Crossroads Blog | CYBER SECURITY LAW AND POLICY

Cyber Exploitation, Legislation

Cyber Roundup (4/27): CISPA (dead?), DARPA’s cyberweapon framework, court prohibits gov hackback, and more . . .

Here’s a quick survey of recent cybernews . . .

***

I’m really interested in this, so I’ve got to give it top billing.

Paul Rosenzweig wrote for Lawfare on how a Magistrate Judge denied “a government application for a search warrant in which the government proposed to install surreptitious software on the target computer (putatively owned and operated by the criminal suspect).”  Mr. Rosenzweig’s last thought made me smile:

So here’s an interesting and ironic thought  — maybe one of the reasons we need to authorize private sector hack back is because the Federal government can’t do it!

 

Orin Kerr picked up the same story for The Volokh Conspiracy, framing the issue as a question over “the legal standards for the government to search a hacker’s remote computer to determine the hacker’s identity and location.”  The article is rather lengthy and quite good, so rather than summarize it I’ll just direct you there.  Here’s the opinion, by the way.

***

Via a US News article written by Jason Koebler, the ACLU is claiming CISPA is dead because the Senate has decided to shelve the bill and draft separate legislation.  The article quoted a committee rep:

“We’re not taking [CISPA] up,” the committee representative says. “Staff and senators are divvying up the issues and the key provisions everyone agrees would need to be handled if we’re going to strengthen cybersecurity. They’ll be drafting separate bills.”

So we won’t get CISPA, but we’ll probably get an unsatisfying/weak bill that pisses the ACLU and EFF off just the same?  As The Atlantic’s Adam Clark Estes says, “CISPA Is Dead, Long Live CISPA.”

Oh, and according to The Hill’s Jennifer Martinez, Anonymous (or people calling themselves Anonymous, who really knows) threatened Rep. Ruppersberger and everyone else who worked on CISPA for their support of CISPA.

Along similar lines, Ellen Nakashima wrote for The Washington Post on how the “White House has backed away from its push for mandatory cybersecurity standards in favor of an approach that would combine voluntary measures with incentives for companies to comply with them.”

It’s hard not to get really cynical about the death of CISPA and the threats this country faces.  I still see parallels between cybersecurity legislation and the pre 9/11 Wall.

***

Via a Wall Street Journal article by Paul Mozur and Josh Chin, Mandiant reports that “there has been no change in the large number of Chinese attacks on U.S. companies it has observed” since the release of Mandiant’s bombshell report.  However, there has been one notable change:

The only change, [Richard Bejtlich, Mandiant’s CSO] said, has been a noticeable drop in cyber attacks from Unit 61398, a group within the People’s Liberation Army that Mandiant has accused of attempting to hack nearly 150 victims over seven years. In the report, Mandiant said the group’s facilities were located in Shanghai’s Pudong district.

And it fills me with great pleasure to relay the Chinese government’s reaction to the recent Verizon report: “groundless accusations of any country are unprofessional and irresponsible.”

I could write these reactions by now.

***

Nextgov’s Adam Pasick reports that Huawei can’t take it anymore and is bailing on the U.S. 

***

Finally, Matthew Cox wrote for DoD Buzz on DARPA’s new framework for developing cyber weapons.  According to the director of DARPA, “[DARPA is] building a future in which our warfighers can use cyber tools as tactical weapons that are fully integrated in the kinetic fight.”

Leave a Reply