There’s much alarm in the security community over new anti-hacking laws President Obama plans to float in his State of the Union address next week.
The alarm is justified. What he proposes, as my friend Rob Graham (@ErrataRob) wrote in this important post, “are blunt political solutions which reflect no technical understanding of the problem.”
Obama’s proposed anti-hacking laws are designed to arm companies with legal protections for sharing information with each other and the government about hacking threats. The President believes it’s necessary to help prevent attacks like the one Sony Pictures Entertainment suffered.
But just as the Patriot Act was a fear-laden response to 9-11 that eroded our civil liberties, Obama’s anti-hacking measures would be a fear-laden overreaction to the Sony attack.
Because of its broad language, many hackers worry their work could become illegal and that a lot of the things we discuss on social media could be used against us in the name of security.
Graham cuts to the core of the danger with these two paragraphs:
Internet innovation happens by trying things first then asking for permission later. Obama’s law will change that. For example, a search engine like Google downloads a copy of every website in order to create a search “indexâ€. This sort of thing is grandfathered in, but if “copying the entire website†were a new idea, it would be something made illegal by the new laws. Such copies knowingly get information that website owners don’t intend to make public. Similarly, had hacking laws been around in the 1980s, the founders of Apple might’ve still been in jail today, serving out long sentences for trafficking in illegal access devices.
The most important innovators this law would affect are the cybersecurity professionals that protect the Internet. If you cared about things such as “national security” and “cyberterrorism”, then this should be your biggest fear. Because of our knowledge, we do innocent things that look to outsiders like “hacking”. Protecting computers often means attacking them. The more you crack down on hackers, the more of a chilling effect you create in our profession. This creates an open-door for nation-state hackers and the real cybercriminals.
While all the worry is justified, we should remember that it’s in our power to educate the masses and stop this thing in its tracks.
Let’s go back exactly three years, when many of us were worried about the proposed Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA).
Those bills were supported by a majority of lawmakers in the U.S. House and Senate. It initially looked like a freight train speeding toward Congressional approval. But privacy rights advocates rose to the occasion and educated the public on the legislation’s broader consequences. Support for the measures crumbled.
SOPA isn’t dead. There are still efforts to keep it alive. But three years on, it is not the law of the land. Because we stopped it.
So it can be with this latest legislative overreaction.