ways around beefing up security, such as with CyberSecurity Breach insurance. This is mostly seen as a way for smaller companies without the resources of the bigger corporations to protect themselves from the potentially ruinous effects of a data breach. So far the cyber insurance industry has grown into a $2.1 billion behemoth. It suffers from its own forms of unwieldiness, mostly because the legal structure and what companies are required to protect and disclose, etc. is somewhat codified in laws like the Graham Bleachly Act, but is in no way uniform (NPR 2015). In many ways, smaller companies may be helped by an over-arching regulatory structure but they are butting up against decades of anti-oversight thought, propagated largely by groups like the Business Software Alliance and the US Chamber of Commerce. For example, there were attempts during the George W. Bush administration to create some sort of regulatory framework by Richard Clark: Duringhistenure at the White House,Clarke attemptedto institute anambitiousregulatoryregime,buthe sayshis planwas largelyblockedbyanti-regulationforceswithin the administrationof George W.Bush.StewartA.Baker, whoservedasthe firstassistantsecretaryof homeland securityforpolicyat the time,writesthatthe proposed strategy“sidleduptowardnew mandatesforindustry,” wouldhave requiredformationof asecurityresearchfund that woulddrawon contributionsfromtechnology companies,andwouldhave increasedpressureonInternet companiestoprovide securitytechnologywiththeir products.These requirementswere viewedastooonerous
  • 9. for businesses,Bakernotes,bymanywithinthe administration,andultimately“anythingthatcouldoffend industry,anythingthathintedatgovernmentmandates, was strippedout.”(Etzioni 2011). So with the increased lobbying and more conciliatory approach being taken by the US Chamber of Commerce, what’s changed? In large part, the answer is the man who occupied The White House. While Bush almost completely ignored the issue (Etzioni 2011), Obama has been much more pro-active in trying to set up something to protect the nation’s infrastructure, which as was previously mentioned in the introduction, now seemed to include economic and financial components. Obama has been cautious in his attempts to woo corporations and made it a point to say in 2009 that “[m]y administration will not dictate security standards to private companies.” (Etzioni 2011). It was in this more “conciliatory” atmosphere that lobbying began in earnest in the Capital. Companies like Google, Ratheon and Boeing all have spent billions trying to sway members of Congress. The US Chamber of Commerce started a campaign in 2012, advocating for a “voluntary cooperation” regime, culminating in a joint paper with the National Institute of Standards and Technology (NIST). The solutions advocated by the Chamber are largely “market based” (Beachanue 2014) and encourage, but not require communication between companies about cyber threats. In addition to its work with the NIST, the Chamber of Commerce worked with John McCain and five other Senators to create the SECURE IT bill, which was meant to challenge another cyber legislation bill proposed by Joe Lieberman and Susan Collins (Vigiyan 2012) which they felt was placed too many restrictions on private industry. Other than issuing an Executive Order in 2013 directing the government to develop voluntary cyber standards for privately-held assets considered critical to national security, and to increase sharing of cyber attack information with companies (Salant 2013), the White House finds itself at an impasse. Although corporations are now advocating for solutions to the cyber security problem where before they simply stalled, their lobbying efforts continue to focus on a few areas deemed non-negotiable. The overall corporate wish-list includes no regulatory apparatus, which the Obama administration has largely assented to, but the lobbyist insist that there will be no information sharing without assurances of freedom from liability and negligence (Salant 2013).
