But the question remains, do federal law enforcement agencies really need greater leverage in the fight against hacktivists and cyberterrorists? In his address, the president made it clear that his administration believes so, but upon closer examination of computer security enforcement laws, his case becomes progressively less convincing.
It's More A Question Of What Can't They Do
While CSEA and the PATRIOT Act play a background role in defining computer crimes, they're the centerpiece of the federal government's exceptional enforcement capabilities. In conjuction with the Federal Information Security Management Act (FISMA), federal law enforcement has the ability to: survey and collect information on American citizens, share collected intelligence between agencies, and is required to perform regular audits on its secured networks. To explain how this all works, I'll start with the PATRIOT Act.
Title I of the Act called for the expansion of the U.S. Secret Service's National Electronic Crime Task Force (NECTF) charged with preventing, detecting, and investigating electronic crimes. "Electronic Crimes" applies not solely to hacking attempts on protected computers under Title 18 U.S.C. Sec. 1030, but also to potential acts of terrorism against national infrastructure and financial payment systems. Title V reinforces Title I by conferring the FBI's enforcement authority under Section 1030 to the Secret Service, and these are further supported by Title VII, which authorizes the Justice Department to create "secure information sharing systems" between federal, state, and local law enforcement.
Title II includes most of the provisions that allow federal agencies to conduct surveillance operations on American citizens. Under this title, law enforcement can: intercept internet communications, record telephone conversations without a wiretap warrant, collect identification information from electronic devices (i.e. MAC Addresses), access subscriber records from cable/internet service providers (ISP) and can preempt disclosure of the rationale behind a judge granting a warrant in a federal investigation of suspected terrorist activity. Title VIII of the Act authorizes the Attorney General to create regional computer forensic labs to examine intercepted computer evidence and facilitate more efficient information sharing between federal, state, and local authorities.
The CSEA opens the information gathering door even wider by amending the regulations around how often and to whom ISPs can release subscriber information. Under this act, an ISP doesn't need a "reasonable belief" to divulge either records of internet communications or the content of the communication itself. An ISP only needs to act in "good faith" instead of legitimate suspicions that there's an immediate danger. In addition, ISPs can release this information to any federal, state, or local "government entitiy" as opposed to a law enforcement agency.
Lastly, FISMA requires federal agencies and substations to regularly test their networks for vulnerabilities and perform risk assessments on successful breaches from outside attackers. Under this law, Certified Ethical Hackers and Licensed Penetration Testers can be employed to conduct penetration tests, develop, document, and implement agency-wide security programs, including inter-agency systems.
Article comments
1 - pablo
You might have mentioned Alexander that all of the legislation that you cited is unconstitutional on its face as per the fourth amendment. I am not surprised however that you omitted that trivial fact.
2 - Alexander J Smith III
The Constitutionality of the legislation wasn't the focus of the piece, though I do agree that much of the PATRIOT Act is in violation of several Constitutional Amendments.
3 - pablo
Well that's great Alexander. I just don't see the point in writing about legislation that is unlawful on its face, other than to point that out.
4 - Igor
IMO the point of discussing unlawful legislation is to try to rescind it. But that may be impossible, given the political proclivities.
Fortunately, an astute person can devise sufficient personal security with easily available tools.
5 - Alexander J Smith III
-Pablo,
Unfortunately for us, those laws are the law, and they won't be unlawful until we (and our court system) step up to challenge them. While they're still around we have to talk about the powers they grant, even if we don't agree that they should be there in the first place.
6 - pablo
Igor and Alexander,
Then the thrust of the discussion should be about their unlawfulness, which I did not see in your article Alexander.
I'm RACIST? for criticizing Obama.
TERRORIST because I'm not with Bush.
ANTISEMITIC for not supporting Rothschild Zionism.
TEABAGGER for supporting the Constitution.
TRUTH-ER for asking unanswered questions.
TRAITOR for whistle-blowing on my corrupt Government.
CONSPIRACY THEORIST for presenting documented facts.
TROLL for uploading news, videos, quotes and U.S.Atrocities.
7 - Dr Dreadful
Then the thrust of the discussion should be about their unlawfulness, which I did not see in your article Alexander.
Hmm.
So the sub-heading "What Is and Isn't Legal" didn't clue you in?
8 - Alexander J Smith III
-Dr. Dreadful
LOL. I mean that section was there just to spell out what the current laws say. I can understand where Pablo is coming from, but I felt that discussing why the current laws are overstepping, or unconstitutional would have been slightly off topic and could really use an entire piece to cover that.
9 - Dr Dreadful
Yes, Alexander, your article can indeed be the jumping-off point for a discussion on the illegality (or otherwise) of the legislation. But Pablo isn't interested in having a discussion. He has already decided that the laws are unconstitutional and will merely scoff at anything anybody says to the contrary. Hence my ironic comment.
10 - pablo
It is ok Dread I know you like to take a swipe at me anytime you get the chance.
11 - pablo
And Dread yes I will scoff at anyone who says the contrary regarding the Patriot Act, who claims that it does not violate the Constitution, as it clearly does, it is not debatable, however that probably will not stoop the esteemed Supreme Court from saying otherwise.
As to discussion, I spent several years on this site discussing the issues of the day, now I prefer sniping. And snipe away I will when I choose to Dread, and I know each and every time that I do, you will be there to point your finger at me. Enjoy. :)
12 - Dr Dreadful
Fair enough, Pablo, although as I said, if all you're interested in is sniping about the unlawfulness of the Patriot Act then you can't really complain that Alexander isn't discussing it.