On Wednesday, the president delivered a straight-talking, impassioned address detailing ambitious plans to improve and reform just about everything. In 378 words he explained how America's energy infrastructure needed to move towards more efficient and greener technologies. With 443 words he discussed the importance of a higher minimum wage and bringing technology-related manufacturing jobs back to the domestic labor market. 606 words explained new plans to improve secondary education with job preparation, STEM-focused curricula, and a new initiative to incentivize tuition reductions in higher education. Among all his new proposals, the mere 133 words on a new legislative push for enhanced "cyber-defenses" was probably the most vague, and the most disturbing. Under legislation like the PATRIOT Act, federal law enforcement wields disturbingly broad authority not only to survey, collect information on, and prosecute Americans, but also to share this information between agencies. Citing a "rapidly growing threat from cyber-attacks", the president hopes to push Congress for new laws to strengthen the national digital defenses, but is this power the federal government actually needs?
What Is And Isn't Legal
Current computer security law is set primarily by Title 18 U.S.C Sections 1029 & 1030 which outline computer crimes and, in part, sentencing for offenses. Section 1030 defines a "protected computer" as any computer used by a financial institution or government agency for the purposes of interstate commerce, foreign commerce, or communication. Any unauthorized access to, collection of, and damage or corruption to data on a protected computer is prohibited and constitutes a felony. Section 1029 deals with so called access devices (AD) and makes it illegal to:
- Produce, use, or sell counterfeit access devices
- Obtain anything of value with a counterfeit AD
- Have more than 15 in your possession
- Own equipment that allows you to produce your own AD
- Alter or modify "telecommunication equipment" to gain unauthorized acess to communication services
- Owning devices that can intercept a wire or other form of electronic communication.
- Using/owning hardware or software that modifies the identity of a telecom. device.
Here, access devices are any card, plate, code, account number, electronic serial number, mobile identification number, PIN number, or any other device that can be used to access accounts for anything of value.
In addition to Sections 1029 and 1030, the Cyber Security Enhancement (CSEA) and USA PATRIOT Acts play a role in federal information security law by laying the groundwork for anti-cyberterrorism legislation. The CSEA allows Internet Service Providers to disclose information about subscriber activities to government agencies, without a "reasonable belief" that there is an immediate danger of another's death or serious injury. Title VIII of the PATRIOT Act amends Section 1030 of Title 18 to include the "damage or gain unauthorized access to" language regarding protected computers, and expands punishable offenses to include disrupting medical practices, healthcare, and national security.