  • 10. Conclusion: As of February, 2015 Obama is still stumping for some sort of compromise on the cyber legislative agenda. At the Summit on Cybersecurity and Consumer Protection hosted by Stanford University a weary Obama made yet another plea, "It’s one of the great paradoxes of our time that the very technologies that empower us to do great good can also be used to undermine us and inflict great harm," Mr. Obama said, addressing the summit (Maza 15). It’s easy to picture him sighing. Through a confluence of language, equating cybercrime with cyber terrorism and financial instruments with the national security infrastructure, there has been a great flip in the script. Sensing a White House willing to compromise, businesses feel they can lobby for a regulatory regime that wasn’t, instead looking for voluntary compliance. Despite James Lewis, a cyber-security expert at the Center for Strategic & International Studies, flatly conclude[ing] that “the market has failed to secure cyberspace. A ten-year experiment in faith- based cyber security has proven this beyond question.” (Etzioni 2011) corporations persist in the idea. Honestly, who could blame them? With the NSA conducting corporate espionage on their behalf, and the possibility that they might be immunized to prosecution for liability and negligence if they are able to get their agenda passed, why would corporations want to spend a red cent on cybersecurity? Of course there is the idea that consumers won’t be protected and citizens’ civil rights might be trampled, but a good PR department can right any sinking ship. Especially when they don’t have to spend money on the lawyers they would normally need to defend themselves from compliance violations and class action lawsuits.
  • 11. Bibliography Auerbach, David “The Sony Hackers are Terrorists.” 17 December 2014. Slate.com. http://www.slate.com/articles/technology/bitwise/2014/12/sony_pictures_hack_why_its_perp etrators_should_be_called_cyberterrorists.html Bajaj, Kamlesh “Industrial Espionage and Counter-Terrorism: Two Sides of the Same Coin.” 9 July 2014. China-US Focus. http://www.chinausfocus.com/peace-security/industrial- espionage-and-counterterrorism-surveillance-two-sides-of-the-same-coin/ Beauchesne, Ann “U.S. Chamber of Commerce Launches National Cybersecurity “Roundtables” Series in Chicago” 2 June 2014. US Chamber of Commerce. https://www.uschamber.com/us-chamber-commerce-launches-national-cybersecurity- roundtables-series-chicago Dorgan, Byron “Cyber Terror is the New Language of War” 17 July 2013. HuffingtonPost. http://www.huffingtonpost.com/sen-byron-dorgan/cyber-terror-is-the-new-l_b_3612888.html Etzioni, Amitai “Private Sector Neglects Cyber Security” 29 November 2011. The National Interest. http://nationalinterest.org/commentary/private-sector-neglects-cyber- security-6196 Gaskin, James “Business Software Alliance Dirty Trick Update” 14 October 2009. Networkworld.com. http://www.networkworld.com/article/2251718/smb/business-software- alliance-dirty-tricks-update.html Goetz, Kaomi “Companies Worried About Hackers Turn to Cyber Insurance” 19 March 2015. NPR. http://www.npr.org/2015/03/19/393865187/companies-worried-about-hackers- turn-to-cyber-insurance
  • 12. Landau, Susan “Under the Radar: NSA Efforts to Secure Private-Sector Communication Infrastructure” 29 September 2014. Journal of National Security Law and Policy Volume 7 Issue 2. http://jnslp.com/wp-content/uploads/2015/03/NSA%E2%80%99s-Efforts-to-Secure-Private- Sector-Telecommunications-Infrastructure_2.pdf Libicki, Martin “Cyberattacks are a Nuisance, Not Terrorism” 8 February 2015. Newsweek.com http://www.newsweek.com/cyber-attacks-are-nuisance-not-terrorism-305062 Marcus, Steve “Telecoms Prevail in Arguing Against Cybersecurity Recommendations” 19 March 2013. Reuters.com. http://www.reuters.com/article/2013/03/19/us-usa- cybersecurity-fcc-idUSBRE92I03420130319 Maza, Cristina “Will the Government and Private Industry be Able to Cooperate?” 3 February 2105. Christian Science Monitor. http://www.csmonitor.com/USA/USA- Update/2015/0213/Cybersecurity-summit-Will-government-businesses-cooperate-more Salant, Jonathan “Lobbying is Big Business in the Capital” 21 March 2013. Bloomberg Business. http://www.bloomberg.com/news/articles/2013-03-21/cybersecurity-lobby-surges- as-congress-considers-new-laws Vijayan, Jakumar “No BiPartisan Fight in Bill Debate” 5 March 2012. Computer World. http://www.computerworld.com/article/2505963/cyberwarfare/no-partisan-fight-over- cybersecurity-bill--gop-senator-says.html