- First YouTube comment to hit 1 million likes is on Billie Eilish’s ‘bad guy’ music video 5 Years Ago
- Girl says she was fired over exposing how Panera makes its mac and cheese on TikTok Today 11:34 AM
- David Harbour teased fans about Hopper’s ‘Stranger Things’ fate on ‘SNL’ Today 10:24 AM
- Kacey Musgraves accused of cultural appropriation–and botching it Today 9:19 AM
- Rihanna defends Vogue writer who received backlash for ‘winging’ interview Today 8:36 AM
- Here are the best PC games to add to your list Today 8:20 AM
- How to stream ‘Power’ season 6, episode 8 Today 6:00 AM
- How to stream Steelers vs. Chargers on Sunday Night Football Saturday 7:20 PM
- Popular TikTok teens accused of pretending to be gay for clout Saturday 6:38 PM
- Scott Walker’s ‘$26 haircut’ dig at Alexandria Ocasio-Cortez backfires Saturday 4:46 PM
- Halle synagogue shooter allegedly posted manifesto on anime message board Saturday 4:06 PM
- How to stream Cowboys vs. Jets in NFL Week 6 Saturday 3:25 PM
- How to stream Rams vs. 49ers in NFL Week 6 action Saturday 3:05 PM
- Kamala Harris’ ‘lover’ says Jacob Wohl hired him off Craigslist Saturday 2:03 PM
- Korean hair salon dragged for turning straight hair into Afro-textured hair Saturday 1:00 PM
Obama reveals new cybersecurity plan
You can’t please everybody, but is Obama trying to please anybody at all?
Unsurprisingly, Internet freedom groups like it better than the Cyber Intelligence Sharing and Protection Act, but they still are far from happy with Obama’s proposal.
Obama’s proposal primarily focuses on two areas. First, he wants a way for private companies to legally share confidential information with the government when they’re under attack—theoretically the same issue CISPA addresses. Second, he’d change the scope and definition of the U.S.’s notorious hacking law, the Computer Fraud and Abuse Act (CFAA).
“Information sharing,” which really gained traction in the wake of 9/11, when reviews found federal agencies could have perhaps prevented the attacks if they’d done a better job pooling their intelligence, is a common cybersecurity proposal in D.C. Essentially, its proponents would make it easier for private companies who find themselves under attack to share what’s happening on their systems with the government—something that in other cases could be illegal.
While privacy advocates resoundingly reject CISPA for having few user privacy protections, they’re more mixed with Obama’s plan. The Center for Democracy and Technology praised elements of the White House proposal, saying in a statement that it “contains some privacy protections not present in [CISPA],” but the center worries it “relies heavily on privacy guidelines that are currently unwritten.”
The Electronic Frontier Foundation was even less forgiving. Largely critical of the very concept of information sharing as a means to increase national cybersecurity, its lawyers declared themselves “concerned that the Administration proposal will unintentionally legitimize the approach taken by [CISPA].” Instead, they argued, the White House should focus on existing, underutilized government resources like Information Sharing and Analysis Centers (ISACs) and the Department of Homeland Security’s Enhanced Cybersecurity Services.
The group more resoundingly criticized the second major part of Obama’s proposal. The CFAA is already rife with examples of instances of harsh penalization—look no further than Aaron Swartz, who committed suicide as he faced potential decades in prison for sharing academic journals from MIT. The White House would actually increase CFAA crimes, meaning two or more violations of it equals potential racketeering charges.
To be fair to the White House, it also calls for a reevaluation of what constitutes a computer crime, and this could theoretically bring about the long-delayed CFAA reform that digital rights advocates have been clamoring for. The proposal “modernizes the Computer Fraud and Abuse Act by ensuring that insignificant conduct does not fall within the scope of the statute,” it says, though it’s not clear what “insignifiant” would mean in the real world.
Of course, there’s always the question of whether any of this proposed legislation would actually solve the problems it’s supposed to. Speaking at the White House Tuesday, Obama referenced both the Sony hack and a recent defacement of the U.S. Central Command’s Twitter account. “It just goes to show how much more work we need to do,” he said, “to strengthen our cybersecurity.”
It’s clear that this proposal does that.
“[I] haven’t seen one provision that would have helped against Sony attack,” tweeted Kurt Opsahl, EFF’s deputy general counsel. And the Central Command Twitter account hack, claimed by the hacker group CyberCaliphate, was apparently nothing more complicated than a phishing operation; it would have been prevented if the Pentagon’s social media team had just turned on two-factor authentication—a basic security step everyone should follow for cases just like this. Perhaps Opsahl put it best:
To be fair, it’s hard to legislate ‘don’t store your passwords in unencrypted files in a folder called passwords’
— Kurt Opsahl (@kurtopsahl) January 14, 2015
Photo via Abri_Beluga/Flickr (CC BY 2.0) | Remix by Fernando Alfonso III
A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.